Malware Watch - W/E - 090718
Aggressive MagentoCore Skimmer Taints Over 7,000 Ecommerce Sites (09/05/2018)
MagentoCore has become the most prolific online skimmer after it was determined that over 7,000 individual stores have been turned into zombie money machines. At least 1,450 stores have hosted the MagentoCore.net parasite since February. The MagentoCore skimmers gain illicit access to the control panel of an ecommerce site, often with brute force techniques by automatically trying lots of passwords, sometimes for months. Researcher Willem de Groot analyzed the skimmer and identified 7,339 ecommerce sites that have been infected.
MagentoCore has become the most prolific online skimmer after it was determined that over 7,000 individual stores have been turned into zombie money machines. At least 1,450 stores have hosted the MagentoCore.net parasite since February. The MagentoCore skimmers gain illicit access to the control panel of an ecommerce site, often with brute force techniques by automatically trying lots of passwords, sometimes for months. Researcher Willem de Groot analyzed the skimmer and identified 7,339 ecommerce sites that have been infected.
Latest Apache Struts Bug Exploited to Mine for Monero (09/06/2018)
A remote code execution vulnerability for Apache Struts 2 that was released in August is being exploited in a cryptocurrency mining campaign. F5 researchers identified the campaign as "CroniX" and spotted it two weeks after the new Struts 2 vulnerability was first discovered. CroniX mines for Monero.
A remote code execution vulnerability for Apache Struts 2 that was released in August is being exploited in a cryptocurrency mining campaign. F5 researchers identified the campaign as "CroniX" and spotted it two weeks after the new Struts 2 vulnerability was first discovered. CroniX mines for Monero.
Microsoft's WMIC Utility Abused to Download Malware (09/04/2018)
Cybercriminals are using Microsoft's Windows Management Instrumentation Command-line (WMIC) utility and an eXtensible Stylesheet Language (XSL) file, which typically would not be threatening, to push out malware, the researchers at Symantec say. WMIC is being used to download malicious files as part of the multi-stage infection chain. The researchers hypothesize that the miscreants are using this tactic to avoid detection.
Cybercriminals are using Microsoft's Windows Management Instrumentation Command-line (WMIC) utility and an eXtensible Stylesheet Language (XSL) file, which typically would not be threatening, to push out malware, the researchers at Symantec say. WMIC is being used to download malicious files as part of the multi-stage infection chain. The researchers hypothesize that the miscreants are using this tactic to avoid detection.
Sophisticated CamuBot Malware Targets Brazilian Banks and Customers (09/05/2018)
IBM's X-Force researchers reviewed CamuBot, a financial malware targeting Brazilian banking customers. The malware's operators are actively using it to target companies and public sector organizations, mixing social engineering and malware tactics to bypass strong authentication and security controls. CamuBot uses new code, doesn't hide its deployment, and promotes bank logos and brand imaging to make it appear as a legitimate application.
IBM's X-Force researchers reviewed CamuBot, a financial malware targeting Brazilian banking customers. The malware's operators are actively using it to target companies and public sector organizations, mixing social engineering and malware tactics to bypass strong authentication and security controls. CamuBot uses new code, doesn't hide its deployment, and promotes bank logos and brand imaging to make it appear as a legitimate application.