Cyware Daily Threat Intelligence November 21, 2017

AlienSpy malware
There’s a new phishing campaign that is delivering Jsocket variant of Adwind (also known as AlienSpy) that was detected in October 2017 and is currently ongoing. It is a cross-platform backdoor able to install additional malware on the target systems.

BankBot sneaks in again
The notorious mobile banking trojan — BankBot — which had infected thousands of users earlier has made its way again into Google Play store. It pretends to be a game or an essential app but in turn steal banking credentials of mobile banking apps like Wells Fargo, Chase, CitiBank, and DiBa (ING).

Android.RootKit trojan
A new Android trojan Rootnik that allows hackers to gain root access is lurking around. The creators have reverse engineered the commercial app “Root Assistance” and have stolen at least 5 exploits that give them root access. Mac and iOS users warned
US-CERT has found several security vulnerabilities affecting Apple software of MacOS and iOS. The US-CERT has issued a security warning related to those flaws and hasn't been evaluated yet. The vulnerabilities include remote execution flaws which can facilitate an attacker to gain access and take control of the target device.

Intel’s security flaws
Intel has released a list of new vulnerabilities in its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE). The firmware-level bugs facilitate already logged-in malicious actors to execute code beneath the operating system to spy on or meddle with the computer completely out of sight of other users and admins.

EMC bypasses existing protection
Often organizations restrict employees from bringing their own devices into the workspace when dealing with sensitive trade secrets. However, a new method uses GSM network, electromagnetic waves and a basic low-end mobile phone to steal data, bypassing all of these protections. Apple tech support scam
New tech support scams have emerged targeting Apple users. Scammers are already populating the app with fake tech support number to make their work easy. Typically, the scam is initiated by the scammers by targeting the victim's default communication platform, mostly the phone app, to prompt them into calling the fake tech support scam hotline.

Black Friday scam
Fraudsters are cashing in on the rise of online sales during Black Friday. They’re sending out fake emails supposedly confirming the delivery of purchased products but filled with phishing links and virus-filled downloads. Users are advised to think twice before clicking on unknown links.

Click-to-call scam
Scamsters are using scare tactics to trick victims into paying for fake technical support services that ‘fix’ the technical problems of the victim’s device. The new scam is using click-to-call links where a victim is connected to the scammer with just a click. Users can stay protected by not proceeding with the call.