Cyware Daily Threat Intelligence

Daily Threat Briefing • Jan 28, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jan 28, 2022
Another day, another Android security alert. Users are advised to delete a malicious app named 2FA Authenticator that propagates a new trojan dubbed Vultur. Embedded with screen recording and keylogging capabilities, the malware is being used to target online banking users in Italy, Australia, and Spain.
Moving on to other threats, the infamous North Korean Lazarus APT group is back with yet another fake job-themed phishing campaign that targets job-seeking engineers. First detected on January 18, the campaign makes use of the Windows Update client and GitHub to execute malicious payloads. The notorious Conti ransomware group is also in the headlines for targeting a Taiwanese firm.
Top Breaches Reported in the Last 24 Hours
French Ministry of Justice targeted
Cybercriminals leveraged LockBit 2.0 to steal files after breaching systems belonging to France’s Ministry of Justice. While the Ministry has taken remedial measures to contain the attack, the attackers have begun leaking the stolen data on their Tor-based website. The attack was launched by exploiting a remote code execution vulnerability (CVE-2021-22986) in an F5 Networks product.
Lazarus returns with job-theme lures
The notorious Lazarus threat actor group has been associated with a series of spear-phishing attacks, detected on January 18. The campaign used job-themed lures impersonating Lockheed Martin aerospace company to target users. The attackers made use of the Windows Update service and GitHub to execute malicious payloads.
Delta Electronics hit by Conti
Delta Electronics fell victim to a cyberattack by Conti ransomware. While the firm is working to restore systems taken down during the attack, it has disclosed that the attack had no significant impact on its operations. However, the gang claims to have infected 1,500 servers and 12,000 computers of the firm.
Facebook accounts being hijacked
Finland’s National Cyber Security Centre (NCSC-FI) has issued a warning about an ongoing phishing campaign that attempts to hijack Facebook accounts. The campaign starts with threat actors impersonating victims’ friends and initiating a conversation on Messenger.
Top Malware Reported in the Last 24 Hours
Vultur banking trojan spotted
A trojanized 2FA Authenticator app has been removed from Google Play Store after it was found distributing a new malware dubbed Vultur. The malicious app had garnered over 10,000 downloads before it was taken down. The trojan is capable of collecting personal information, disabling keylock and password security, downloading external apps, and creating overlay windows over the mobile application windows. It was used against European banking institutions, as well as a range of cryptocurrency wallet platforms.
Top Vulnerabilities Reported in the Last 24 Hours
QNAP force updates NAS devices
QNAP has force-updated customers’ NAS devices following the rise in the attacks by newly discovered DeadBolt ransomware. The ransomware has already encrypted over 3,600 devices. The threat actors claim to be using a zero-day vulnerability to hack QNAP devices.
A critical flaw in the Swiss Railway system
A hacker has raised alarms about a vulnerability impacting Switzerland’s national railway system. The flaw allowed the hacker to gain access to the personal data of around 500,000 individuals, who purchased tickets to ride on Swiss Federal Railways.