Cyware Daily Threat Intelligence
Daily Threat Briefing • Aug 23, 2023
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Aug 23, 2023
Meet the new information stealer family: Agniane Stealer. Believed to be the brainchild of the MaaS platform Cinoshi Project, it steals a myriad of data from a victim’s system, including credentials, session tokens, and data from crypto wallets and extensions. With the rise in package typosquatting, there’s a need for heightened vigilance by the software developer community. A malware strain called Luna Grabber was downloaded at least 1,000 times; fortunately, its impact was low. Other new malware threats you need to up your guard against are Scarab ransomware and ScRansom.
As the advent of advanced AI technologies, such as Large Language Models (LLMs), gain momentum, cybercriminals aren’t behind in capitalizing on this trend. Of late, cyber adversaries employed Facebook's paid promotional tools to lure prospective victims into installing a malicious browser add-on and steal credentials.
Data breach exposes 2.6 million accounts
The personal data of 2.6 million Duolingo users has been leaked on a hacking forum, enabling cybercriminals to launch targeted phishing attacks. While Duolingo claimed the data was from public profiles, it didn’t apparently mention that email addresses were also exposed. The information, reportedly stolen via an exposed API in January, allows a user to cross-check email addresses with DuoLingo accounts.
Lapse in government contractor’s network
Belcan, a U.S. government, defense, and aerospace contractor, left super admin credentials exposed, potentially risking a severe supply chain attack. Cybernews researchers discovered an open Kibana instance containing sensitive data about Belcan, its employees, and internal infrastructure. The leaked data included admin emails, hashed admin passwords, usernames, roles, internal network details, infrastructure vulnerabilities, and mitigation actions.
New cryptocurrency-centric info-stealer
Zscaler ThreatLabz uncovered the Agniane Stealer, a new information-stealing malware linked to the Cinoshi Project malware-as-a-service. This malware targets credentials, system data, and crypto-related information, affecting browsers, tokens, and file tools. The most recent iteration of Agniane Stealer utilizes ConfuserEx Protector. It employs an increased number of obfuscation methods in comparison to its previous version.
Criminals leverage LLMs and Facebook ads
Threat actors were seen exploiting paid Facebook promotions to disseminate malicious code, aiming to deploy a harmful browser add-on for credential theft. These ads promise to boost productivity, increase reach and revenue, or assist in teaching, all with the help of AI. Some lures promise to provide access to Google Bard as well. The attackers utilize deceptive tactics, including URL shorteners, Google Sites, and cloud storage services, to host malicious files.
Deceptive npm packages target Roblox developers
A sophisticated cyberattack aimed at Roblox developers has come to the notice of security experts at ReversingLabs. Operating since August 2023, the campaign employs malicious npm packages that mimic the popular noblox.js package, a Node.js Roblox API wrapper. These fake packages, including noblox.js-vps, noblox.js-ssh, and noblox.js-secure, house malicious multi-stage payloads. The most significant payload, Luna Grabber, extracts sensitive data from victims' browsers, Discord apps, and local system configurations.
CosmicBeetle's ransomware campaign
ESET researchers have unveiled the Spacecolon toolset, used to propagate a Scarab ransomware variant across organizations globally. This iteration deploys ClipBanker to monitor clipboard content on a targeted system. It alters content it identifies as potentially representing a cryptocurrency wallet address, replacing it with the attackers’ address. Additionally, the ongoing campaign includes a newly discovered ransomware variant, ScRansom, possibly from the same developer.
Severe bugs in Chrome
Google addressed several high-severity flaws in Chrome browser as it rolled out Chrome version 116.0.5845.110 for Mac and Linux and versions 116.0.5845.110/.111 for Windows. The most serious among these, CVE-2023-4430, is a use-after-free flaw in Vulkan. Another use-after-free issue in the Loader component (CVE-2023-4429) and a high-severity out-of-bounds memory access vulnerability, were also patched in this update. No evidence of exploitation has been reported for these flaws.