Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Nov 27, 2019

Malware that includes obfuscation modules to evade detection by security solutions is in demand among threat actors. Lately, security researchers have come across one such malware that has been active since October 2018. The malware dubbed Dexphot, had silently managed to bypass security solutions due to its complex evasion methods. It has been found that the notorious malware has infected close to 80,000 Windows computers earlier this year.

That’s not all! A new variant of Stantinko botnet has also been found to spread via YouTube videos to slip past security solutions. This new version of botnet includes a mining module in its arsenal to mine Monero cryptocurrency. Overall, the botnet is estimated to have infected half a million devices, and the victims are primarily from Russia, Ukraine, Belarus, and Kazakhstan.

Top Breaches Reported in the Last 24 Hours

‘On The Border’ restaurant chain breached

Mexican restaurant chain ‘On The Border’ disclosed a data breach that occurred between April 10 and August 10, 2019. The attackers had installed malware on payment processing systems at some of its locations to steal customers’ payment card details.

Upbit hacked

A major hack at the South Korean cryptocurrency exchange Upbit has led to the theft of $48.5 million worth 342,000 ETH. The said amount has been stolen from the hot wallet to a previously unknown wallet address.

Top Malware Reported in the Last 24 Hours

Stantinko botnet

The Stantinko botnet has now been evolved to add a Monero cryptocurrency mining module to its toolset. This new variant spreads via YouTube videos in order to evade detection. Once installed, the botnet searches for other cryptominers and suspends them to run smoothly on targeted systems.

DeathRansom ransomware

A new strain of ransomware named DeathRansom, that attempts to remove shadow volume copies before initiating its encryption routine, has been discovered by security researchers. The malware appends the encrypted files with ABEFCDAB extension and later drops a ransom note for victims. The ransom note contains a unique ‘LOCK-ID’ which the victim needs to email when contacting the ransomware developer.

Dexphot malware

Microsoft security engineers have uncovered a new malware called Dexphot that has been infecting Windows computers since October 2018. The malware has infected almost 80,000 computers. It is used to hijack their resources to mine cryptocurrency and generate revenue for the attackers.

PSD2 as lure

Threat actors are using Payment Services Directive 2’s (PSD2) law as a malicious lure to dupe victims. It has been found that they have created illegitimate login pages on domains that have PSD2 as part of the registered name. It is being used to target financial institutions and customer data.

Top Vulnerabilities Reported in the Last 24 Hours

Impact of SSRF vulnerability

In a new study revealed by Palo Alto Unit 42 researchers, it has been found that there are more than 7,000 Jira servers across the globe that are exposed to the internet in public clouds. 45% of these are vulnerable to SSRF vulnerability dubbed CVE-2019-8451. SSRF vulnerability opens the door for internal network reconnaissance, lateral movement, and even remote code execution.

Kaspersky patches vulnerabilities

Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office Security products. One of the flaws discovered could be abused by attackers to access important data such as Kaspersky security solution’s product ID, product version, and operating system version.

Related Threat Briefings