Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Apr 30, 2020

The prolific Aggah campaign, which was previously believed to be associated with the Gorgon APT group, has been upgraded with additional attack vectors. The new campaign delivers a variety of RATs like Agent Tesla, njRAT, and Nanocore RAT as final payloads of the infection process.

A new Android malware called EventBot has been found targeting Android phone users in an attempt to steal passwords for banking apps and cryptocurrency wallets. The malware is capable of siphoning off passwords from over 200 banking and cryptocurrency apps.

The notorious Trickbot trojan also made a comeback in a phishing campaign that leveraged the Family and Medical Leave Act (FMLA) to create a lure around COVID-19. The trojan was distributed via emails that appeared to come from the US Department of Labor (DoL)

Top Breaches Reported in the Last 24 Hours

Online services leak email data

Websites of multiple online services and products have been found leaking email data of their customers to third-party advertising and analytics companies like Google, Facebook, Twitter, Mixpanel, and Drawbridge. The affected websites include Quibi.com, JetBlue.com, KongHQ.com, NGPVan.com, Mailchimp’s Mandrill.com, WashingtonPost.com, and Wish.com.

Chegg attacked

A data breach at Chegg allowed attackers to steal 700 records associated with current and former employees. Those records included individuals’ PII.

Top Malware Reported in the Last 24 Hours

New Trickbot campaign

A new Trickbot campaign that targets email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL), has been uncovered. The campaign leverages the Family and Medical Leave Act (FMLA) to create a lure around COVID-19, in order to distribute the trojan.

Upgraded Aggah campaign

Researchers have observed a new version of Aggah malspam campaign that delivers a variety of trojans like Agent Tesla, njRAT, and Nanocore RAT. The trojans are distributed through malicious Microsoft Office documents included in spam emails. This upgraded version of the campaign uses an additional .NET binary to disable protection and detection mechanisms on infected points.

New EventBot Android malware

EventBot is a newly discovered Android malware that targets banking apps and cryptocurrency wallets. The malware masquerades as legitimates apps like Adobe Flash or Microsoft Word. The malware is capable of siphoning off passwords for more than 200 banking and cryptocurrency apps like PayPal, Coinbase, CapitalOne, and HSBC.

Top Vulnerabilities Reported in the Last 24 Hours

Salt configuration tool patches flaws

The Salt configuration tool has patched two vulnerabilities - CVE-2020-11651 and CVE-2020-11652 in the new version of Salt 3000,2. The flaws exposed Salt installations to attackers, which could be abused to take control of the tool.

Chrome 81.0.4044.129 released

Google has released Chrome version 81.0.4044.129 to address two use-after-free vulnerabilities - CVE-2020-6461 and CVE-2020-6462. While the former exists in storage, the latter exists within task scheduling.

Flawed LMS plugins

Three e-learning WordPress plugins - LearnPress, LearnDash, and LifterLMS - were found to be riddled with security flaws that could permit students and unauthenticated users to pilfer personal information of registered users. The flaws could also be exploited to attain teacher-level privileges. The LMS systems have released patches to address the issues.

Related Threat Briefings