Go to listing page

Cyware Daily Threat Intelligence, September 27, 2021

Cyware Daily Threat Intelligence, September 27, 2021

Share Blog Post

Cybercriminals are piggybacking on online bank accounts and crypto wallets to make quick money. In order to accomplish this malicious intent, they took to two unique attack vectors to drop their payloads. In one incident, a malicious Firefox add-on named Safepal Wallet was used to steal almost $4000 from users by targeting their cryptocurrency wallets. In another campaign, several popular apps were leveraged to distribute a new Android malware called ERMAC that targets 378 banking and wallet apps with overlays. The banking trojan is said to borrow its code from the notorious Cerberus trojan.

In the realm of vulnerabilities, Google released a patch for the eleventh zero-day flaw in Chrome that is being exploited in the wild. 

Top Breaches Reported in the Last 24 Hours

OathKeepers hacked
A hacker claims to have leaked 5GB worth of data stolen from the OathKeepers. More than 10,000 emails of high-profile members including state chapter leaders, along with physical addresses, email addresses, IP addresses, and chat logs, have been leaked online.

MySaskHealthRecord leaks data
The Canadian province of Saskatchewan’s government has temporarily removed QR codes from residents’ COVID-19 vaccination records after the discovery of a misconfiguration issue in the MySaskHealthRecord app. It has also confirmed that there is no evidence of any malicious activity.

Top Malware Reported in the Last 24 Hours

Malicious extension
A malicious Firefox add-on named Safepal Wallet scammed users of $4000 by emptying out their cryptocurrency wallets. Although the browser add-on has been taken down, the phishing website is still up.

New ERMAC trojan surfaces
A new Android banking trojan called ERMAC has been spotted in a cyberattack targeting users in Poland. Almost fully based on the Cerberus trojan, the malware has been found targeting 378 banking and wallet apps with overlays.

Top Vulnerabilities Reported in the Last 24 Hours

Opera patches XSS flaw
Opera has patched a severe Cross-Site Scripting (XSS) vulnerability that affects its My Flow feature. The flaw can be abused to launch an XSS attack, which eventually results in remote code execution.

Google fixes a zero-day flaw
Google has issued patches for the eleventh zero-day vulnerability that is being exploited in the wild. Tracked as CVE-2021-37973, the flaw can be abused to take control of affected systems. The flaw has been patched in Chrome 94.0.4606.61 for Windows, Mac, and Linux.

WPBT flaw discovered
A flaw in the Microsoft Windows Platform Binary Table (WPBT) can be exploited to install rootkits on Windows systems. The flaw impacts Windows systems dating all the way from 2012 to the present. The flaw can be abused either by gaining physical access or through supply chain attacks.

Top Scams Reported in the Last 24 Hours

Double cash scam
Scammers stole $17,000 in a ‘double your cash’ scam after hijacking the ‘Bitcoin.org’ website. To draw the attention of users, the website claimed the scheme was limited to the first 10,000 users and prompted them to send Bitcoins to the attackers’ displayed wallet address.

 Tags

mysaskhealthrecord
malicious firefox add on
cerberus trojan
ermac
safepal wallet

Posted on: September 27, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.