Cyware Weekly Threat Intelligence - May 01–05

Weekly Threat Briefing • May 5, 2023
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Weekly Threat Briefing • May 5, 2023
As new technologies continue to emerge and transform various industries, it has become equally important to protect them from the abuse of bad actors. In the same light, the FBI was able to disrupt nine cryptocurrency exchange websites that were involved in facilitating illegal scams and cybercrime operations. In other news, Facebook took action against rising cases of ChatGPT-themed malware attacks and blocked over 1,000 malicious URLs that were targeting user accounts.
The U.S. and Ukrainian authorities seized nine cryptocurrency exchange websites advertised on private hacker forums. These websites were used to launder the profits from online scams and cybercrime operations. The nine exchanges were hosted across Europe and were tracked as 24xbtc[.]com, 100btc[.]pro, pridechange[.]com, 101crypta[.]com, uxbtc[.]com, trust-exchang[.]org, bitcoin24[.]exchange, paybtc[.]pro, and owl[.]gold.
Meta blocked more than 1,000 ChatGPT-themed malicious URLs from being shared on its platforms as they were found distributing about 10 different malware families, including a new malware dubbed NodeStealer. The development comes following the increase in the use of fake ChatGPT web browser extensions to steal Facebook account credentials.
Washington state governor signed the ‘My Health My Data Act’ into law to bolster the health data privacy for its people. The act aims to modernize the state’s consumer protection framework by giving individuals the right to withdraw consent, request data deletion, and prohibit the collection and sharing of health data without their consent.
Meanwhile, the growing ransomware landscape has made it easier for cybercriminals to launch attacks. This week, the Royal ransomware group scored another bunch of victims by targeting the city of Dallas and a for-profit virtual learning provider with its presence in the U.S. and the U.K. In another instance, a law firm based in Australia fell victim to the BlackCat ransomware attack, affecting 4 TB worth of the company’s data. Meanwhile, T-Mobile reported suffering yet another data breach in 2023.
Now, let's go through new threat updates this week where several new malware affecting Android devices were discovered. One of these is named Fleckpe which was discovered in at least 11 apps. Active since 2022, it has infected over 620,000 devices so far. In another case, a malware strain called FluHorse reportedly infected over one million Android users across Vietnam and Taiwan by mimicking legitimate apps. Furthermore, the CISA warned against multiple threat groups actively exploiting bugs in TP-Link, Apache Log4j2, and Oracle WebLogic Server.