Malware Watch - W/E - 091418
Apache Struts, SonicWall GMS Highly Vulnerable to New Variants of Mirai and Gafgyt (09/11/2018)
Palo Alto Networks has uncovered new variants of the Mirai and Gafgyt Internet of Things botnets. The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017. The latest Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall's Global Management System.
Palo Alto Networks has uncovered new variants of the Mirai and Gafgyt Internet of Things botnets. The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017. The latest Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall's Global Management System.
Cobalt Threat Group Adds CobInt Downloader to Its Malicious Arsenal (09/12/2018)
A known threat group called Cobalt has been discovered using a new downloader malware in a spam campaign. This discovery was made by Proofpoint's team of scientists. The multi-stage CobInt downloader is written in the C language and unleashes additional modules including its main component.
A known threat group called Cobalt has been discovered using a new downloader malware in a spam campaign. This discovery was made by Proofpoint's team of scientists. The multi-stage CobInt downloader is written in the C language and unleashes additional modules including its main component.
Coinhive Cryptominer Continued Its Attacks in August (09/11/2018)
The Coinhive cryptomining malware remained in first place on Check Point Software's Global Threat Index ladder for the month of August. Coinhive infected 17% of organizations worldwide during the month. According to the vendor, 2018 was the second summer in a row where attackers increasingly used banking Trojans to victimize and quickly turn profits. Ramnit was the most prevalent banking Trojan for August.
The Coinhive cryptomining malware remained in first place on Check Point Software's Global Threat Index ladder for the month of August. Coinhive infected 17% of organizations worldwide during the month. According to the vendor, 2018 was the second summer in a row where attackers increasingly used banking Trojans to victimize and quickly turn profits. Ramnit was the most prevalent banking Trojan for August.
LuckyMouse Threat Reemerges with Sophisticated New Trojan in Tow (09/10/2018)
Kaspersky Lab discovered several infections from a previously unknown Trojan, which is most likely related to the Chinese-speaking threat actor, LuckyMouse. An unusual trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software. LuckyMouse is known for launching highly targeted cyber attacks on large entities around the world, most notably areas of South Eastern and Central Asia.
Kaspersky Lab discovered several infections from a previously unknown Trojan, which is most likely related to the Chinese-speaking threat actor, LuckyMouse. An unusual trait of this malware is its hand-picked driver, signed with a legitimate digital certificate, which has been issued by a company developing information security-related software. LuckyMouse is known for launching highly targeted cyber attacks on large entities around the world, most notably areas of South Eastern and Central Asia.
Osiris Malware Is Latest Evolution of Kronos Banking Trojan (09/13/2018)
A new variant of the Kronos banking Trojan has emerged and its three campaigns have been seen targeting Germany, Japan, and Poland. The new variant contains features like Tor network command and control, keylogging, and remote control. Researchers at Securonix have been actively investigating and closely monitoring this threat, which is known as Osiris. The team has published a report with further information.
A new variant of the Kronos banking Trojan has emerged and its three campaigns have been seen targeting Germany, Japan, and Poland. The new variant contains features like Tor network command and control, keylogging, and remote control. Researchers at Securonix have been actively investigating and closely monitoring this threat, which is known as Osiris. The team has published a report with further information.
PyLocky Campaigns Hitting France and Other European Countries (09/11/2018)
The scientists at Trend Micro have addressed the PyLocky ransomware in a blog post to help individuals and businesses better understand this threat. PyLocky is unrelated to the Locky ransomware, is written in the Python language, and is packaged with PyInstaller, a tool for Python-based programs. PyLocky's target has so far been limited to Europe, particularly France, and is distributed via spam campaigns.
The scientists at Trend Micro have addressed the PyLocky ransomware in a blog post to help individuals and businesses better understand this threat. PyLocky is unrelated to the Locky ransomware, is written in the Python language, and is packaged with PyInstaller, a tool for Python-based programs. PyLocky's target has so far been limited to Europe, particularly France, and is distributed via spam campaigns.
Trend Micro Discovers Fallout Exploit Kit Targeting Asia, Middle East, Parts of Europe (09/11/2018)
FireEye identified a new exploit kit (EK) that was being served up as part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region. The Fallout EK is pushing out the SmokeLoader malware to Japanese individuals and the GandCrab ransomrware in the Middle East. Further analysis is available from the vendor's blog post on Fallout.
FireEye identified a new exploit kit (EK) that was being served up as part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region. The Fallout EK is pushing out the SmokeLoader malware to Japanese individuals and the GandCrab ransomrware in the Middle East. Further analysis is available from the vendor's blog post on Fallout.