Go to listing page

Cyware Daily Threat Intelligence, January 10, 2022

Cyware Daily Threat Intelligence, January 10, 2022

Share Blog Post

Never ignore the risks of malware attacks that can stem from weaponized USB drives. In a fresh report, the FBI has alerted organizations in the U.S. about a rise in BadUSB attacks that deliver ransomware to unsuspecting organizations. Carried out by the Fin7 threat actor group, the attack has been active since August 2021 and has targeted organizations in the transport, insurance, and defense sectors.

Among other emerging malware threats, a new 5.0 version of Flubot has been found targeting Polish Android users by disguising a Flash Player APK. There’s also an update on the recently found Abcbot botnet which shares similarities with Xanthe cryptocurrency mining malware.

Top Breaches Reported in the Last 24 Hours

BadUSB attacks infect users
According to the FBI, a cybercrime group mailed out USB thumb drives in an attempt to infect users with ransomware. The so-called BadUSB attacks leveraged the name of the U.S. Department of Health and Human Services and Amazon, to trick users with COVID-19-related warnings and gift cards, respectively. Believed to be a work of the Fin7 threat actor group, the malicious drives were being shipped on LILYGO-branded devices and targeted organizations in the transport, insurance, and defense sectors.

Patchwork accidentally exposes its operations
A threat actor group named Patchwork accidentally exposed its tools and infrastructures after it infected its own machine with a new variant of BADNEWS backdoor. The hacking group was using the malware to target faculty members and researchers associated with defense, molecular medicine, and biological science.

39 million records on sale
Around 39 million patient records leaked from Bangkok-based Siriraj Hospital have been offered for sale on a dark web forum. These records contain names, addresses, Thai IDs, phone numbers, gender details, and dates of birth of users.

Top Malware Reported in the Last 24 Hours

Update on Abcbot botnet 
In a new revelation, researchers have associated the Abcbot botnet with a cryptocurrency-mining attack that occurred in December 2020. The infrastructure of the emerging DDoS botnet resembles another Xanthe cryptocurrency mining botnet, following which researchers claim that the Abcbot borrows its code and features from the Xanthe.

FluBot 5.0 spotted
A new version of FluBot malware posing as a fake Flash Player APK has been found targeting Polish users in a new attack campaign. The malware is distributed via a message that contains a link to a video. Upon clicking, the recipients are redirected to a page offering the fake software that delivers the malware.

Malicious dnSpy app identified
A malicious dnSpy app was found targeting developers and cybersecurity researchers, last week. The threat actors’ goal was to steal cryptocurrency miners, and launch RATs. The attack had used multiple SEO techniques to promote the malicious apps.
Top Vulnerabilities Reported in the Last 24 Hours

WordPress issues patches
WordPress has issued patches for four injection-related vulnerabilities. Two of these are SQL injections and affect WordPress versions between 3.7 and 5.8. One of these two affects WP_Meta_Query and the other affects WP_Query. The other two flaws are related to an object injection issue and a cross-site scripting bug.


badnews backdoor
flubot trojan
xanthe cryptocurrency mining malware
badusb attacks
dnspy app
abcbot botnet
patchwork apt

Posted on: January 10, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite