Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence July 20, 2021 - Featured Image

Daily Threat Briefing Apr 20, 2021

The infamous Lazarus APT is on a roll in 2021. After launching a series of new malware from its kit, the North Korean hacker group has now come up with an evasion technique that was observed in a recent phishing attack. The technique involved concealing a malicious loader within the BMP image which ultimately deployed a RAT.

Meanwhile, the evolution in phishing campaigns targeting Facebook users has put researchers in worry. A worldwide scam that targets Facebook Messenger users across 80 countries has been launched in full force to harvest credentials. The catch is that the scam lures users with ads promoting fake versions of the Messenger app. Facebook is not alone, threat actors are also impersonating several other brands, such as Microsoft Store and Spotify, to distribute an information-stealing trojan called Ficker.

Top Breaches Reported in the Last 24 Hours

Update on Codecov breach

More details have emerged on the recent Codecov system breach. During the investigation, the U.S. federal authorities have linked the breach to the recent SolarWinds attack, which is attributed to the Russian Foreign Intelligence Service (SVR). Codecov had suffered a supply-chain attack that went undetected for over 2 months.

Top Malware Reported in the Last 24 Hours

Purple Fox malware attacks

Threat actors are leveraging brute force attacks to target the SMB protocol with an aim to distribute the Fox malware. The new SMB attack method is especially concerning as Purple Fox no longer requires user interaction to propagate.

Ficker malware

Threat actors are promoting sites impersonating Microsoft Store, Spotify, and an online document converter to distribute an information-stealing malware called Ficker. Using this malware, attackers can steal saved credentials in web browsers, desktop messaging clients (Pidgin, Steam, Discord), and FTP clients.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress releases patches

WordPress has released version 5.7.1 of its popular CMS, which includes fixes for two security vulnerabilities. The flaws are tracked as CVE-2021-29447 and CVE-2021-29450. While the former is an XML External Entity vulnerability in the ID3 library in PHP 8, the latter affects REST API, leading to the loss of sensitive data.

Top Scams Reported in the Last 24 Hours

Facebook Messenger scam

Researchers have detected a large-scale scam campaign targeting Facebook Messenger users in over 80 countries. The ultimate goal of the campaign is to pilfer login credentials from users by distributing ads promoting a fake version of Facebook Messenger. The first incident of the scam came to the light in 2020. To draw users’ attention, fraudsters registered accounts with names mimicking the real Messenger app and used the official logo as their profile picture.

Google Alerts for scam

Google Alerts has long been abused for scams and malware attacks. The service is heavily used by scammers to redirect users to fake adult sites, fake dating apps, sweepstake scams, and unwanted browser extensions. Such attacks are launched by sending fake Google Alert URLs to unsuspicious users.

Related Threat Briefings