Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 22, 2021

Messaging apps are increasingly becoming a popular channel to deliver and control malware. In the past 24 hours, researchers have detected the delivery of two new malware via WhatsApp and Telegram. While a new variant of recently discovered Pink malware has been found sending automatic replies to Signal, Telegram, Viber, and Skype through a fake WhatsApp app, the ToxicEye RAT propagated via Telegram can take over file systems, install ransomware, and leak data from victims’ PCs.

Botnets wreaking havoc on connected devices also made headlines in the last 24 hours. Two botnets, detected as Prometei and Pareto, were found being used to mine cryptocurrency and conduct ad fraud respectively.

Top Breaches Reported in the Last 24 Hours

Million credentials on sale

The login credentials for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked on the UAS dark web market. With this massive leak of compromised credentials, researchers claim that it can open doors to numerous attacks against affected organizations.

Top Malware Reported in the Last 24 Hours

WhatsApp Pink malware improved

WhatsApp malware dubbed Pink has now been updated to automatically respond to Signal, Telegram, Viber, and Skype messages. The malware is distributed via a fake version of WhatsApp that claims to be a ‘Pink’ themed version.

Pareto botnet

A botnet dubbed Pareto has been found infecting a massive number of Android devices to conduct fraud in the connected TV advertising ecosystem. The botnet works by spoofing signals within malicious Android mobile apps to impersonate consumer TV streaming products running Fire OS, tvOS, Roku OS, and other prominent platforms.

ToxicEye malware

Hackers are leveraging the popular Telegram messaging app to distribute a RAT named ToxicEye. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The malware can take over file systems, install ransomware, and leak data from victims’ PCs.

Prometei botnet

Prometei botnet is the latest malware to take advantage of the ProxyLogon vulnerabilities. The botnet can allow threat actors to mine cryptocurrencies.

Top Vulnerabilities Reported in the Last 24 Hours

Rockwell Automation releases updates

Rockwell Automation has released firmware updates to address a new set of vulnerabilities found in Stratix switches using Cisco’s IOS XE software. The vulnerabilities are tracked as CVE-2021-1392 and CVE-2021-1403.

Valve fixes a flaw

Game publisher Valve has resolved a critical security flaw in its popular Steam platform that existed for the last two years. Tracked as CVE-2021-30481, the flaw affects every title that uses the Source engine.

Trend Micro flaw actively exploited

Trend Micro has revealed that a threat actor is actively exploiting a flaw found in its antivirus solutions. The flaw (CVE-2021-24557) can be abused to gain admin rights on Windows systems.

Related Threat Briefings