Go to listing page

Cyware Daily Threat Intelligence, April 07, 2021

Cyware Daily Threat Intelligence, April 07, 2021

Share Blog Post

Abuse of collaboration applications is reaping benefits for threat actors. As several organizations make significant changes in their remote working arrangements amid the COVID-19 situation, collaboration platforms, like Discord and Slack, have enabled adversaries to conduct several campaigns using RATs, keyloggers, and IoT malware.

In other news, the discovery of new Android malware has raised concerns around mobile security. Two new malware that are capable of harvesting credentials and other data from Android phones are being distributed via fake apps. While one is disguised as the FlixOnline app on Google PlayStore, the other one comes as a pre-installed system update app on Gigaset and Siemens mobile devices.

Top Breaches Reported in the Last 24 Hours

Misconfigured Elasticsearch
A misconfigured Elasticsearch server belonging to Office Depot Europe had leaked nearly one million records. The data exposed from the database included customer names, phone numbers, home and office addresses, and marketplaces logs. In another incident, it was revealed that the European Commission and several other European Union organizations were hit by a cyberattack in March.

Hacker auctions gift cards
A Russian hacker has auctioned close to 900,000 gift cards from 3,010 companies, including Airbnb, Dunkin Donuts, Marriott, Nike, Subway, Target, and Walmart. The information available on these cards included billing addresses, card numbers, expiration dates, and the issuing bank names. Attackers can acquire backend access to online shops through these cards.

Universities affected
The National College of Ireland and the Technological University of Dublin disclosedannounced falling victims to ransomware attacks that affected their IT systems. The universities have currently suspended online classes and investigations are underway.

Top Malware Reported in the Last 24 Hours

Users of Gigaset and Siemens mobile devices are encountering unwanted apps that are downloaded via a pre-installed system update app named com.redstone.ota.ui. The app includes an auto-installer known as Android/PUP.Riskware.Autoins.Redstone. According to researchers, the Update app installs three different versions of a trojan (Android/Trojan.Downloader.Agent.WAGD) that is capable of sending SMS and WhatsApp messages, redirecting users to malicious game sites, and downloading additional malware-laced apps.

New Android malware
A newly discovered Android malware that entices users by promising free Netflix subscription has been found by researchers. The malicious software is disguised as the legitimate FlixOnline application to steal WhatsApp conversation data and spread false information.

Top Vulnerabilities Reported in the Last 24 Hours

Google patches over 30 flaws
Google has patched more than 30 flaws in the Android operating system as part of April Patch Tuesday. The most severe of these is tracked as CVE-2021-0430 and affects Android 10 and 11. Five of these vulnerabilities were addressed in the System component.

Collaboration platforms abused
Attackers have made advances in their tools and techniques to abuse collaboration platforms such as Discord and Slack. Researchers explain that these platforms have been used in several campaigns to deliver a variety of malware such as Agent Tesla, AsyncRAT, Formbook, Lokitbot, Nanocore RAT, Phoenix keylogger, and WSHRAT.

Vulnerable FortiOS VPN exploited
The FBI and CISA have issued a warning that threat actors are actively exploiting critical vulnerabilities in the Fortinet FortiOS VPN to plant backdoors in a bid to steal data and conduct ransomware campaigns. The flaws are tracked as CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.                                                                                                                                                                                                                                        


elasticsearch database
fortinet fortios vpn
collaboration platforms

Posted on: April 07, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite