Go to listing page

Cyware Daily Threat Intelligence, May 17, 2022

Cyware Daily Threat Intelligence, May 17, 2022

Share Blog Post

The world of malware keeps gaining new entrants that exploit human neglect and machine vulnerabilities to infect systems. Today, we report on the FaceStealer spyware that was found being propagated via more than 200 Android apps under fitness, photo editing, and other categories on Google Play Store. The second addition to the malware world was in the form of a custom PowerShell-based trojan being used to target German users looking for fresh updates on the Ukraine crisis.

Adding to the attack surface for smartphone users, academic researchers discovered a novel attack against iPhones that can allow one to load malware even when the phone is turned off. Meanwhile, an already patched Microsoft SharePoint bug was found to be still open to exploits to conduct remote code execution attacks.

Top Breaches Reported in the Last 24 Hours

RefuahHealth discloses network hack
RefuahHealth, a New York-based federally qualified health center, notified 260,740 patients that their personal and protected health information (PHI) was stolen during a May 2021 breach. The network intrusion, which lasted two days, resulted in the theft of some of the patients’ personal data, Social Security numbers, driver’s licenses, state IDs, financial details, Medicare and Medicaid numbers, medical records, and health insurance policy numbers.

Costa Rica reeling under cyber assault
The number of Costa Rica government entities hit by disruptive cyberattacks has grown to 27 in the past month, according to President Rodrigo Chaves. The attacks have severely impacted the foreign trade and tax collection processes conducted by the government. 

Adtech user data leak
In its new report, the Irish Council for Civil Liberties (ICCL) claimed that the use of online users’ data in real-time bidding (RTB) systems employed for tracking and ad targeting resulted in a massive data breach. The ICCL claimed that RTB broadcasts users’ browsing history and their real-world location 294 billion times in the U.S. and 197 billion times in Europe every day.

Top Malware Reported in the Last 24 Hours

Malware attackers abuse Ukraine crisis
Analysts at Malwarebytes discovered an attack campaign targeting German users looking for updates on the current situation in Ukraine. The campaign aims to infect users with a custom PowerShell RAT delivered through a CHM file download on a fake website that appeared to belong to the state of Baden-Württemberg.

FaceStealer spyware targets Android users
Trend Micro researchers observed more than 200 apps on the Google Play Store that were found delivering the Facestealer spyware. The spyware aims to steal users’ passwords while being disguised in the form of apps related to fitness, photo editing, and other categories.

Top Vulnerabilities Reported in the Last 24 Hours

Apple addresses zero-day flaw
Apple released security updates to address a zero-day vulnerability stemming from an out-of-bounds write issue (CVE-2022-22675) in the AppleAVD, a kernel extension for audio and video decoding. AppleAVD allows apps to execute arbitrary code with kernel privileges. The flaw was fixed with the release of macOS Big Sur 11.6., watchOS 8.6, and tvOS 15.5.

Microsoft SharePoint RCE bug
A security researcher uncovered a method to exploit a recently patched deserialization flaw in Microsoft SharePoint to conduct stage remote code execution (RCE) attacks. Microsoft patched the flaw, identified as CVE-2022-29108, in May’s Patch Tuesday updates. The researcher found that another bug in Microsoft SharePoint Server, tracked as CVE-2022-22005, could be used to trigger the same attack.

New Threat in Spotlight

New attack against iPhones
Academics from the Technical University of Darmstadt analyzed the iOS Find My function and discovered a new attack surface that could allow attackers to tamper with the firmware and load malware onto the Bluetooth chip even when an iPhone is turned off. This is possible due to the functioning of wireless chips in the Low Power Mode (LPM) while iOS is shut down.


powershell rat
microsoft sharepoint
ios vulnerability
zero day vulnerability

Posted on: May 17, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite