Cyware Daily Threat Intelligence

Daily Threat Briefing • Aug 18, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Aug 18, 2022
Android 13 is here but cybercriminal groups continue to give stiff competition to developers behind the new update. Security analysts have discovered a dropper app explicitly designed to crush new features in the latest version of Android. Speaking of malware, researchers warned against a highly pervasive .NET-based crypter, dubbed DarkTortilla. It is capable of delivering different payloads ranging from AgentTesla, NanoCore, and AsyncRat to RedLine Stealer. It has been active since 2015.
Meanwhile, Apple has issued a warning to patch two security holes that are already being used to attack iPhones. Both can allow arbitrary code execution, but one of them is through kernel privileges and the other is via maliciously crafted web content in WebKit.
Argentinian agribusiness compromised
Aceitera General Deheza (AGD), an Argentinian agribusiness, revealed it detected an intrusion that resulted in some of its operations being interrupted. Officials said that the hackers requested a significant ransom amount in cryptocurrencies to release the data. At the same time, they claimed to recover all the data from the backup system.
Blackbyte’s new leak site and extortion technique
BlackByte ransomware announced the release of version 2.0 of their data leak site on Twitter. Experts are unsure whether the ransomware encryptor has also been upgraded or not, but it now boasts a new extortion technique that allows the victim to pay if they wish to remove their data while offering other threat actors to buy it.
DarkTortilla - An overlooked threat
Secureworks’ Counter Threat Unit (CTU) disclosed details about a sneaky crypter, named DarkTortilla. Active since at least August 2015, it can deliver popular information stealers and remote access trojans, including AgentTesla, AsyncRat, NanoCore, and RedLine. “Researchers often overlook DarkTortilla and focus on its main payload,” emphasized CTU.
Can BugDrop circumvent Android 13 security?
Cyber adversaries are reportedly attempting to bypass a new 'Restricted setting' security feature in Android 13. The feature, introduced by Google, blocks sideloaded applications from requesting Accessibility Service privileges. Analysts at Threat Fabric revealed that malware authors are already at work and have developed a dropper that is in its early stage, dubbed BugDrop, to breach the security.
Malicious apps with 2 million downloads
Bitdefender laid bare 35 malicious applications on the Google Play Store, copying the original ones by altering their names and icons. Cybercriminals use these apps to bombard devices with ads, which leads victims to infected websites or links that drop additional malware on devices. These apps were downloaded nearly two million times.
Apple urges immediate patch
Apple released updates for a trio of operating systems fixing multiple bugs that, according to the firm, may have been actively exploited in the wild. The first issue is a bug in the iPhone Kernel tracked as CVE-2022-32894. The second bug, CVE-2022-32893, was found in WebKit, the browser engine that powers Safari. The firm has released the macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates to be installed as soon as possible.