Go to listing page

Cyware Daily Threat Intelligence, November 20, 2020

Cyware Daily Threat Intelligence, November 20, 2020

Share Blog Post

Cybercriminals are getting creative with Google services. In latest research, experts have uncovered that attackers are taking advantage of Google Forms, FireBase, Google Docs, and Google Sites to sneak past defensive tools and steal sensitive information.

A new attack method that turns smart home equipment against users has been uncovered by researchers. Termed as LidarPhone, the attack relies on the built-in LiDAR laser-based navigational component in the vacuum cleaner to snoop on users’ conversations and their private data.

Apart from these, there is also a major update on QBot’s malicious activity. The trojan has dropped ProLock ransomware and opted for Egregor ransomware as part of its latest attack campaigns.

Top Breaches Reported in the Last 24 Hours

Vulnerable Go SMS Pro exposes data
Go SMS Pro has exposed audio, video, and photo messages of millions of its users due to a flaw in its app. The issue exists in the functionality that allows users to send private media to other people even if they do not have the GO SMS Pro application installed on their devices. The app has over 100 million downloads to date.

Banks targeted
Researchers learned that both U.S. and European banks were experiencing a spike in e-commerce fraud linked to China-based sites. These domains were used to steal payment card data from unwitting shoppers and then, sell the data across various dark web marketplaces.

Oregon County affected
Oregon’s Jackson County is dealing with an outage on its website that occurred due to a ransomware attack on Managed.com. The attack occurred early this week.

Top Malware Reported in the Last 24 Hours

QBot adds a new partner
The QBot trojan has dropped the ProLock ransomware and partnered with Egregor ransomware as part of its latest attack campaigns. These campaigns are carried out through phishing emails containing malicious Excel documents pretending to be DocSign documents.

Mount Locker ransomware 
Mount Locker ransomware has shifted its focus to users filing tax returns through TurboTax. The stolen data and encrypted files in this case are then used in a double extortion scheme where victims are warned that their files will be published on a data leak site if a ransom is not paid.

Top Vulnerabilities Reported in the Last 24 Hours

VMware patches six flaws
VMware has patched a total of six vulnerabilities in its SD-WAN Orchestrator product. These flaws can allow attackers to steer traffic or shut down the enterprise network. The flaws are related to SQL injection bugs, remote code execution, and default passwords.

LidarPhone attack
Researchers demonstrated a new attack method called LidarPhone that converts vacuum cleaners to microphones. The attack works by leveraging the built-in LiDAR laser-based navigational component in the vacuum cleaner.

Top Scams Reported in the Last 24 Hours

New ways of phishing
Researchers have found that cybercriminals are using free Google services such as Google Forms, Google Sites, Firebase, and Google mobile platform for app development to launch a variety of phishing attacks. These services enable attackers to evade detection by security software while carrying out their malicious intentions. It is advised that employees and users should use MFA and learn to spot phishing emails to stay safe.


mount locker ransomware
qbot trojan
go sms pro
prolock ransomware
lidarphone attack
oregon county

Posted on: November 20, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.