Go to listing page

Cyware Daily Threat Intelligence, September 10, 2019

Cyware Daily Threat Intelligence, September 10, 2019

Share Blog Post

Malvertising has always been one of the common attack vectors among cybercriminals to generate revenues or to spread malware. Security researchers have uncovered four different instances of malvertising campaigns that were used to distribute a variety of malware. These campaigns redirected victims to phishing pages that initiated the download of exploit kits like GrandSoft, RIG, Fallout, and Radio. The malware delivered in the campaigns were Ramnit banking trojan, Amadey trojan, a clipboard hijacker, and Nemty ransomware.

In other development, the popular messaging Telegram app has issued a patch to fix a serious security flaw. The problem existed in the Android version of the app and could allow users to recover photos and videos unsent by other people.

A new phishing campaign where cybercriminals leveraged Captcha boxes to hide a fake Microsoft login page has also come to notice in the past 24 hours. The purpose of the campaign was to steal login credentials from users.

Top Breaches Reported in the Last 24 Hours

Australian university students affected
The personal data of about 50,000 students involved in university clubs and societies around Australia may have been exposed due to a vulnerability in the Get app. This resulted in the compromise of an individual’s name, email address, date of birth, Facebook ID, and phone number. It was found that anyone could access the data without special tokens provided for legitimate access to the service.

Premier Family Medical attacked
Premier Family Medical Group is notifying its patients about a ransomware attack that occurred on July 8, 2019. Following the attack, the healthcare organization was temporarily unable to access data from certain systems. The attack had affected all the firms located in Utah county.

Likud party’s data leak
Unprotected database belonging to Likud party had exposed the personal data of over 4 million Israeli citizens. The exposed data included citizens’ full names, physical addresses, mobile phone numbers, and ID numbers. For some citizens, social security numbers were also exposed in the data leak. The database was left open to the public for almost five days before it was secured by Lukid.

Top Malware Reported in the Last 24 Hours

Bypassing email gateway
Phishers have been found using Captcha code to bypass the secure email gateway (SEG). The attack is conducted using phishing emails that are sent from a compromised account ‘@avis.ne.jp’. The email is disguised as a notification for a voicemail message. It includes a link which if clicked takes the victim to the page with the Captcha code. The SEG marks the page as safe and the victim is redirected to a phishing page that imitates the Microsoft login page.

Exploit kits massacre
Researchers have uncovered four different malvertising campaigns that redirect visitors to the exploit kits’ landing pages. These landing pages are hosted on hacked sites. The exploit kits used in the campaigns are GrandSoft, RIG, Fallout, and Radio. They were used to deliver malware like Ramnit banking trojan, Amadey trojan, a clipboard hijacker, and Nemty ransomware.

New PsiXBot variants
Two new variants of PsiXBot modular malware, one of which includes a sextortion module and one that uses Google’s DoH service, have been discovered by researchers. The versions are 1.0.2 and 1.0.3. Researchers have found that both versions are delivered to the targeted devices via the Spelevo exploit kit.

Top Vulnerabilities Reported in the Last 24 Hours

New ‘Patch Gaping’ performed
Security researchers have found another instance of ‘patch gapping’ in the Google Chrome browser. This time a critical security bug has been patched in Chrome’s v8 JavaScript engine. The security update is part of the new Chrome version 77. The threat actors could abuse the bug to run malicious code inside Chrome.

Vulnerable Microsoft Teams
A bug in Microsoft Teams can allow attackers to execute a malicious payload using a mock installation folder. The problem affects most Windows desktop apps that use the Squirrel installation and framework with NuGet packages. This includes WhatsApp, Grammarly, GitHub, Slack, and Discord. 

Telegram fixes a bug
Messaging app Telegram has fixed a bug that allowed users to recover photos and videos unsent by other people. Described as a privacy issue, a security researcher found that the Android version of telegram would permanently store photos and videos on the device’s internal storage even after the user had removed the messages from their device.  

Vulnerable Crimson software
All versions prior to 3112.00 release of Crimson programming software are affected by four types of vulnerabilities. The vulnerabilities are CVE-2019-10996, CVE-2019-10978, CVE-2019-10984, and CVE-2019-10990. Red Lion has patched the issues with Crimson 3.1 version 3112.00 release.

Top Scams Reported in the Last 24 Hours

IRS impersonation scam
The Internal Revenue Service is warning citizens about tax-related frauds and scams that are conducted through phishing emails. Taxpayers are being notified that scammers are impersonating IRS agents and sending emails related to a tax refund, electronic return, or sensitive financial information. The purpose of these scams is to trick users into handing over their personal and financial details. Thus, users should be wary of such unsolicited emails and should never share their sensitive information.


ramnit banking trojan
nemty ransomware
telegram app
amadey trojan

Posted on: September 10, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.