Go to listing page

Cyware Daily Threat Intelligence, May 05, 2021

Cyware Daily Threat Intelligence, May 05, 2021

Share Blog Post

A sophisticated phishing campaign has left various organizations worldwide at the risk of three newly discovered malware strains. Named DOUBLEDRAG, DOUBLEDROP, and DOUBLEBACK, these malware were part of an attack campaign that was carried out by a new financially motivated threat actor group, UNC2529.

A new instance of a never-seen-before cryptocurrency stealer has also caught the attention of researchers. Called Panda Stealer, the malware is being spread through a global spam campaign that leverages Discord as one of its infection channels. Researchers have also tracked the presence of a banking trojan, Javali, that focuses on Brazilian targets.

A pool of security patches released by Google for Android operating systems is sure to bring a cheer amid all these threat incidents.

Top Breaches Reported in the Last 24 Hours

DDoS attack on Belgium organizations
More than 200 organizations in Belgium were affected by a DDoS attack that took the country’s internet offline. The affected organizations include government, parliament, universities, and research institutes. It’s unclear who was behind the attack, but federal authorities are investigating the matter.

USAGM discloses a breach
The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries. The data breach was the result of a phishing attack that took place in December 2020.

Twilio impacted
Twilio is the latest victim of the Codecov supply chain attack. Codecov had suffered a supply-chain attack that lasted for two months. During these two months, threat actors modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables such as keys, tokens, and credentials.

Telstra hacked
Avaddon ransomware gang claimed to have stolen tens of thousands of SIM cards belonging to the telecom giant Telstra. The compromised information includes both the banking and personal details of users.

Top Malware Reported in the Last 24 Hours

Three new malware
Three new malware DOUBLEDRAG, DOUBLEDROP, and DOUBLEBACK have been associated with a massive cyberespionage campaign that targeted many organizations in the U.S. Launched via phishing emails, the attacks were carried out by a new financially motivated threat actor group dubbed UNC2529.

Panda Stealer
A new cryptocurrency stealer variant, Panda Stealer, is being spread through a global spam campaign that leverages Discord channels as one of its infection channels. The malware has been found targeting individuals across the U.S., Australia, Japan, and Germany.

Javali trojan spotted
A malware tracked as Javali, is being widely used to target users not just in Brazil, but in the wider Latin America and Europe. The malware is distributed via phishing emails that pretend to be a delivery notice.

Top Vulnerabilities Reported in the Last 24 Hours

Google’s Patch Tuesday
Google’s May 2021 Patch Tuesday includes updates for 42 vulnerabilities affecting the Android operating system. The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker to execute arbitrary code within the context of a privileged process. Around 29 of these flaws affect framework, kernel, AMLogic, ARM, MediaTek, Unisoc, Qualcomm, and Qualcomm closed-source.

Exim patches 21 vulnerabilities
The maintainers of Exim have released patches for as many as 21 vulnerabilities that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named 21Nails, the flaws affect millions of email servers.

Pulse Secure issues a fix
Pulse Secure has issued a fix for a critical zero-day vulnerability that was exploited in the wild by at least two Chinese APTs. The flaw is tracked as CVE-2021-22893 and has been used to attack U.S. defense, finance, and government organizations, as well as victims in Europe.


javali trojan
panda stealer
doubledrop dropper
doubleback backdoor

Posted on: May 05, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite