Go to listing page

Cyware Daily Threat Intelligence, November 27, 2019

Cyware Daily Threat Intelligence, November 27, 2019

Share Blog Post

Malware that includes obfuscation modules to evade detection by security solutions is in demand among threat actors. Lately, security researchers have come across one such malware that has been active since October 2018. The malware dubbed Dexphot, had silently managed to bypass security solutions due to its complex evasion methods. It has been found that the notorious malware has infected close to 80,000 Windows computers earlier this year.

That’s not all! A new variant of Stantinko botnet has also been found to spread via YouTube videos to slip past security solutions. This new version of botnet includes a mining module in its arsenal to mine Monero cryptocurrency. Overall, the botnet is estimated to have infected half a million devices, and the victims are primarily from Russia, Ukraine, Belarus, and Kazakhstan.

Top Breaches Reported in the Last 24 Hours

‘On The Border’ restaurant chain breached
Mexican restaurant chain ‘On The Border’ disclosed a data breach that occurred between April 10 and August 10, 2019. The attackers had installed malware on payment processing systems at some of its locations to steal customers’ payment card details.

Upbit hacked
A major hack at the South Korean cryptocurrency exchange Upbit has led to the theft of $48.5 million worth 342,000 ETH. The said amount has been stolen from the hot wallet to a previously unknown wallet address.

Top Malware Reported in the Last 24 Hours

Stantinko botnet
The Stantinko botnet has now been evolved to add a Monero cryptocurrency mining module to its toolset. This new variant spreads via YouTube videos in order to evade detection. Once installed, the botnet searches for other cryptominers and suspends them to run smoothly on targeted systems.

DeathRansom ransomware
A new strain of ransomware named DeathRansom, that attempts to remove shadow volume copies before initiating its encryption routine, has been discovered by security researchers. The malware appends the encrypted files with ABEFCDAB extension and later drops a ransom note for victims. The ransom note contains a unique ‘LOCK-ID’ which the victim needs to email when contacting the ransomware developer.

Dexphot malware
Microsoft security engineers have uncovered a new malware called Dexphot that has been infecting Windows computers since October 2018. The malware has infected almost 80,000 computers. It is used to hijack their resources to mine cryptocurrency and generate revenue for the attackers.

PSD2 as lure
Threat actors are using Payment Services Directive 2’s (PSD2) law as a malicious lure to dupe victims. It has been found that they have created illegitimate login pages on domains that have PSD2 as part of the registered name. It is being used to target financial institutions and customer data.

Top Vulnerabilities Reported in the Last 24 Hours

Impact of SSRF vulnerability
In a new study revealed by Palo Alto Unit 42 researchers, it has been found that there are more than 7,000 Jira servers across the globe that are exposed to the internet in public clouds. 45% of these are vulnerable to SSRF vulnerability dubbed CVE-2019-8451. SSRF vulnerability opens the door for internal network reconnaissance, lateral movement, and even remote code execution.

Kaspersky patches vulnerabilities
Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office Security products. One of the flaws discovered could be abused by attackers to access important data such as Kaspersky security solution’s product ID, product version, and operating system version.


deathransom ransomware
dexphot malware
stantinko botnet

Posted on: November 27, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.