Share Blog Post
Cybercriminals cast their nets over the 250 million enthusiasts of the wildly popular mobile game, Hamster Kombat. Researchers have unearthed a malicious APK circulating on Telegram under the guise of Hamster.apk, which is in fact the Ratel Android spyware.
Simultaneously, the CISA highlighted two critical security vulnerabilities by adding them to its KEV catalog. The first, CVE-2012-4792, is a relic from Internet Explorer’s history, enabling remote code execution. The second, CVE-2024-39891, is an information disclosure flaw in Twilio Authy.
In the blockchain realm, fraudsters are cunningly exploiting legitimate protocols like Uniswap V3 and Safe.global to conduct scams disguised as authentic transactions. This openness, which allows users to set targets and data parameters, presents a significant security risk in the asset-theft-prone environment.
Top Malware Reported in the Last 24 Hours
Malware targets Hamster Kombat players
In a recent development, threat actors are targeting the 250 million players of the popular mobile game Hamster Kombat with malware. The game, which is not available on any official channels but Telegram, has become a breeding ground for cybercriminals due to its massive popularity. ESET has found a malicious APK distributed on Telegram that is named 'Hamster.apk', which is actually Ratel Android spyware. The spyware can steal sensitive data from the device, such as contacts, messages, call logs, and location data. The researchers also found fake Hamster Kombat apps on Windows that are distributed through various channels.
Stealer campaign exploited Defender bug
The Microsoft Defender SmartScreen security flaw, CVE-2024-21412, was exploited in a campaign targeting Spain, Thailand, and the U.S. to deliver information stealers like ACR Stealer, Lumma, and Meduza. Attackers used booby-trapped files to bypass SmartScreen protection and drop malicious payloads. A new stealer called Daolpu was also distributed, harvesting credentials and cookies from various browsers. The attackers also targeted several applications to steal information, such as browsers, cryptocurrency wallets, messenger apps, FTP clients, email clients, VPN services, password managers, and more.
Braodo Stealer emerges
Researchers spotted the emergence of the Vietnamese-based Braodo Stealer malware, which stealthily infiltrates systems to steal sensitive information such as credentials and banking details. Braodo Stealer is a Python-based stealer that collects all cookies and saved credentials from browsers and system information as a zip file. It initially comes as a zip file, which contains a bat file that starts with unicode ‘FF FE’ to show the batch file data as unreadable characters in Notepad++. The Document.zip file contains all libraries related to python.exe and a python file with the name "sim.py" which is the actual payload written in Python language. The malware retrieves the computer name, current login user name, windows version, time of computer, and IP of the system.
Top Vulnerabilities Reported in the Last 24 Hours
CISA adds two flaws to KEV Catalog
The CISA has identified and added two security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are CVE-2012-4792, a decade-old flaw in Internet Explorer, which could allow remote code execution; and CVE-2024-39891, an information disclosure bug in Twilio Authy. Both vulnerabilities are actively exploited, posing significant risks to federal agencies, and these agencies are required to fix the vulnerabilities by August 13, 2024, to protect their networks.
XSS bug in Okta Browser plugin
The Okta Browser Plugin versions 6.5.0 through 6.31.0 for Chrome, Edge, Firefox, and Safari were vulnerable to cross-site scripting when saving credentials within Okta Personal. A fix has been implemented in version 6.32.0 to address this issue. The vulnerability only affects users who added Okta Personal to enable multi-account view. Okta Admin Users can query for users still using outdated versions. The severity of the issue is rated as 7.1, and the CVE ID is CVE-2024-0981 with a published date of 2024-07-22.
Top Scams Reported in the Last 24 Hours
Scammers abuse legitimate blockchain protocols
Fraudsters are exploiting legitimate blockchain protocols, like Uniswap V3 and Safe.global, to conduct scams by disguising malicious activities as trusted transactions. The Uniswap V3 Multicall2 contract, for instance, is abused to execute multiple transactions in a single call, making detection difficult. Similarly, the GnosisSafeProxy contract is manipulated to create seemingly legitimate contracts for fraudulent schemes. The openness of these contracts, which allows any user to set targets and data parameters, presents a significant security risk in the asset-theft-prone environment.
Tags
Posted on: July 24, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
