Go to listing page

Cyware Daily Threat Intelligence, January 06, 2021

Cyware Daily Threat Intelligence, January 06, 2021

Share Blog Post

Advanced threats are constantly evolving, with malware threats being the biggest of them all. In the past 24 hours, researchers unearthed two new malware with sophisticated capabilities. One of them is the Babuk Locker ransomware that has infected at least five organizations around the world, since the beginning of 2021. The other is dubbed ElectroRAT that targets Windows, Linux, and macOS systems with an aim to steal cryptocurrencies.

A malspam campaign that lured victims into downloading QNode RAT was also uncovered in the last 24 hours. Phishing emails were leveraged to reach targeted users.     

Top Breaches Reported in the Last 24 Hours

New supply chain attack reported
North Korean hacking group Thallium aka APT37 has targeted the users of a private stock investment messenger service in a software supply chain attack. As part of the attack, the attackers used tainted Windows installers and macro-laden Office documents to prey on investors. 

AMEX cardholders data leaked
A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum, the actor claims to sell other data related to Santander and Banamex. The data exposed includes names, full addresses, phone numbers, and dates of birth of customers. 

Top Malware Reported in the Last 24 Hours

Babuk Locker ransomware
Babuk Locker is the new and first ransomware of 2021. For encryption, it uses SHA256 hashing, ChaCha8, and Elliptic-curve Diffie-Hellman algorithm to protect its keys and encrypt files. When launched, it abuses the Windows Restart Manager to spread across network resources. The ransom demand ranges between $60,000 and $85,000 in Bitcoin. 

New ElectroRAT malware
Researchers have detected a new RAT named ElectroRAT that is capable of targeting Windows, Linux, and macOS. Written in Go language, the malware spreads via dedicated online forums and social media platforms where attackers lure cryptocurrency owners to download trojanized applications.  

QRAT malware
A new malspam campaign that purports to contain an inappropriate video of the U.S. President has been found distributing QRAT malware. The email goes with the subject line, “GOLD LOAN OFFER!” and includes a jar file, which when downloaded installs the malware.

Top Vulnerabilities Reported in the Last 24 Hours

Citrix releases firmware updates
Citrix has released firmware updates for its Application Delivery Controller (ADC) and Gateway products to prevent threat actors from abusing appliances to launch DDoS attacks. The update comes after Citrix reported DDoS attacks on its devices.
Top Scams Reported in the Last 24 Hours

Ongoing phishing scam
The Australian government has warned of an ongoing campaign that impersonates the Australian Cyber Security Center (ACSC) in an attempt to infect targets and steal banking information. The potential victims are lured into installing remote sharing and desktop sharing software that are sent via emails.   


babuk locker ransomware
qnode rat

Posted on: January 06, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite