Cyware Daily Threat Intelligence October 23, 2017

Sockbot Android Malware
Recently, a team of researchers has found a highly prolific type of Android malware called Sockbot posing as legitimate apps on Google Play. The Android.Sockbot then adds the devices of users who downloaded the app to a bonnet, allowing attackers to create fake ad traffic. The malware appears to be targeting users in the United States, but may be accessible to users in Russia, Ukraine, Brazil, and Germany.

Wonder botnet
While investigating malicious code in the dark web, a new botnet dubbed as Wonder botnet was discovered. A file named “NetflixAccountGenerator.exe” was actually discovered during the investigation. This file promises to create free premium accounts for Netflix. But in reality, it installs a bot and can remain undetected.

Necrus botnet spreading Locky
In a recent revelation, a new malware campaign has been spotted trying to spread Locky ransomware using malicious Word files. Necrus botnet sends phishing messages carrying malicious Word documents that appear to be regular invoices. openSUSE Tumbleweed updates
Recently, two openSUSE Tumbleweed snapshot updates have been released recently. Tumbleweed snapshot 20171017 removed GNU Compiler Collection 6 from the repositories. In addition, Snapshot also fixes the infamous WPA2 KRACK (Key Reinstallation Attack) security vulnerability. Users are advised to patch their systems.

New Chrome version
Google released a new version of Chrome browser--Chrome 62--for Windows, macOS, and Linux. As the browser updates in the background, simply relaunching Chrome will get the latest version. The new feature in the Google Chrome -- alerts users that a particular site is insecure when the user starts to enter any form field on the page.

Microsoft Office memory corruption flaw
It has been discovered that a remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. During an email attack, an attacker sends a specially crafted file (through spam email) to the user, convincing him to open it.