Go to listing page

Cyware Daily Threat Intelligence, October 04, 2022

Cyware Daily Threat Intelligence, October 04, 2022

Share Blog Post

A new way to sneak past the security checks on systems is enabling threat actors to steal credentials from users. The tactic leverages the legitimate Chrome’s Application Mode feature to create fake desktop login forms of well-known apps and deceive victims by prompting them to share their details. In another browser-based phishing attack, researchers uncovered that customers’ payment details were stolen after attackers spoofed the browser-based applications of KFC and McDonald's in Saudi Arabia, UAE, and Singapore. 

While threat actors are scrambling to exploit the newly discovered Microsoft Exchange zero-day vulnerabilities, scammers are also benefitting from this discovery. Reports suggest that scammers are earning profits by impersonating security researchers to sell fake PoC for zero-day flaws that are collectively called ProxyNotShell.

Top Breaches Reported in the Last 24 Hours


RansomEXX gang claims attack on Ferrari
The relatively new RansomEXX ransomware gang has leaked internal documents online after hacking the Italian luxury sports car manufacturer Ferrari. While the firm has validated the documents leaked online, there is no evidence of cyberattacks. The 6.99GB of stolen data includes internal documents, datasheets, and repair manuals, among others. 

DNS suffers a data breach
Russian retail chain DNS (Digital Network System) suffered a data breach that exposed the personal information of customers and employees. The attackers could gain initial access by exploiting flaws in the company’s IT systems. Meanwhile, the organization is working on fixing the flaws to strengthen information security. 

LAUSD’s 500GB data leaked
More than 248,000 files belonging to the Los Angeles Unified School District (LAUSD) have been leaked on the dark web. The affected data belongs to students and their parents. The school was attacked by the Vice Society ransomware gang in September.  


Top Malware Reported in the Last 24 Hours


Trojanized installer deploys JavaScript backdoor
A trojanized installer for the Comm100 Live Chat application was found distributing a JavaScript backdoor as part of a supply chain attack. The attack took place in September and infected organizations in multiple sectors, including the industrial, healthcare, technology, manufacturing, insurance, and telecommunications.

Malicious DApps abused
A threat actor named Water Labbu has been found abusing malicious decentralized applications, or DApps, to steal cryptocurrency from other scammers. The group is piggybacking on different social engineering tactics used by crypto scammers to trick users to then subsequently inject malicious JavaScript code into their sites and steal their cryptocurrency loots.

Agent Tesla and njRAt spotted
Some malicious Office documents that attempt to leverage legitimate websites have been discovered executing a shell script that ultimately drops the variants of Agent Tesla and njRAT. The trojans are well-known for collecting sensitive information from a victim’s device. 


Top Scams Reported in the Last 24 Hours


New phishing attack technique discovered
Threat actors are abusing Chrome’s Application Mode feature in a new phishing attack to steal credentials from internet users. The feature is available in all Chromium-based browsers including Google Chrome, Microsoft Edge, and the Brave Browser, enabling threat actors to spoof local login forms that appear as desktop applications. 

KFC and McDonald’s apps spoofed
KFC and McDonald’s customers across Saudi Arabia, UAE, and Singapore were targeted in a phishing attack, enabling attackers to steal their payment details. According to researchers at CloudSEK, the attackers impersonated the browser-based application of fast food restaurants to trick users into installing information-stealing payloads on their desktops.

Scammers selling fake PoC
Scammers are earning profits by impersonating security researchers and selling fake PoC exploits for the newly discovered ProxyNotShell vulnerabilities. The flaws are being exploited in the wild, which makes it beneficial for scammers. 

 Tags

agent tesla rat
ransomexx gang
russian retail chain dns
comm100 live chat
microsoft exchange zero day vulnerabilities
chromes application mode feature

Posted on: October 04, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.