Cyware Daily Threat Intelligence
Daily Threat Briefing • February 10, 2023
Top smartphone manufacturers in China, including Xiaomi, OnePlus, and Oppo Realme, are in the fray for shipping spyware-laced smartphones to their users. These are malicious programs that put an individual’s privacy at risk and may unmask their identities to threat actors. There’s a new threat actor group starting its infection chapter with custom malware, dubbed WasabiSeed and Screenshotter. In some cases, the group used AHK Bot and Rhadamanthys Stealer in post-exploitation activity.
Google wrapped up this month’s update with 40 bug fixes. The tech giant patched 17 high-severity bugs in different components, such as Framework, Media Framework, and System. The round of updates nullified three vulnerabilities concerning Pixel devices.
Top Breaches Reported in the Last 24 Hours
Arts college in New York breached
Mount Saint Mary College, New York, announced that it fell victim to a ransomware attack last year in December. Vice Society claimed to have targeted the school and pilfered confidential data while knocking part of the network offline. Officials said anyone who has been a student or worked at the college in the last 10 years may have their personal information accessed by the criminals.
Reddit’s source code leak
A cyberattack on Reddit has enabled hackers to harvest internal documents and source code. According to it, hackers impersonated its intranet site to ensnare Reddit employees with phishing bait. This site attempted to steal 2FA tokens and employee login information. Limited contact information for business contacts and current and former workers is included in the stolen material.
Attack on Canada’s largest bookstore chain
Indigo Books & Music, Canada, experienced a cyberattack that made its website inaccessible to customers. There’s no clarity yet about the nature of the attack and whether hackers could have extracted or accessed customer data. Thousands of people work for Indigo that also operates 123 small format stores and 86 superstores under the Chapters and Indigo brands.
Top Malware Reported in the Last 24 Hours
Screenshotter by TA886 group
Proofpoint security experts uncovered a threat actor, tracked as TA886, infecting companies in the U.S. and Germany with the new WasabiSeed and Screenshotter malware. The custom malware can perform surveillance and steal data. Hackers push their malware via phishing emails that include Microsoft Publisher (.pub) attachments with malicious macros or PDFs containing URLs that download JavaScript files.
Pre-installed malware in Chinese phones
Android devices manufactured by top firms are being delivered with pre-installed malware in China, revealed researchers from the Universities of Edinburgh and Dublin. The apps were created to covertly exfiltrate user and device data, including system information, geolocation, user profiles, and call histories. Even those who left the country are exposed to surveillance threats.
Top Vulnerabilities Reported in the Last 24 Hours
Google addressed over three dozen flaws
Google fixed 40 security bugs as part of the February 2023 security updates for Android. Most critical of these bugs is a high-security vulnerability in Framework component that leads to local privilege escalation without the need for other privilege access. Other flaws involve information disclosure and DoS condition threats. The updates addressed flaws in Kernel, Unisoc, Qualcomm, MediaTek, and Qualcomm closed-source components.