Cyware Daily Threat Intelligence

Daily Threat Briefing • Mar 19, 2021
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Mar 19, 2021
The hide-and-seek game between security experts and threat actors is becoming complicated as the latter continue to refine their evasion techniques. Shedding light on this aspect, researchers have demonstrated a new form of steganography technique that makes use of PNG files posted on Twitter. Threat actors can exploit the method to hide their nefarious activities while delivering malicious payloads in the form of ZIP and MP3 files.
Users of major service providers, including Amazon, Google, Apple, and Facebook, are now being targeted by the new CopperStealer malware that shares similarities with the SilentFade malware. The malware is capable of harvesting passwords and cookies from affected accounts. In other news, an ongoing highly-sophisticated phishing campaign that targets C-suite executives and financial departments has been found to be active since December 2020.
Top Malware Reported in the Last 24 Hours
OnionCrypter gets popular
Researchers have discovered that more than 30 hacker groups have been using a malware crypter dubbed OnionCrypter. Written in C++, the malware crypter uses three layers of encryption process. Some of the known malware that used the OnionCrypter include Lokibot, Zeus, AgentTesla, and Smokeloader.
New CopperStealer malware
CopperStealer is an actively developed password and cookie stealer that targets the users of major service providers including Google, Facebook, Amazon, and Apple. The threat actors behind the malware are using compromised accounts to run malicious ads and deliver additional malware in subsequent malvertising campaigns. CopperStealer shows similar targeting and delivery methods with the SilentFade malware.
Top Vulnerabilities Reported in the Last 24 Hours
Vulnerable travel apps
Around 20 popular travel apps are at risk of exposing data due to several misconfiguration issues. These apps are mainly related to booking and ride-sharing apps. The data that could be exposed includes bank account numbers, phone numbers, home addresses, credit card details, healthcare data, and dates of birth.
New steganography method
Security researchers have discovered a new type of steganography technique that involves hiding data inside a PNG image file posted on Twitter. Threat actors can exploit the method to obscure their nefarious activities on social media platforms.
Cisco issues fixes
Cisco has issued fixes for a vulnerability existing in the RV132WADSL2 Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN routers. The flaw (CVE-2021-1287) could allow attackers to execute code or restart affected devices unexpectedly. It stems from an issue in the routers’ web-based management interface.
Top Scams Reported in the Last 24 Hours
Tesco impersonated
Police in Wales issued a warning about a new phone scam in which fraudsters are impersonating supermarket giant Tesco. Victims have reported receiving calls that inform them that an order with Tesco has been placed and that £350 (~$487) will be debited from their account. The ultimate purpose of the scam is to pilfer personal and bank details from users.
Phishing campaign
A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives assistants and financial departments across numerous industries. In this campaign, which began in early December 2020, threat actors are leveraging phishing kits and a number of sophisticated methods at every step of the attack.