Go to listing page

Cyware Daily Threat Intelligence, September 02, 2022

Cyware Daily Threat Intelligence, September 02, 2022

Share Blog Post

With the growth in new ransomware strains, ransomware connections are also abundant these days. Of late, an early-stage ransomware variant was linked to DarkAngels ransomware owing to their eerily similar ransomware notes. In other news, researchers have linked Raspberry Robin malware to Dridex and Russia’s deadly Evil Corp cybercriminal group. Raspberry Robin came into the picture in mid-May 2022 when it targeted a few IBM Security MDR customers.

Meanwhile, researchers reported a critical bug introduced in version 104 of Google Chrome that could compromise users’ sensitive data. The flaw, as per reports, also impacts Apple Safari and Mozilla Firefox.

Top Malware Reported in the Last 24 Hours


Snake Keylogger campaign targets the U.S.
Bitfender reported a new malspam campaign launched by threat actors associated with Snake Keylogger. In this campaign, hackers sent thousands of phishing emails to corporate IT decision-makers. The attack’s primary targets were located in the USA. Hackers impersonated one of Qatar’s leading IT and cloud services providers to lure its targets.

Connection between Raspberry Robin and Dridex 
IBM experts have confirmed functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader. They found overlaps in the anti-analysis code and how the final payload is decoded in an analogous manner. Dridex is the handiwork of Evil Corp. Hence, it is likely that Evil Corp is also behind Raspberry Robin.

New ransomware strain under development
The research team of Uptycs stumbled across a new Linux ransomware that drops similar ransom notes as the DarkAngels ransomware, which was first observed during the month of May. The newly found Executable and Linkable Format (ELF) ransomware encrypts files inside Linux systems based on the given folder path.

Top Vulnerabilities Reported in the Last 24 Hours


High-severity bug in Google Chrome
A critical security bug in the Chrome browser, also infecting Chromium-based alternatives, allows malicious sites to automatically overwrite system clipboard content without any user interaction. The researcher who reported the bug stated that the clipboard poisoning attack was accidentally introduced in Chrome version 104. The issue exists in Apple Safari and Mozilla Firefox.

Top Scams Reported in the Last 24 Hours


Fake verification process on Instagram
Turkish hackers are reportedly abusing Instagram’s verification process to pilfer sensitive data from unsuspecting users. Hackers misinform users in emails about reviewing their Instagram profiles and that it “deemed eligible” for verification. The emails contain “badge form” link that takes victims to dubious websites for Instagram and Meta. The website requests a person’s name, phone number, email, and Instagram password.

 Tags

snake keylogger
darkangels ransomware
apple safari browser
evil corp
linux ransomware
google chrome browser
dridex trojan
instagram
mozilla firefox
raspberry robin

Posted on: September 02, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.