Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 5, 2020
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 5, 2020
The detection of new malware samples indicates the level at which cyber threats are evolving. In the last 24 hours, security researchers have unearthed three new malware that are capable of performing a wide range of malicious activities. One of them is the Ttint botnet that includes remote tools-like features, apart from launching DDoS attacks.
The other two malware include a variant of the Black-T cryptojacking malware and the SLOTHFULMEDIA dropper. While the former is used against vulnerable Docker APIs, the latter is used to drop a trojan and a malicious components on infected computers.
Top Breaches Reported in the Last 24 Hours
Swiss universities affected
Several top universities and schools in Switzerland have been compromised to steal employees’ salaries. According to reports, the hackers accessed universities’ payment systems and changed beneficiary accounts information for salary transfers to steal a six-figure sum.
UN Shipping agency attacked
The United Nations agency for international shipping was forced to take a number of services offline after being hit by a cyberattack. However, the organization’s email and virtual meeting platforms remained unaffected by the incident.
Top Malware Reported in the Last 24 Hours
New variant of Black-T malware
Researchers have uncovered a new variant of the Black-T cryptojacking malware that is associated with the TeamTNT APT group. The malware is used against exposed Docker daemon APIs. It uses three different network scanning tools to identify vulnerable Dockers within the local network.
New SLOTHFULMEDIA malware
A new malware dropper named SLOTHFULMEDIA deploys two files when executed on a system. One of the files is a RAT designed to gain control over compromised devices and the other is a component that removes the dropper after the RAT achieves persistence on the targeted computer.
New Ttint botnet
Ttint is a newly discovered IoT botnet that includes remote tools-like features. The botnet, which appears to have been deployed last year, exploits two zero-day vulnerabilities in Tenda routers, for which security patches have not yet been released.
Malicious npm packages
Four malicious JavaScript npm packages - electorn, lodashs, loadyaml, and loadyml - were removed from the npm portal after they were found uploading user details to a public GitHub page. These packages used the typosquatting technique to trick users into installing them on their computers.