Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 12, 2021

Supply chain attacks through malicious apps are on a spree. The notorious Joker malware has made a comeback in one such incident, affecting more than 500,000 Huawei users. The malware was distributed via apps pretending to be virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.

Meanwhile, a widely popular app store for Android platform, APKPure has been infected with an adware that could download Triada trojan on users’ phones. The attackers managed to inject the adware by compromising the 3.17.18 version of the app store. In other news, federal authorities urge organizations to apply security patches immediately as the attacks leveraging vulnerable Fortinet VPN continue to remain a threat.

Top Breaches Reported in the Last 24 Hours

Supply chain attack

APKPure, one of the largest app stores, has fallen victim to a supply chain attack. Threat actors managed to launch the attack by compromising client version 3.17.18 to deliver malware dubbed Triada. The malware capabilities include hijacking financial SMS transactions and allowing threat actors to download and install payloads without user permission.

**New details about the Facebook data leak **

According to a new report, users in Egypt are the most affected victims of the latest Facebook data leak incident. The private details of around 45 million Egyptians have been leaked following the incident. Overall, a total of 553 million Facebook users from 106 countries have been affected by the incident.

Top Malware Reported in the Last 24 Hours

Return of Joker malware

More than 500,000 Huawei users have been infected with Joker malware that was distributed via apps in AppGallery. A total of ten apps that prompt users to subscribe to premium services contained malicious code for connecting to C2 servers to receive configurations and additional components. The list of malicious applications included virtual keyboards, a camera app, a launcher, an online messenger, a sticker collection, coloring programs, and a game.

Top Vulnerabilities Reported in the Last 24 Hours

Alert issued for Fortinet vulnerability

The National Cyber Security Center (NCSC) has issued an alert about widespread espionage operations that are actively scanning for unpatched vulnerabilities in Fortinet VPNs. The flaw is tracked as CVE-2018-13379 and can enable attackers to remotely access usernames and passwords, and launch malicious activities on the network. Earlier, the CISA and FBI had issued similar alerts about the attacks leveraging Fortinet vulnerability.

Zero-day vulnerabilities explored

Several zero-day vulnerabilities have been identified in Zoom, Apple, Safari, Microsoft, Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu in the Pwn2Own hacking contest. The vulnerabilities range from authentication bypass, local privilege escalation to stack overflow.

Related Threat Briefings