Share Blog Post
Spyware threat on the rise, warns Apple! The tech giant has sent this alert to iPhone users in at least 92 countries. In other headlines, AhnLab found Metasploit Meterpreter installed via Redis vulnerabilities. PrintSpoofer, a privilege escalation tool, was used on a Windows system, followed by Metasploit Stager malware, granting attackers control over the system.
On the bug update, multiple vulnerabilities in Google Chrome were addressed, which posed a risk of arbitrary code execution, impacting various systems. While no exploitation reports exist, users have been urged to update the program to mitigate potential threats. Furthermore, a longstanding cyberespionage group in Asia-Pacific introduced Deuterbear with enhanced evasion tactics like anti-memory scanning and decryption routine.
Top Malware Reported in the Last 24 Hours
Metasploit backdoor abuses Redis service
Experts at ASEC uncovered instances of the Metasploit Meterpreter backdoor infiltrating systems via Redis, an open-source in-memory data structure storage. Threat actors exploited misconfigured or vulnerable Redis instances to implant malware, including PrintSpoofer and Metasploit Stager. PrintSpoofer is deployed using PowerShell or CertUtil to abuse SeImpersonatePrivilege. Subsequently, Metasploit Stager fetches Meterpreter from a C&C server, granting attackers control over infected systems.
Earth Hundun’s campaign drops Waterbear variant
Cyberespionage group Earth Hundun is reportedly deploying a Waterbear variant, in Asia Pacific. Its latest iteration, dubbed Deuterbear, introduces anti-memory scanning and decryption routines, differentiating it from its predecessors. Waterbear's arsenal includes different evasion tactics alongside frequent updates enhancing its loader, downloader, and communication protocol. Notably, attackers utilize internal IP addresses for command-and-control servers, indicating deep knowledge of victims' networks and illustrating the covert nature of their operations.
Apple issues spyware threat notifications
Apple sent alerts to iPhone users in 92 countries, warning them of potential targeting by mercenary spyware attacks. The notifications advise users to take the threat seriously as the company refrained from disclosing attacker identities or affected countries to prevent adaptive behavior. Similar past incidents were linked to NSO Group's Pegasus. The alert comes amid rising concerns about state-sponsored interference in elections within selective countries.
Top Vulnerabilities Reported in the Last 24 Hours
Google Chrome bugs pose serious threat
Google Chrome was found vulnerable to multiple exploits, including out-of-bounds write, heap buffer overflow, and use after free attacks. These could lead to arbitrary code execution, potentially granting attackers extensive system access. The security holes pose a higher risk to the government and business entities, meanwhile, home users face a lower level of risk comparatively. No known exploits have been reported so far.
Tags
Posted on: April 11, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
