Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 16, 2021

Another day, another instance of cryptojacking attack. The notorious Lazarus APT is on a new mission to steal cryptocurrency using a never-before-seen tool, dubbed BTC Changer. Researchers have identified three compromised websites that contain the tool.

The story does not end here. In an interesting discovery, the operators of HackBoss have been found distributing the cryptocurrency-stealing malware over Telegram under the guise of free malicious applications. The motive is to distribute the malware to as many threat actors as possible.

Attackers are also honing their skills to launch more sophisticated supply chain attacks and the latest target is Codecov. The firm disclosed that its networks were under the control of attackers for nearly three months, during which they easily pilfered customers’ credentials.

Top Breaches Reported in the Last 24 Hours

Celsius Network breached

Cryptocurrency rewards platform Celsius Network has disclosed a security breach that ultimately led to a phishing attack. The attack occurred after a third-party marketing server was compromised and threat actors gained access to a partial customer list.

Codecov under supply chain attack

Software company Codecov has disclosed a two and half month long supply chain attack that enabled threat actors to collect customer credentials, tokens, and keys. The attackers had gained access to the Bash Uploader script on January 31 and made changes to malicious code frequently.

Top Malware Reported in the Last 24 Hours

HackBoss spotted

The malware authors of HackBoss are distributing the cryptomining malware to other aspiring cybercriminals by concealing it in free malicious applications over Telegram. The malware comes packed in a ZIP file with an executable that launches a simple user interface.

Cryptojacking attack

XMRig miner has returned in an ongoing cryptojacking attack that targets Nagios XI software vulnerable to a remote code execution vulnerability. The flaw is tracked as CVE-2021-25296 and impacts version 5.7.5 of the software.

BTC Changer

Lazarus APT is back in action with a new tool dubbed BTC Changer to mine cryptocurrency. So far, researchers have detected three websites that contain the tool.

Gafgyt improved

A new version of Gafgyt botnet that includes new approaches to compromise IoT devices has been uncovered by researchers. Along with several new exploits, the latest variant has incorporated several Mirai-based modules.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Juniper devices patched

A critical vulnerability patched recently in Junos operating system could allow an attacker to remotely hijack or disrupt devices. The hole, tracked as CVE-2021-0254, is executed by sending a specially crafted packet to users.

Google releases 37 fixes

Google has released 37 security fixes for Chrome 90.0.4430.72. Six of these flaws are high-severity vulnerabilities, 10 are rated medium, and three are rated low.

Related Threat Briefings