Cyware Daily Threat Intelligence
Daily Threat Briefing • Jul 26, 2022
We use cookies to improve your experience. Do you accept?
Daily Threat Briefing • Jul 26, 2022
Ready-made phishing kits are yielding results for cybercriminals and we are worried. A highly-successful phishing campaign by Robin Banks has reportedly stolen several account information and sold it over the dark web and Telegram channels. So far, the cybercriminal group has siphoned off a surplus of over $500,000 from the affected accounts. The cyber landscape is witnessing major hurdles due to firms running outdated software or modules. Researchers discovered a zero-day vulnerability affecting older versions of PrestaShop websites. The bug can be exploited to harvest customers’ payment information.
What more? Researchers have confirmed that the agile Grails web app framework was hit by a severe bug. It can let an attacker remotely perturb a Grails application runtime. The developers recommend upgrading to a patched version immediately.
Abusing messaging apps for infection
In a report, Intel471 unearthed malicious campaigns by Blitzed Grabber infostealer and Telegram-focused bot called X-Files. The former uses Discord’s webhooks feature to store the data stolen by the malware. The data these threats can compromise includes bookmarks, browser cookies, VPN credentials, payment card information, crypto wallets, Microsoft Windows product keys, and more.
CosmicStrand UEFI malware
Kaspersky observed a UEFI rootkit malware, dubbed CosmicStrand, on machines with ASUS and Gigabyte motherboards (common use of H81 chipset). Such malware are difficult to identify as they run during a computer’s booting sequence, right before OS and security solutions are made available. An earlier version of the malware was reported by Qihoo360 in 2017.
Zero-day in e-commerce targeted
Magecart actors were seen exploiting a zero-day in the open source PrestaShop e-commerce platform to inject skimmers and extract the payment card information of users. The bug, tracked as CVE-2022-36408, concerns shops based on versions 1.6.0.10 or greater. Any attack attempt, however, requires the shop to be vulnerable to SQL injection exploits.
Critical flaw in Grails framework
AntGroup FG Security Lab disclosed a high-severity vulnerability in Grails, an open-source web app framework. Assigned CVE-2022-35912, the vulnerability allows a third-party user to remotely execute arbitrary code within a Grails application runtime by issuing a specially crafted web request. The Grail team has urged customers to patch and update all Grails applications, irrespective of the vulnerability.
Phishing on LinkedIn for Facebook credentials
Researchers at WithSecure uncovered Ducktail - a sophisticated phishing campaign targeting professionals on LinkedIn for at least four years. The campaign reaches out to individuals working in the digital media or marketing department of a firm with access to Facebook business accounts. Hackers ??convince them to download a file that is a .NET Core malware, which scans browsers to collect Facebook credentials.
Robin Banks targets Citibank customers
Phishing-as-a-service platform Robin Banks has been caught operating a large-scale campaign to obtain credentials and financial information of Citibank customers. Attackers target victims via SMS and email wherein the latter are also bilked for Google and Microsoft account credentials. The gang offers cybercriminals ready-made phishing kits to obtain financial data from victims in the U.S., the U.K, Canada, and Australia.