Go to listing page

Cyware Daily Threat Intelligence, November 16, 2021

Cyware Daily Threat Intelligence, November 16, 2021

Share Blog Post

Emotet returns, ten months after law enforcement takedown and seven months after the mass-uninstall operation. A new attack campaign observed by researchers reveals that the threat actors are piggybacking on TrickBot to launch a new variant of Emotet. The new variant takes the form of a DLL file, with the first deployment detected on November 14. 

In another new threat discovered, researchers took the wraps off a new Android trojan named SharkBot. So far, the malware has struck a total of 27 targets that includes 22 banks in Italy and the U.K. Meanwhile, a new threat actor group that leaks data on the public forum instead of demanding ransom for the same has surfaced on the threat landscape. Dubbed Moses Staff, the gang uses a custom PyDCrypt malware to encrypt devices after stealing the files.     

Top Breaches Reported in the Last 24 Hours

Alibaba ECS hijacked
Threat actors have been found hijacking Alibaba Elastic Computing Service (ECS) instances to launch cryptominers. For this, they are exploiting known vulnerabilities or any misconfiguration issues to get into the network. 

Moses Staff strikes attacks
A new threat actor group, Moses Staff, has claimed responsibility for numerous attacks against Israeli entities. As part of the attack process, the gang appears to infiltrate networks and encrypt files and then leak the stolen copies to the public.   

Top Malware Reported in the Last 24 Hours

Emotet returns
Threat actors behind the Emotet trojan are leveraging Trickbot to launch a new variant of the trojan. The malware variant takes the form of a DLL file to trick users. The attack campaign marks the return of Emotet after nearly a year of the takedown of its infrastructure.  

New SharkBot trojan
A new Android trojan dubbed SharkBot has ensnared the apps of as many 27 banking and investment organizations across Italy, the U.K, and the U.S. The malware, which is still under development, is being distributed via fake media players, live TV, or data recovery apps. 

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Lantronix
Multiple vulnerabilities discovered in Lantronix’s PremierWave 2050 can allow attackers to carry out a range of malicious attacks, including executing arbitrary code and deleting files on the targeted device. The flaws have been fixed in version of the Lantronix PremierWave 2050.

New WF attack
A new analysis of Website Fingerprint (WF) attacks aimed at the Tor browser revealed that it can allow attackers to steal sensitive details from a website. The attack can be achieved by building a circuit that traverses via an entry, middle, and exit relay before the request is sent to the destination IP addresses.  

Top Scams Reported in the Last 24 Hours

Scammers target TikTokers
More than 125 people and businesses associated with TikTok were targeted in a recent phishing campaign that allowed scammers to take control of their accounts. The victims include talent agencies, brand-consultant firms, social media production studios, and influencer management firms. The scammers leveraged phishing emails and WhatsApp to send out a false alert to the targets.  


trickbot malware
moses staff
emotet attack
website fingerprint wf attacks

Posted on: November 16, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite