Cyware Daily Threat Intelligence, September 24, 2020

Share Blog post

Two weeks after cybersecurity agencies from France, Japan, and New Zealand published warnings about an uptick in Emotet activity, agencies in Italy and the Netherlands have issued a fresh advisory warning about the rising malspam activities of the trojan. These spam emails come with malicious files attached that infect the host with Emotet malware.

Fresh details about AgeLocker ransomware and a new Alien trojan have also surfaced in the last 24 hours. While AgeLocker ransomware has been found targeting QNAP NAS devices in its recent attacks, the newly discovered Alien trojan is capable of stealing credentials from 226 Android applications.

Top Breaches Reported in the Last 24 Hours

Tyler Technologies affected
Software vendor Tyler Technologies has suffered a cyberattack after an unknown third-party hacked its internal systems. The nature of the attack is yet to be ascertained. Meanwhile, the firm has notified the federal authorities about the incident. Users have also been asked to change their passwords as a part of security measures. 
Top Malware Reported in the Last 24 Hours

New Alien malware
A new strain of Android malware named Alien comes with the capability to steal credentials from 226 applications. The trojan has been active since the beginning of the year and is offered as a Malware-as-a-Service (MaaS) on underground forums. Among the other capabilities, Alien can record keyboard input, harvest SMS messages, steal contact lists, and provide remote access to a device through TeamViewer.

AgeLocker ransomware
QNAP NAS devices are being targeted by AgeLocker ransomware that uses an encryption algorithm called Age. The activity has picked up since August. After encrypting files, the ransomware leaves behind a ransom note that includes details on how to retrieve data.

Emotet’s rising attacks
After France, Japan, and New Zealand, cybersecurity agencies from Italy and the Netherlands have published an alert warning about the latest malspam activities of Emotet. The technique of infecting target systems with the trojan is quite clever and effective.

Top Vulnerabilities Reported in the Last 24 Hours

Instagram RCE flaw
A critical remote code execution flaw in Instagram’s Android and iOS apps can allow remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The flaw can be exploited by sending a malicious image file via SMS, WhatsApp, email, or any other messaging service. Facebook has confirmed the vulnerability and fixed it with a new security update.

Google fixes RCE flaw
Google has patched a privilege escalation vulnerability in the OS Config cloud service. The exploitation of the vulnerability requires access to the targeted system or a privileged shell on the affected VM. Technical details on how to exploit the flaw have been made available by a team of researchers.

Top Scams Reported in the Last 24 Hours

iPhone12 scam
A fake iPhone12 trial scam is doing the rounds recently. Cybercrooks are sending invitations over SMS to recipients as a part of the false Apple 2020 Testing Program. The message includes a link that redirects the victims to a questionnaire page to prove their identity. Later, they are asked to make a nominal payment for the courier to receive their iPhone.

Fake GDPR reminder
Phishers are using a fake GDPR compliance reminder to trick recipients into handing over their email login credentials. The attackers lure targets under the pretense that their email security is not GDPR compliant and requires immediate action.

 Tags

emotet
alien malware
agelocker ransomware
rce flaw
instagram
fake gdpr reminder

Posted on: September 24, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!