Share Blog Post
A new cyberattack campaign has emerged, targeting government entities in the Middle East using a backdoor called CR4T. The operation, which began in February, practices a novel dropper technique of hiding the C2 address with Spanish poems. Hello gamers! A new info-stealer malware campaign, masquerading as a game cheat called Cheat Lab, has been spotted in the wild. Linked to Redline, it spreads through deceptive tactics, enticing users with promises of free software in exchange for infecting friends.
What more? A Windows zero-day exploit, capable of granting unauthorized users elevated privileges on any Windows system, has also emerged on a popular hacker forum. Besides, a deceptive Google ad for the crypto trading platform Whales Market was found redirecting users to a phishing site that steals their assets.
Top Malware Reported in the Last 24 Hours
Stealthy CR4T backdoor enters the Middle East
Security experts discovered the DuneQuixote campaign targeting government entities in the Middle East using the CR4T backdoor. Two dropper variants, including a trojanized Total Commander installer, initiate the attack by downloading the CR4T implant. The memory-only CR4T backdoor, written in C/C++ and Golang, grants attackers command line access, file operations, and persistence capabilities via COM object hijacking and Telegram API.
New info-stealer poses as game cheat
An info-stealer malware campaign was discovered posing as a game cheat called Cheat Lab. It has been linked to the notorious Redline malware operators. Leveraging Lua bytecode to evade detection, this variant injects into legitimate processes for stealth, enticing victims with promises of a free copy in exchange for infecting friends. The malware is distributed via ZIP files containing an MSI installer.
Top Vulnerabilities Reported in the Last 24 Hours
Windows zero-day exploit emerges on Dark Web
A Windows local privilege escalation exploit for a zero-day flaw surfaced on a prominent hacker forum. With no CVE reference assigned, this exploit poses a significant threat to Windows users, potentially enabling unauthorized users to gain elevated privileges on any Windows system. The exploit could lead to attackers executing various malicious activities, including data theft and ransomware deployment.
Palo Alto Networks' XDR exploited
Security researcher Shmuel Cohen reverse-engineered Palo Alto Networks' Cortex XDR product, weaponizing it to deploy a reverse shell and ransomware. Demonstrated at Black Hat Asia, the exploit bypassed anti-tampering mechanisms and allowed him to gain full control over systems protected by XDR by exploiting plaintext Lua files. While Palo Alto patched most vulnerabilities, the underlying issue of plaintext Lua files remains unresolved.
Top Scams Reported in the Last 24 Hours
Scammers masquerade as crypto trading platform
A phishing scam discovered on Google Search ads impersonates the decentralized OTC crypto trading platform Whales Market. Despite displaying correct URLs, the ad redirects users to a phishing site that mimics the legitimate platform, aiming to steal users' cryptocurrency assets. The tactic underscores the challenge of distinguishing between genuine and fraudulent online ads.
Tags
Posted on: April 19, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
