Go to listing page

Cyware Daily Threat Intelligence, November 25, 2022

Cyware Daily Threat Intelligence, November 25, 2022

Share Blog Post

Another day, another new malicious browser extension attack. Researchers uncovered two malicious Chrome extensions under the name of SearchBlox, that were used to pilfer Roblox credentials as well as assets on Rolimons, a Roblox trading platform. More than 200,000 players have installed the extensions that pretend to offer users Roblox servers of their choice. Docker images are again being leveraged for malicious activities as security experts unearthed a stack of over 1600 images embedded with backdoors, DNS hijackers, and cryptocurrency miners. 

Coming to security updates, Google released an emergency patch to fix a zero-day vulnerability in the desktop version of Chrome browser. This is the eighth zero-day vulnerability to be patched in Chrome 2022, following its exploitation in the wild.

Top Breaches Reported in the Last 24 Hours


WhatsApp user data on sale
Security experts are investigating a dataset that appears to contain data from nearly 500 million WhatsApp users from 84 countries. The data is being sold on cybercrime forums for prices ranging from $2000 to $7000. Threat actor claims that there are over 32 million US user records included in the dataset.

EU website hit by DDoS attack
The European Parliament website was temporarily down following a DDoS attack that was launched by Russia-based hackers. A pro-Kremlin group, Killnet, has claimed responsibility for the attack.  

Sonder reveals a data breach
Hospitality company Sonder confirmed a data breach that has potentially compromised guest records. Sonder learned of unauthorized access to one of its systems on November 14. The impacted records belong to those guests who made bookings prior to October 2021. The data included usernames and encrypted passwords, names, phone numbers, dates of birth, addresses, and email addresses of guests.

Top Malware Reported in the Last 24 Hours


SearchBlox malicious extension
Two malicious Google Chrome extension, both under the name SearchBlox, installed by more than 200,000 users was discovered stealing Roblox credentials, as well as assets on Rolimons. These extensions were distributed via Chrome Web Store and claimed to let players search Roblox servers at blazing speed but both contained a backdoor.

Malware-infested Docker images 
Over 1600 publicly available Docker Hub images were infected with malicious payloads so as to launch cryptocurrency mining and DNS hijacking attacks. These compromised Docker images were also used to deploy backdoors and redirect victims to phishing websites. A few of these Docker images were embedded with SSH keys, AWS credentials, GitHub tokens, and NPM tokens to gain backdoor access to a victim’s network. 

Top Vulnerabilities Reported in the Last 24 Hours


Chrome updated to fix a zero-day flaw
Google released an emergency security update for the desktop version of Chrome browser to address a zero-day vulnerability that is exploited in the wild. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in the GPU component. Attackers can exploit the flaw to overwrite an application’s memory to manipulate the execution path and launch arbitrary code execution attacks.

 Tags

searchblox malicious extension
heap buffer overflow
rolimons
chrome browser
whatsapp

Posted on: November 25, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.