Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 3, 2020

The ever-evolving Emotet trojan has found a new way to sneak into systems. This time, the operators are using a malicious attachment that pretends to be from Windows 10 mobile operating system. Once installed, the trojan steals sensitive information from a victim’s system and later downloads additional malware such as TrickBot and QBot.

Researchers have unearthed two new malware - PyVil and Sepulcher - in the last 24 hours. Both are distributed via phishing emails and are capable of keylogging, collecting information, and taking screenshots from infected systems.

Top Breaches Reported in the Last 24 Hours

Schools attacked

Northumbria University is still struggling to cope with a cyberattack that forced it to close its entire campus in Newcastle upon Tyne. Works are underway to restore IT systems as quickly as possible. In another incident, Miami-Dade County Public School has suffered a DDoS attack that disrupted its distance learning platform.

Top Malware Reported in the Last 24 Hours

New PyVil RAT

PyVil is a new Python-scripted trojan capable of keylogging, taking screenshots, and collecting information from infected systems. The malware propagates by leveraging LNK file masquerading as a PDF. The file is sent via phishing emails that claim to contain identification documents associated with banking, including utility bills, credit card statements, and even drivers’ license photos.

New Sepulcher malware

A Chinese threat actor group, tracked as APT413, targeted European diplomatic entities and the Tibetan community with a new strain of Sepulcher malware. The malware was distributed through weaponized RTF attachment named ‘Covid’ to target Europeans and malicious PowerPoint attachment titled ‘TIBETANS BEING HIT BY DEADLY VIRUS THAT CARRIES A GUN and SPEAKS CHINESE’ to target Tibetans.

New details about Emotet

The Emotet malware is now using a malicious attachment that pretends to be from Windows 10 mobile operating system. The attachment includes malicious macros that result in the download and installation of Emotet on a victim’s computer. Once installed, the trojan steals a victim’s email to use in other spam campaigns and downloads other malware such as TrickBot and QBot.

Top Vulnerabilities Reported in the Last 24 Hours

Attackers abuse Google DNS over HTTPS

Attackers are abusing Google DNS-over-HTTPS protocol as a new evasion technique to distribute malware onto users’ computers. The suspicious domain identified in one such instance is ‘jqueryupdatejs[.]com’.

Cisco fixes a bug

Cisco has addressed a critical remote code execution bug in its Jabber for Windows software. The flaw, tracked as CVE-2020-3495, is caused by improper input validation of incoming message contents. It can allow remote attackers to execute arbitrary code on systems running unpatched Jabber version using maliciously-crafted Extensible Messaging and Presence Protocol (XMPP) messages.

Top Scams Reported in the Last 24 Hours

Phishing scam

Scammers have been observed abusing Sharepoint and One Note documents to steal passwords from Microsoft Office 365 users. The scam relies on hacked email accounts of U.K engineering businesses, from which emails are sent to recipients. The emails include attachments, which if clicked, redirect recipients to a fake login page for One Note or Sharepoint.

Related Threat Briefings