Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Feb 22, 2022

The sophistication of mobile malware attacks has taken a front seat in the threat landscape as a staggering 100,000 new mobile banking trojans were detected in 2021. Unfortunately, the situation continues to be grim as researchers detect the new Xenomorph banking trojan targeting Android users. The malware has infected over 50,000 devices across Spain, Portugal, Italy, and Belgium.

Moving on to other threats, a new version of CryptBot is infecting gamers who are falling for pirated software sites offering a free download of games. Additionally, attackers are actively scanning ports for vulnerable MS-SQL servers in an attempt to deploy Cobalt Strike Beacon.

Top Breaches Reported in the Last 24 Hours

Meyer discloses data breach

Cookware and bakeware distribution giant Meyer Corporation disclosed a data breach that affected the personal information of its employees in the U.S. The impacted information includes names, addresses, birth dates, gender, driver’s license, passport numbers, health insurance details, medical information, and Social Security numbers of individuals. The incident was discovered in October 2021.

New supply chain attack discovered

A new supply chain attack, which goes by the codename of Operation Cache Panda, is underway since November 2021. Attributed to the APT10 threat actor group, the campaign targets Taiwan’s financial sector by leveraging a vulnerability in a security software solution. The attackers also made use of credential stuffing attacks as a cover to evade detection and reflective code loading to run malicious code on local systems. Attackers installed a version of the Quasar RAT as part of the attack.

Expeditors International affected

American logistic and freight forwarding company, Expeditors International, was hit by a cyberattack that impacted most of its operations. The attack had impacted the ability to arrange freight shipments or manage customs and distribution activities for customers’ shipments. The company has hired experts to recover from the attack.

Top Malware Reported in the Last 24 Hours

New version of CryptBot spotted

A new version of CryptBot infostealer was found being distributed via pirated software sites that offered free downloads for games and pro-grade software. The operators behind the malware leverage SEO poisoning attacks to increase the visibility of these sites. The malware is capable of stealing browser credentials, cookies, browser history, cryptocurrency wallets, and credit card details.

Xenomorph trojan discovered

A new banking trojan called Xenomorph has infected more than 50,000 Android devices. The trojan was distributed via Google Play Store in the form of fake performance-boosting apps. The trojan is designed to steal sensitive banking details, take control of users’ accounts, and initiate unauthorized transactions.

Top Vulnerabilities Reported in the Last 24 Hours

Another out-of-band patch issued

Adobe has issued an out-of-band patch for a flaw—CVE-2022-24087—that arises due to improper patching of CVE-2022-24086. The emergency patch was released after researchers managed to bypass the previous security patch issued for Magento Open Source and Adobe Commerce. The new flaw, described as an improper input validation vulnerability, has a CVSS score of 9.8.

Vulnerable MS-SQL servers targeted

Attackers are targeting vulnerable MS-SQL servers in an attempt to distribute Cobalt Strike. These vulnerable servers are exploited through brute force and dictionary attacks. In one of the intrusions observed by researchers, attackers were found scanning port 1433 to check for exposed MS SQL servers.

Top Scams Reported in the Last 24 Hours

New phishing tactic

A new phishing technique deciphered by researchers can allow attackers to launch malicious code into a victim’s browser, plant a keylogger, and eavesdrop on users’ activities. The method bypasses the 2FA authentication protocol and can be executed via specially-crafted email that includes a link. Once clicked, it redirects users to a malicious web page.

Related Threat Briefings