Go to listing page

Cyware Daily Threat Intelligence, November 24, 2021

Cyware Daily Threat Intelligence, November 24, 2021

Share Blog Post

Beware of sneaky apps that purport to download updates with names ‘App Updates,’ ‘System Apps updates,’ or ‘Android Update Intelligence.’ While these names may look convincing to an unsuspecting user, it is a trick employed by the APT-C-23 group to distribute a new variant of spyware that is capable of harvesting personal details from users’ phones. And...Guess what? A new version of Cynos trojan infected at least 9 million Android phone users who downloaded a set of 190 gaming apps from the AppGallery store.

Do you have a printer? Then this latest update will surely make you realize the urgency to improve the security of your device. Researchers have demonstrated a new set of attacks dubbed Printjack that is capable of performing MiTM attacks and launching DDoS attacks.

Top Breaches Reported in the Last 24 Hours

WSpot suffers a breach
Brazil-based WiFi management company WSpot had exposed 10GB worth of sensitive data due to a misconfigured AWS S3 bucket. The incident had occurred in September and the exposed data included full names, full addresses, email addresses, taxpayer registration numbers, and plain-text login credentials of users.

Attackers fasten the compromise process
During an investigation, researchers from Palo Alto Networks found that cybercriminals have sped up the process of compromising poorly configured cloud services. Out of 320 honeypots set up by the researchers, malicious actors had compromised around 256 of the servers that included ones with RDP, SSH, SMB, and Postgres database services.

Top Malware Reported in the Last 24 Hours

APT-C-23 upgrades its spyware
The APT-C-23 threat actor group has once again upgraded its Android spyware with new anti-analysis features to stay under the radar during the infection process. The new variant is distributed via apps that purport to install updates on the target’s phone, with names such as App Updates, System Apps updates, or Android Update Intelligence. These apps are believed to be sent via SMS text messages.

New version of Cynos malware spotted
Dozens of malicious gaming apps on Huawei’s AppGallery were downloaded at least 9 million times to distribute a new variant of Cynos trojan. Dubbed as Cynos, the malware is capable of gathering sensitive information such as phone numbers, GPS location, and other technical data from users’ devices.

Top Vulnerabilities Reported in the Last 24 Hours

Printjack attack
Researchers demonstrated a set of three new attacks that can be launched against printers. The attack includes turning printers into an army of botnets to launch DDoS attacks, impose a paper DoS state, and perform MiTM attacks. One of these attack types can be launched by exploiting CVE-2014-3741 RCE vulnerability affecting printers.  

Faulty MediaTek SoCs
Multiple security flaws disclosed in MediaTek System-on-Chips (SoCs) could have enabled threat actors to elevate privileges and execute arbitrary code on compromised devices. The flaws affect 37% of all smartphones and IoT devices globally. Three of these issues are tracked as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663 and are related to heap buffer overflow issues in the audio DSP component. MediaTek has provided mitigation measures to all major OEMs.

Top Scams Reported in the Last 24 Hours

A surge in fake giveaway scams
Scammers are leveraging the rising popularity of Shiba Inu virtual currency to conduct fake giveaway scams. Multiple YouTube channels and Telegram accounts are being used to promote the scam. Reports are that the scammers have earned $239,000 worth of cryptocurrency since October 20. Besides fake giveaway scams, the scammers also used phishing links posing as the cryptocurrency wallet Trust to steal victims’ wallet information.

FBI alerts about holiday shopping scam
The Oklahoma City FBI Division has warned the public about online holiday shopping scams that steal money and personal information from users. The two most prevalent are non-delivery and non-payment crimes.

 Tags

cynos trojan
apt c 23 group
fake giveaway scams
printjack
mediatek socs
wspot
shiba inu virtual currency

Posted on: November 24, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.