Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jan 29, 2021

Another day, another set of newly discovered malware attack campaigns. The malware used in these campaigns are Oscorp and Pro-Ocean. While Oscorp is an Android malware that can steal user credentials and record user audio and video, Pro-Ocean is a cryptojacking malware in the Rocke threat actor group’s arsenal.

A massive cyberespionage campaign targeting telecom companies and internet service providers has also been launched by the Lebanese Cedar APT group. The attacks appear to target internet service providers in the U.S., the U.K, Egypt, Israel, Lebanon, Jordan, Palestine, Saudi Arabia, and the UAE.

Top Breaches Reported in the Last 24 Hours

USCellular hit

Mobile network operator USCellular has suffered a data breach that enabled hackers to gain access to its CRM and view customers’ accounts. The attack occurred on January 4. However, it is unclear how many customers are affected by the incident. The data viewed by threat actors include names, addresses, PINs, cell phone numbers, service plans, and billing statements.

Bykea leaks data

Bykea has exposed over 400 million files due to a misconfigured Elasticsearch database. The files included internal logs that contained user details for both customers and contracted employees.

Telco and ISPs targeted

The****Lebanese Cedar group has been linked with a worldwide cyber espionage campaign targeting telecom companies, internet service providers, hosting providers, and managed hosting and applications companies. The attacks began in early 2020 and threat actors breached internet service providers in the U.S., the U.K, Egypt, Israel, Lebanon, Jordan, Palestine, Saudi Arabia, and the UAE.

Charity affected

The U.K’s Woodland Trust has confirmed a cyberattack that resulted in the takedown of many services. It is believed that the attack took place on December 14, 2020. Currently, law enforcement authorities are investigating if any data has been compromised.

Top Malware Reported in the Last 24 Hours

Oscorp malware

A new family of Android malware called Oscorp has been spotted by researchers. The malware abuses accessibility services in Android devices to hijack user credentials and record audio and video. Distributed via a domain named ‘supportapp[.]com, the malware requests intrusive permission to establish communications with the C2 server.

Pro-Ocean malware

Pro-Ocean is Rocke group’s new cryptojacking malware that mines Monero cryptocurrency. The malware has been recently upgraded and uses known vulnerabilities in Apache ActiveMQ, Redis, and Oracle WebLogic to target cloud applications. It is written in Go language and compiled to an x64 architecture binary.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Node.js app

A vulnerability in Node.js web application framework can be exploited to achieve remote code execution. The flaw also affects Express.js and Handlebars due to similarities in the code.

Flawed Popup Builder plugin

Multiple vulnerabilities patched recently in the popular WordPress plugin Popup Builder can be exploited to perform various malicious actions on affected websites. The recently addressed issues were related to the lack of authorization on most AJAX methods.

Related Threat Briefings