Cyware Daily Threat Intelligence May 30, 2018

North Korean malware
A joint technical analysis conducted by DHS and FBI revealed 2 families of malware used by the North Korean government. The malware includes the Joanap RAT and the Brambul SMB worm. Malicious activities originating from these malware has been associated with Hidden Cobra of North Korea. The malware causes network intrusion and loss of sensitive data.

BackSwap Trojan
A new strain of banking malware, named BackSwap, has been discovered by security researchers. This malware steals cryptocurrency by replacing wallet address in clipboard. BackSwap uses malicious spam email campaigns and modified versions of legitimate applications (such as TPVCGateway, WinRAR Uninstaller, 7Zip or SQLMon) to propagate itself.

MnuBot Trojan
Security researchers from IBM X-Force have discovered a new variant of the Delphi malware, known as MnuBot. This trojan uses a Microsoft SQL server as its C&C server. Commands can be sent to the infected machine for execution by this server. Chrome 67
A new version, Chrome 67, has been rolled out by Google for Linux, macOS, and Windows. The new version includes features for improving AR and VR experiences, support for Generic Sensors API, and 34 security fixes. Users are advised to update their Chrome browser to 67.0.3396.62. Users can visit the Help > About Google Chrome to check if they have received it.

RCE vulnerability found in EOS
Security researchers have found a buffer out-of-bounds write vulnerability in EOS when parsing a WASM file. Hackers can leverage this vulnerability to cause a remote code execution in nodes process. A mitigation has been issued for this flaw. By renaming the assert so that it becomes a function which works in a live setting, the attack can be thwarted.

Cisco Firewall flaw
A critical firewall vulnerability was discovered, affecting Cisco. This flaw was discovered in the XML parser of Cisco Adaptive Security Appliance (ASA) and was rated 10 in the CVSS. Cisco reloaded the firewall software resulting in low memory condition and prevented any incoming VPN authentication requests. UVM Systems hit
Hackers have launched cyber attacks on UVM to exploit the University’s NetIDs and passwords. UVM asked all its faculty, students, and employees to change their NetID passwords immediately. Investigation revealed that no sensitive personal information has been stolen.

Supermarket customers' details hacked
If you are a customer of the supermarket chain Ritchies Supa IGA, then your personal details may have been accessed. As per security researchers, details of around 6000 customers were affected after a malicious code was embedded into the website, which caused users to be redirected to another website.

A $110 million bank heist stopped
Unusual activity at the Standard Chartered Plc account Bancomext has been discovered in early January. Bancomect is a Mexico’s state-owned trade bank. Security researchers suspected hacking attempts by North Korean hackers, who tried to steal more than $110 million. Fake GDPR emails
Hackers are leveraging EU's General Data Protection Regulation (GDPR) to launch phishing email scams. These phishing messages generally contain a malicious link aimed at stealing user credentials and sensitive financial information. Airbnb users were among the first hit by GDPR phishing campaigns.

Scammers target FIFA World Cup fans
FIFA World Cup fans searching for tickets and deals, beware! Scammers are leveraging the craze around FIFA to launch scams. Fake tickets, flights, and accommodation is being sold to Football fans traveling to the World Cup 2018 in Russia. Few scams are also holding fake contests that let the victims win a trip to Russia or get free tickets.