Cyware Daily Threat Intelligence, October 24, 2019

Share Blog post

Vulnerable security products can increase the level of cyber threats if not patched on time. In the past 24 hours, security researchers have uncovered a major security issue impacting Avast, AVG, and Avira security products. The vulnerability can be abused by attackers to bypass defense mechanisms of antiviruses and execute malicious code. In addition to this, the flaw can also lead to DLL hijacking. 

The past 24 hours also saw the emergence of two new malware named, Spidey Bot and Ashas adware. While Spidey Bot turns Discord for Windows into a tool for spying and stealing information, Ashas has been found hiding in at least 42 apps available on the Google Play Store. The Ashas adware works by flooding a user’s device with unwanted ads.  

Top Breaches Reported in the Last 24 Hours

NNeuR data breached
A scripting error on the website of the National Neurology Registry (NNeuR) has leaked the personal information of over 17,000 patients due to. The accidental exposure of data has occurred due to a scripting error on the website. The exposed information includes NRIC, phone numbers, and addresses of individuals. The Health Ministry is now working with the National Cyber Security Agency (Nacsa), Malaysia Communications and Multimedia Commission (MCMC) and Cybersecurity Malaysia for further investigation.

CPS discloses a data breach
Competitive Pest Services (CPS) has disclosed a data breach that may have affected the data of all its clients. The incident occurred after an ex-employee downloaded customer information from an existing database and shared it with a competitor. The compromised data includes names, addresses and phone numbers of customers.      

US Court system hacked
A man, who hacked Los Angeles County court (LASC) computers sent 2 million phishing emails and stole hundreds of credit card numbers, has been sentenced in Los Angeles. Following a phishing attack that compromised one of LASC's employee email accounts in July 2017, the attacker infiltrated the court's computers. The account was used to launch a spear-phishing attack targeting the accounts of thousands of other LASC employees. 

Top Malware Reported in the Last 24 Hours

Ashas adware’s author tracked
Researchers have tracked down the author of the new Ashas Android adware installed on at least 42 apps. These apps which are available on the Google Play Store, have been downloaded for more than eight million times. The adware works by showing fullscreen ads overlaid on top of other apps.

Raccon Stealer trojan
Raccon infostealer trojan has been observed in multiple attack campaigns since it first emerged in April 2019. The trojan is distributed via exploit kits, phishing and compromised software downloads. Raccon is capable of stealing important data including credit card information, cryptocurrency wallets, browser data, and email credentials. 

Joker malware returns
An app called Int App Lock has been found to be infected with Joker malware. The app has over 10,000 installs. Users are advised to immediately delete the app as the malware is capable of silently exfiltrating sensitive data from their device.

Spidey Bot
Spidey Bot is a newly discovered malware that turns Discord for Windows into a tool for spying and stealing information. Once launched, the malware is capable of collecting a wide range of system and user information. Apart from this, the malware can allow attackers to perform other malicious actions including theft of payment information, executing commands on victims’ machines and installing other malware.

Top Vulnerabilities Reported in the Last 24 Hours

Mozilla fixes critical issues
Mozilla has fixed several critical memory bugs affecting Firefox 69 and Firefox ESR version 68.1. The bugs are covered by a single ID CVE-2019-11764 and have been fixed in Firefox 70 and Firefox ESR 68.2. These memory flaws, if exploited, could allow an attacker to run arbitrary code on vulnerable systems. The flaws can also be abused to modify/delete the data or create a new user account with full rights. 

Vulnerable keyboard LX390 
Two high-severity vulnerabilities have been found affecting Fujitsu wireless keyboard LX390. The vulnerabilities can be exploited to expose passwords and allow keystroke injection attacks. The flaws are tracked as CVE-2019-18200 and CVE-2019-18201. Fujitsu has addressed the issue in the latest wireless keyboard sets named LX410 and LX960.   

Vulnerable Avast, Avira, and AVG
Avast Antivirus, AVG Antivirus, and Avira Antivirus are impacted by a bug that could lead to DLL hijacking. The vulnerability has been identified as CVE-2019-17093 (for Avast and AVG) and CVE-2019-17449 (for Avira). It impacts all editions below 19.8 version for Avast Antivirus and AVG Antivirus.  In Avira Antivirus, versions below 1.2.137 and 2.0.6.21094 for Avira Launcher and Avira Software Updater.

 Tags

ashas adware
fujitsu wireless keyboard
spidey bot
joker malware
raccon stealer trojan

Posted on: October 24, 2019

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!