Cyware Daily Threat Intelligence

Daily Threat Briefing • Jul 2, 2024
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Jul 2, 2024
Transparent Tribe, lately, has been making the headlines. In the latest development, this ever-evolving cyber syndicate has concocted a nefarious new strain of Android spyware, dubbed CapraRAT. The threat group stealthily ensnares unsuspecting gamers, weapons aficionados, and TikTok devotees by camouflaging itself within seemingly innocuous video browsing applications.
Meanwhile, in the labyrinthine world of network security, Cisco has patched a medium-severity zero-day vulnerability in its NX-OS software. This flaw was exploited by the China-linked cyberespionage faction Velvet Ant.
In a parallel arena of software security, a triumvirate of critical vulnerabilities has been unearthed within the CocoaPods dependency manager, posing a formidable threat to the software supply chain for Apple devices. These flaws empower any malevolent actor to take control over myriad unclaimed pods, injecting malicious code into some of the most ubiquitous iOS and macOS applications.
Transparent Tribe’s CapraRAT variants
Transparent Tribe has developed a new variant of its Android spyware called CapraRAT that targets gamers, weapons enthusiasts, and TikTok fans by embedding it into curated video browsing applications. SentinelLabs has identified four new CapraRAT APKs, including Crazy Game signed.apk, Sexy Videos signed.apk, TikTok signed.apk, and Weapons signed.apk. These new APKs use WebView to launch URLs to either YouTube or the mobile gaming site CrazyGames.com, with the YouTube apps pre-loaded with queries related to the application's theme. The apps request a wide range of permissions, including access to GPS location, SMS, contacts, audio/screen recording, and camera.
Cisco patches NX-OS 0-day
Cisco patched a medium-severity zero-day vulnerability in its NX-OS software, which was being exploited by the China-linked cyberespionage group called Velvet Ant. Tracked as CVE-2024-20399, the vulnerability allows a local attacker with administrative access to execute arbitrary commands on the underlying operating system with root privileges. The flaw affects various Cisco Nexus switches, and firmware updates have been issued. The cyberespionage campaign targeted organizations by exploiting the vulnerability and using outdated F5 BIG-IP appliances for C2 communication.
Critical bugs in Apple’s CocoaPods
A trio of security flaws were uncovered in the CocoaPods dependency manager that could be exploited to stage software supply chain attacks. The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and macOS applications.” One of the vulnerabilities is CVE-2024-38368 (CVSS score: 9.3) and allows an attacker to exploit the ‘Claim Your Pods’ process. The other two are tracked as CVE-2024-38366 (CVSS score: 10) and CVE-2024-38367 (CVSS score: 8.2). The researchers found that almost every pod owner is registered with their organizational email on the Trunk server, making them vulnerable to the zero-click account takeover attack.
Critical vulnerability in PTC License Server
PTC released a patch for a critical vulnerability in the license server for its Creo Elements/Direct software, used for 3D design. The vulnerability, tracked as CVE-2024-6071, allows remote attackers to execute arbitrary OS commands. Despite the potential for lateral movement in industrial organizations, PTC has no evidence of exploitation. While the impacted server is not typically internet-exposed, successful exploitation could yield access to critical information in affected networks. The patch is included in version 20.7.0.1 and later of the license server.