Share Blog Post
Cybersecurity analysts are raising alarms over the persistent threat of DNS hijacking. Russian threat actors are exploiting an eight-year-old technique called Sitting Ducks, which targets vulnerable web domains through weakly configured DNS services. Since 2019, this method has led to the seizure of over 30,000 domains.
Researchers have uncovered a new Windows backdoor named BITSLOTH, which communicates stealthily using the Background Intelligent Transfer Service (BITS). This malware includes 35 handler functions, such as keylogging and screen capture, and is believed to be used for data gathering.
Adding to the threats, a new Android trojan called BlankBot is targeting Turkish users. This sophisticated malware can steal user data, execute commands, and perform keylogging and screen recording.
Top Malware Reported in the Last 24 Hours
Yet another novel Android threat
A new Android trojan called BlankBot is capable of stealing user data, executing commands, and supporting malicious activities such as keylogging and screen recording. This trojan was first observed on July 24 but has been found in samples dating back to the end of June, with many antivirus software unable to detect it. It targets Turkish Android users currently but could expand to other countries. The malware can intercept key presses, record the screen, and create fake overlays to steal confidential information.
Cuckoo Spear hits Japanese firms
Chinese hackers are targeting Japanese companies using LODEINFO and NOOPDOOR malware to steal sensitive information over a period of two to three years. The campaign, discovered by Cybereason and dubbed Cuckoo Spear, is linked to the APT10 intrusion set, also known by various aliases like Bronze Riverside and Cloudhopper. NOOPDOOR, a new backdoor, is being used alongside LODEINFO for data exfiltration.
New Windows backdoor surfaces
A new Windows backdoor named BITSLOTH has been discovered by cybersecurity researchers, which uses the Background Intelligent Transfer Service (BITS) to communicate stealthily. The malware was found to have 35 handler functions, including keylogging and screen capture capabilities, and is believed to be used for data gathering purposes. The authors of BITSLOTH are suspected to be Chinese speakers based on source code analysis.
Top Vulnerabilities Reported in the Last 24 Hours
Attackers abuse bytecode
Malicious attackers have been found injecting malicious bytecode into interpreters for programming languages like VBScript, Python, and Lua to bypass code detection mechanisms. By inserting harmful commands into the machine code stored in memory by these interpreters, attackers can conceal their attempts to execute malicious code. This technique allows them to hide their activities from endpoint security software.
DNS hijacking risk remains high
Russia threat actors are targeting vulnerable web domains using an eight-year-old hijacking technique known as Sitting Ducks, leading to the seizure of over 30,000 domains since 2019. The technique exploits weakly configured DNS services, allowing cybercriminals to take control of domains. Despite being known for years, Sitting Ducks remains a potent avenue for domain hijacking due to its difficulty in detection and distinction from credential theft.
Botnet exploits ERP software
The open-source ERP framework OFBiz, supported by the Apache Foundation, is being targeted by new varieties of the Mirai botnet. A critical security update was released in May to fix a directory traversal vulnerability that could lead to remote command execution in OFBiz versions before 18.12.13. The vulnerability allows attackers to bypass access control rules and execute arbitrary code. The SANS Internet Storm Center detected an increase in exploit attempts for this vulnerability recently.
Tags
Posted on: August 02, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
