Cyware Daily Threat Intelligence, October 05, 2020

Share Blog post

The detection of new malware samples indicates the level at which cyber threats are evolving. In the last 24 hours, security researchers have unearthed three new malware that are capable of performing a wide range of malicious activities. One of them is the Ttint botnet that includes remote tools-like features, apart from launching DDoS attacks. 

The other two malware include a variant of the Black-T cryptojacking malware and the SLOTHFULMEDIA dropper. While the former is used against vulnerable Docker APIs, the latter is used to drop a trojan and a malicious components on infected computers.

Top Breaches Reported in the Last 24 Hours

Swiss universities affected
Several top universities and schools in Switzerland have been compromised to steal employees’ salaries. According to reports, the hackers accessed universities’ payment systems and changed beneficiary accounts information for salary transfers to steal a six-figure sum.

UN Shipping agency attacked
The United Nations agency for international shipping was forced to take a number of services offline after being hit by a cyberattack. However, the organization’s email and virtual meeting platforms remained unaffected by the incident.

Top Malware Reported in the Last 24 Hours

New variant of Black-T malware
Researchers have uncovered a new variant of the Black-T cryptojacking malware that is associated with the TeamTNT APT group. The malware is used against exposed Docker daemon APIs. It uses three different network scanning tools to identify vulnerable Dockers within the local network.

New SLOTHFULMEDIA malware
A new malware dropper named SLOTHFULMEDIA deploys two files when executed on a system. One of the files is a RAT designed to gain control over compromised devices and the other is a component that removes the dropper after the RAT achieves persistence on the targeted computer.

New Ttint botnet
Ttint is a newly discovered IoT botnet that includes remote tools-like features. The botnet, which appears to have been deployed last year, exploits two zero-day vulnerabilities in Tenda routers, for which security patches have not yet been released.

Malicious npm packages
Four malicious JavaScript npm packages - electorn, lodashs, loadyaml, and loadyml - were removed from the npm portal after they were found uploading user details to a public GitHub page. These packages used the typosquatting technique to trick users into installing them on their computers.

 Tags

npm packages
slothfulmedia malware
black t malware
ttint botnet

Posted on: October 05, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!