Go to listing page

Cyware Daily Threat Intelligence, July 19, 2022

Cyware Daily Threat Intelligence, July 19, 2022

Share Blog Post

A report on the Roaming Mantis threat actor has shed light on its notorious activities in France. Cybercriminals are using SMS communication to lure iOS and Android users to phish their credentials. The threat landscape witnessed another macOS malware in the form of CloudMensis. It is named so because hackers are exploiting public cloud storage platforms, including pCloud, Yandex Disk, and Dropbox, to communicate and control their attacks.

Irrespective of the volatility of the market, crypto scams continue to soar. A new alert by the FBI is cautioning users against downloading malicious apps for investing in cryptocurrency assets. Hackers are operating under fraudulent company names to lure potential investors.

Top Breaches Reported in the Last 24 Hours

Indian flight booking platform breached
An unknown number of victims suffered a breach of their personal data via a popular Indian flight booking site Cleartrip. Hackers allegedly posted stolen files on a private dark web forum. Users were informed that no sensitive data related to their account has been compromised. The firm further suggested users change their passwords for security reasons.

Colorado city fell victim to ransomware attack
The Frederick City Police Department confirmed that a ransomware attack had targeted the town government. The revelation came after the LockBit group listed details about 15,000 affected residents on its leak site. Officials claim that hackers could not infiltrate their secure network.

Top Malware Reported in Last 24 Hours

Pegasus back in headlines
Citizen Lab has found that at least 30 Thai activists, academics, lawyers, and NGO workers, were targeted by the Pegasus spyware. Such attacks continued for over a year. The attacks came to notice after Apple shared threat notifications to alert users about falling victims to state-sponsored attackers.

Roaming Mantis goes to France 
Researchers from SEKOIA highlighted that Roaming Mantis (nothing to do with Mantis botnet) has been targeting Android and iOS users in France to harvest their sensitive data and money. It is dropping the powerful XLoader (MoqHao) payload on Android devices. Roaming Mantis has previously launched attacks in Germany, Taiwan, South Korea, Japan, the U.S., and the U.K.

macOS spyware abuses public cloud storage
CloudMensis is stealing sensitive data from victims by exploiting flaws in macOS systems. Adversaries use public cloud storage services to communicate with operators. ESET researchers said that they use services, such as pCloud, Yandex Disk, and Dropbox, to receive commands and exfiltrate files. 

Top Vulnerabilities Reported in the Last 24 Hours

‘Important’ zero-days in Siemens
Fortinet researchers reported three zero-days in Siemens JT2Go and Teamcenter Visualization. The bugs, tracked as CVE-2022-28807, CVE-2022-28808, and CVE-2022-28809, are memory corruption vulnerabilities in the Open Design Alliance Drawings SDK. Abuse of these flaws can crash impacted applications or lead to data exposure.

Top Scams Reported in the Last 24 Hours

Crypto investors on the target
The FBI issued a warning against cybercriminals distributing fake cryptocurrency investment applications to crypto enthusiasts in the U.S. They make users install fake apps and deposit funds into wallets allegedly associated with the victims' accounts. According to estimates, cybercriminals have already pilfered roughly $42.7 million from 244 investors through this trick.


fbi warning
yandex disk
siemens jt2go
pegasus spyware
android and ios users
zero days
crypto scams
crypto investment scams
roaming mantis
frederick city police

Posted on: July 19, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite