Go to listing page

Cyware Daily Threat Intelligence, February 23, 2023

Cyware Daily Threat Intelligence, February 23, 2023

Share Blog Post

Game piracy is illegal! Still, plenty of folks continue to take a chance and risk falling prey to a variety of cybercrimes. Operators of ChromeLoader malware are distributing the malware using VHD files that are camouflaged as cracks for Nintendo and Steam games. In other news, hundreds of Facebook and YouTube users were impacted by a malware campaign that lured users with adult-themed content. The actor drops an info-stealer, dubbed S1deload Stealer, on the victims’ devices. It claimed most of the victims in Romania, Turkey, Mexico, Peru, France, Bangladesh, and Canada. 

Loving ChatGPT? Stay cautious. Cybercriminals have started capitalizing on the craze of OpenAI’s ChatGPT. Different researchers have highlighted malware distribution through fake Windows desktop clients and bogus payment portals that assure ChatGPT Plus subscription.

Top Breaches Reported in the Last 24 Hours

OyeTalk blurts out user data
A famous Android voice chat app, OyeTalk, was found exposing private user data, including usernames, unencrypted chats, and cellphone IMEI numbers. The app, which has over five million downloads on Google Play, has leaked nearly more than 500MB of sensitive data owing to unprotected access to Firebase. 

Two healthcare facilities attacked
Over one million patients of CentraState Healthcare System, New Jersey, and Cardiovascular Associates, Alabama, were impacted by two distinct data breaches. Threat actors were able to extract sensitive PHI data of the patients, such as names, addresses, SSNs, medical record numbers, insurance data, and more. Both hacks originally were discovered last December.

Produce giant shuts down
A cyberattack directed at food giant Dole has crippled its production plants in North America and disrupted food shipments to grocery stores. A source familiar with the incident claimed that it’s a ransomware attack. Dole has four processing plants in the U.S. and employs over 3,000 people.

Medical and shipping organizations on hackers' list
Asia's shipping lines and medical research facilities are the targets of a new threat actor dubbed Hydrochasma. The hacker group was observed using only the publically available and living-off-the-land tools. The activity has not been connected to any previously known cybercrime organization. Furthermore, researchers surmise that hackers could be interested in businesses that are working around COVID-19-related drugs or vaccination.

Top Malware Reported in the Last 24 Hours

Adult lures drop S1deload Stealer
Experts at Bitdefender disclosed an active malware campaign targeting Facebook and YouTube users with S1deload Stealer, using adult themes as bait. The new information stealer compromises user credentials and exploits system resources to mine BEAM cryptocurrency. The malware has the ability to propagate its malicious links to a compromised user’s followers. Between July and December 2022, about 600 individuals fell victim to it.

Games’ hacks invite troubles
Cracks for Nintendo and Steam games on the internet were found infecting gamers with ChromeLoader. The discovery by ASEC’s AhnLab revealed the adversaries are distributing VHD files with filenames that are identical to the aforementioned games. ChromeLoader is an adware that performs malicious behaviors through a Chrome extension.

41 typosquatted PyPI packages 
ReversingLabs experts warned of “imposter packages” on the PyPI repository that merely typosquatted variants of legitimate packages, such as HTTP, urllib, AIOHTTP, requests, and urllib3. Researchers have spotted 41 such modules that either hide downloaders capable of delivering second-stage payloads or info-stealers to exfiltrate confidential data such as tokens and passwords.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches bugs in ACI relation solutions
Cisco fixed a pair of high-severity flaws identified as CVE-2023-20011 and CVE-2023-20089. While the first flaw concerns the management interface of the Cisco Application Policy Infrastructure Controller (APIC) and Cloud Network Controller, the other bug affects Cisco Nexus 9000 series Fabric switches in ACI mode. The components face threats including CSRF attacks and DoS attacks, respectively.

ConnectWise bug under attack
Cyber adversaries exploited a critical bug in ConnectWise’s R1Soft Server Backup Manager software to infect hundreds of servers with backdoors. The vulnerability, tracked as CVE-2022-36537, allows an attacker to run arbitrary code or directly access private data. The bug was patched in the Recover and R1Soft Server Backup Manager products of ConnectWise in late October 2022.

Top Scams Reported in the Last 24 Hours

Fake npm modules
Hackers spammed the npm repository with more than 15,000 packages in the hope of distributing phishing links. Hackers created these packages using automated processes, through auto-generated names and project descriptions that closely resembled one another. The bogus modules had names like "free-tiktok-followers," "free-xbox-codes," and "instagram-followers-free."

ChatGPT turns a threat
Get careful around the use of OpenAI's ChatGPT chatbot now as cybercriminals have started taking advantage of the hype around it. Security researcher Dominic Alvieri reported hackers attempting to infect visitors with the Redline info-stealing malware by posing as a download for a ChatGPT Windows desktop client. He also witnessed fake ChatGPT apps coercing users into installing bogus software. Meanwhile, Cyble stumbled across a landing page to steal visitors’ credit card data by offering them a payment portal to purchase ChatGPT Plus.


fake packages
pypi repository
cisco application policy infrastructure controller apic
centrastate healthcare system
cardiovascular associates
s1deload stealer

Posted on: February 23, 2023

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite