We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 26, 2022

Ready-made phishing kits are yielding results for cybercriminals and we are worried. A highly-successful phishing campaign by Robin Banks has reportedly stolen several account information and sold it over the dark web and Telegram channels. So far, the cybercriminal group has siphoned off a surplus of over $500,000 from the affected accounts. The cyber landscape is witnessing major hurdles due to firms running outdated software or modules. Researchers discovered a zero-day vulnerability affecting older versions of PrestaShop websites. The bug can be exploited to harvest customers’ payment information.

What more? Researchers have confirmed that the agile Grails web app framework was hit by a severe bug. It can let an attacker remotely perturb a Grails application runtime. The developers recommend upgrading to a patched version immediately.

Top Malware Reported in Last 24 Hours

Abusing messaging apps for infection

In a report, Intel471 unearthed malicious campaigns by Blitzed Grabber infostealer and Telegram-focused bot called X-Files. The former uses Discord’s webhooks feature to store the data stolen by the malware. The data these threats can compromise includes bookmarks, browser cookies, VPN credentials, payment card information, crypto wallets, Microsoft Windows product keys, and more.

CosmicStrand UEFI malware

Kaspersky observed a UEFI rootkit malware, dubbed CosmicStrand, on machines with ASUS and Gigabyte motherboards (common use of H81 chipset). Such malware are difficult to identify as they run during a computer’s booting sequence, right before OS and security solutions are made available. An earlier version of the malware was reported by Qihoo360 in 2017.

Top Vulnerabilities Reported in the Last 24 Hours

Zero-day in e-commerce targeted

Magecart actors were seen exploiting a zero-day in the open source PrestaShop e-commerce platform to inject skimmers and extract the payment card information of users. The bug, tracked as CVE-2022-36408, concerns shops based on versions 1.6.0.10 or greater. Any attack attempt, however, requires the shop to be vulnerable to SQL injection exploits.

Critical flaw in Grails framework

AntGroup FG Security Lab disclosed a high-severity vulnerability in Grails, an open-source web app framework. Assigned CVE-2022-35912, the vulnerability allows a third-party user to remotely execute arbitrary code within a Grails application runtime by issuing a specially crafted web request. The Grail team has urged customers to patch and update all Grails applications, irrespective of the vulnerability.

Top Scams Reported in the Last 24 Hours

Phishing on LinkedIn for Facebook credentials

Researchers at WithSecure uncovered Ducktail - a sophisticated phishing campaign targeting professionals on LinkedIn for at least four years. The campaign reaches out to individuals working in the digital media or marketing department of a firm with access to Facebook business accounts. Hackers ??convince them to download a file that is a .NET Core malware, which scans browsers to collect Facebook credentials.

Robin Banks targets Citibank customers

Phishing-as-a-service platform Robin Banks has been caught operating a large-scale campaign to obtain credentials and financial information of Citibank customers. Attackers target victims via SMS and email wherein the latter are also bilked for Google and Microsoft account credentials. The gang offers cybercriminals ready-made phishing kits to obtain financial data from victims in the U.S., the U.K, Canada, and Australia.

Related Threat Briefings