We use cookies to improve your experience. Do you accept?

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Mar 12, 2024

In the world of cryptocurrency, phishing attacks are a growing concern that demands attention from security experts. A recent report revealed that over 57,000 victims were targeted last month in different cryptocurrency phishing attacks that resulted in the loss of nearly $47 million. These attacks impersonated high-profile accounts on the X platform to trick users. Speaking of trickery, an info-stealer was disguised as an Adobe Reader installer to infect users worldwide. Besides this, a fake app that claimed to keep users’ digital assets safe was found stealing cryptocurrency and NFTs and transferring them to a wallet under the control of threat actors.

In the realm of vulnerabilities, flaws impacting a Linear eMerge access control product finally received patches after five years of their disclosure. One of these vulnerabilities was reportedly exploited in the wild.

Top Breaches Reported in the Last 24 Hours

Roku discloses a data breach

Roku disclosed that the accounts of over 15,000 customers were hacked in a credential-stuffing attack, allowing threat actors to lock customers out of their accounts and make fraudulent purchases of hardware and streaming subscriptions. The credentials were gathered from previous data breaches and each account was offered for $0.50. The company further added that once an account was breached it allowed threat actors to change the information on the account, including passwords, email addresses, and shipping addresses

EquiLend’s data stolen

In an update, the New York-based security lending platform EquiLend Holdings confirmed that the PII of its employees was stolen in a January ransomware attack. This includes payroll information, names, dates of birth, and SSNs of employees. The organization further added that there is no evidence of personal information being used to commit identity theft or fraud.

Koffie Beyers targeted

Belgium’s coffee producer, Koffie Beyers, was hit by a cyberattack days after Duvel Moortgat Brewery faced an attack. The impact of the incident is not yet clear. As investigations progress, authorities are striving to determine the full extent of the damage inflicted on both companies.

Banregio hit by alleged data breach

An alleged data breach on Banregio may have exposed sensitive information, including project attachments data in HTML format, and server log files, about the financial institution. While the website appears to be operational, the claims of attack remains unverified.

French government targeted in DDoS attacks

Russia-based Anonymous Sudan claimed responsibility for DDoS attacks on the French government, limiting the operations and disrupting services at multiple government ministries. By Monday, the government took action to reduce the impact of the attacks, and access to government sites was restored.

Top Malware Reported in the Last 24 Hours

Info-stealer distributed via Adobe Reader

ASEC discovered a campaign that distributed an info-stealer disguised as an Adobe Reader installer. Propagated as a PDF, the file is written in Portuguese and prompts the users to download and install it. The execution process of the file is divided into three phases: file creation, DLL hijacking & UAC bypass, and information leak.

Fake cryptocurrency wallet

The developers of Leather Wallet warned that a fake app on the Apple App Store is being used to steal digital assets from users on the pretext of keeping their NFTs and cryptocurrency safe. It is published by 'LetalComRu,' and uses the real Leather logo. The app tricks users into entering their wallet recovery phrase, which consequently initiates the transfer of their cryptocurrency to a new wallet under the control of threat actors.

Top Vulnerabilities Reported in the Last 24 Hours

CISA issues advisory for a Linear product

Vulnerabilities affecting a Linear eMerge access control product, including a critical flaw exploited in the wild, were patched five years after disclosure. This comes after the CISA issued a new advisory describing the flaws and warning that they can allow a remote attacker to gain full access to systems. All of the security holes have 2019-dated CVEs and the list includes CVE-2019-7256, the vulnerability exploited in the wild.

Top Scams Reported in the Last 24 Hours

$47 million lost in crypto phishing attack

Cybercriminals stole nearly $47 million from just over 57,000 victims in cryptocurrency phishing attacks last month, a report from Scam Sniffer revealed. These attacks were primarily launched via X (Twitter) by impersonating high-profile accounts. Around 78% of the total volume of thefts targeted Ethereum Mainnet, with a primary focus on ERC20 tokens, comprising 86%.

Surge in income-tax-related scams

As the April 15 tax filing deadline approaches in the US, tax-related scams targeting taxpayers and tax professionals have come to light. One of these schemes involved the use of cardboard envelopes from a delivery service. The enclosed letter includes the IRS masthead with contact information and a phone number that does not belong to the IRS and warns recipients about an unclaimed refund. The IRS also warned of phishing emails sent to tax professionals posing as potential clients, requesting Electronic Filing Identification Numbers (EFINs) under false pretenses.

Related Threat Briefings