Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 1, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 1, 2024
Cybersecurity experts are on high alert as BingoMod, a new Android malware disguised as a security app, is sweeping through devices via SMS phishing, emptying bank accounts, and leaving a trail of wiped devices in its wake.
On the vulnerability front, Apple has released critical security updates across iOS, macOS, tvOS, visionOS, watchOS, and Safari, patching 35 flaws in iOS 17.6 and 70 flaws in macOS Sonoma 14.6, to protect users from potential threats.
Online shoppers beware: the ERIAKOS fraud operation is luring unsuspecting buyers with over 600 fake stores on Facebook, promising deep discounts on brands like Nike and Apple, while stealing personal and financial information.
New Android threat unveiled
A new Android malware named BingoMod has been discovered by researchers, which not only steals money from victims' bank accounts using on-device fraud but also wipes devices clean. The malware is distributed through text messages, posing as a legitimate mobile security tool, and can steal up to 15,000 EUR (~$16,200) per transaction. The malware, under active development, is distributed in SMS phishing campaigns under various names related to mobile security tools.
Malvertising campaign spreads DeerStealer
Google ads are being used to promote fake Google Authenticator sites that install malware on users' devices. The fake Google Authenticator ads lead users to a series of redirections to the malicious landing page at chromeweb-authenticators[.]com, which imitates a legitimate Google portal. The executable file is signed by legitimate companies, potentially bypassing security solutions on Windows systems to deploy the DeerStealer malware, which steals sensitive information from web browsers.
DEV#POPPER campaign goes cross-platform
North Korea-linked malware campaign, known as DEV#POPPER, is targeting software developers on Windows, Linux, and macOS systems. The campaign has targeted victims in South Korea, North America, Europe, and the Middle East. The attackers use social engineering tactics to trick developers into downloading malicious software disguised as job interview materials. The malware, named BeaverTail, is designed to steal sensitive information by establishing contact with a remote server and downloading additional payloads, such as a Python backdoor called InvisibleFerret.
Apple issues numerous patches
Apple has rolled out security updates for iOS, macOS, tvOS, visionOS, watchOS, and Safari to address numerous vulnerabilities. The updates include fixes for 35 security flaws in iOS 17.6 and iPadOS 17.6, as well as patches for nearly 70 vulnerabilities in macOS Sonoma 14.6. Third-party components such as libtiff and ANGLE engine were also fixed in the updates. Safari 17.6 was released with patches for nine bugs. The fixes are also available for older devices with iOS 16.7.9 and iPadOS 16.7.9 updates.
Chrome 127 fixes three flaws
Google has enhanced cookie security in Chrome on Windows with the release of Chrome 127, addressing critical and high-severity vulnerabilities. The update includes improvements to cookie protections and resolves three security flaws reported by external researchers. The most severe vulnerability, CVE-2024-6990, involves an uninitialized use issue in Dawn. The other two high-severity bugs are an out-of-bounds read in WebTransport (CVE-2024-7255) and insufficient data validation in Dawn (CVE-2024-7256). Google has not found any evidence of these vulnerabilities being exploited in the wild.
CISA adds VMware ESXi bug to KEV catalog
CISA has added a VMware ESXi bug, an authentication bypass vulnerability tracked as CVE-2024-37085, to its Known Exploited Vulnerabilities catalog. Recently, Microsoft warned that ransomware gangs are exploiting this flaw to gain full administrative access to ESXi hypervisors. Patches have been released for ESXi 8.0 and VMware Cloud Foundation 5.x, but older versions like ESXi 7.0 and VMware Cloud Foundation 4.x are not planned to be patched. CISA has ordered federal agencies to address this vulnerability by August 20, 2024, to protect against potential attacks.
E-commerce fraud ring discovered
An online fraud operation known as "ERIAKOS" is promoting over 600 fake online stores through Facebook ads in an attempt to steal personal and financial information from visitors. These sites, which offer products from popular brands like Nike and Apple at highly discounted prices, are accessible only through mobile devices to evade security scans and utilize fake user testimonials to lure in potential buyers. Recorded Future uncovered the ERIAKOS operation and suspects its origin in China based on the domain registrar and payment providers used. While many of the sites have been taken down, the campaign continues to generate new ads for freshly created sites.