Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Aug 27, 2024

VPN seekers, beware: A cunning phishing campaign is laying traps for users across Windows, Linux, and macOS, disguising malicious software as a trusted VPN service. The attackers are using a new stealer malware to pilfer your most sensitive data, from crypto wallets to stored browser passwords.

Google’s battle against zero-days continues as it tackles its tenth high-severity flaw of the year. This time, a critical bug in Chrome's V8 JavaScript engine threatened users with remote attacks through cleverly crafted HTML pages.

Even the most trusted online spaces can harbor deception as researchers spotted fake Microsoft support pages popping up on legitimate sites. Crafty scammers are hijacking search queries to redirect unsuspecting victims to fraudulent pages, complete with convincing logos and fake contact numbers.

Top Malware Reported in the Last 24 Hours

New Cheana Stealer targets VPN users

A phishing campaign has been targeting users downloading VPN applications for Windows, Linux, and macOS. The threat actors created a phishing site impersonating a legitimate VPN service called WarpVPN and distributed distinct stealer binaries for each operating system. They used a Telegram channel with over 54,000 subscribers to distribute Cheana Stealer. The campaign involves detailed installation instructions for each platform, with the stealer targeting sensitive data such as cryptocurrency-related browser extensions, crypto wallets, and stored browser passwords.

Razr ransomware abuses PythonAnywhere

The Razr ransomware is utilizing the PythonAnywhere cloud platform to distribute and encrypt files using the AES-256 algorithm. ANY.RUN's analysis uncovered the ransomware's behavior, communication with a C2 server, and ransom demands sent via Tor. The ransomware begins by generating a unique machine ID, encryption key, and IV, which are then sent to the C2 server.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft patches ASCII smuggling flaw

A now-patched vulnerability in Microsoft 365 Copilot allowed attackers to use ASCII smuggling to steal sensitive user information. The attack involved tricking users into clicking on hidden data within clickable hyperlinks, leading to the exfiltration of valuable data to a third-party server. Microsoft has addressed the issue, but proof-of-concept attacks have demonstrated the ability to manipulate Copilot's responses, exfiltrate data, and bypass security measures. Microsoft also warned about the risk of publicly exposed Copilot bots being used by threat actors to extract sensitive information.

**Patch for the tenth Chrome 0-day **

Google patched its tenth zero-day vulnerability of 2024, addressing a high-severity bug in Chrome's V8 JavaScript engine that could be exploited for remote attacks. This vulnerability, CVE-2024-7965, allowed remote attackers to exploit heap corruption via a crafted HTML page. Google has released updates to fix this and another zero-day vulnerability, CVE-2024-7971, in Chrome version 128.0.6613.84/.85.

Top Scams Reported in the Last 24 Hours

Microsoft Support scams

Malwarebytes Labs spotted two recent deceptive schemes involving fake Microsoft support pages on legitimate websites and hijacking of Microsoft-related search queries. The first scam involves a fake helpdesk page created via Microsoft Learn, featuring an ad with a legitimate Microsoft logo and phone number. Despite the appearance of authenticity, the ad was actually paid for by an advertiser from Vietnam. The second scam utilizes Google ads to redirect victims to a page on Microsoft's website that displays a fake contact number for Microsoft Support.

Beware of highway toll text scams!

Cybercriminals have been targeting people in multiple states with highway toll text scams, posing as state authorities and providing fake payment links to steal personal and financial information. The targeted states include Illinois, Florida, North Carolina, and Washington. These scams have been on the rise, with scammers using spoofed government websites and urgent text messages to trick victims into paying quickly. The primary motive is quick payments, but scammers are also collecting personal data for other criminal activities.

Related Threat Briefings