Malware Watch - W/E - 092118
APT10 Delivers One-Two Punch with Phishing Followed Up with UPPERCUT Infection (09/18/2018)
APT10, a cyber espionage entity that FireEye has been tracking, is responsible for attacks on the Japanese media sector. The group has used spear phishing messages laced with Word documents that contain a malicious VBA macro to distribute the UPPERCUT backdoor, which is also known as ANEL. FireEye has advised users to consider disabling Office macros in their settings and not to open documents from unknown sources.
APT10, a cyber espionage entity that FireEye has been tracking, is responsible for attacks on the Japanese media sector. The group has used spear phishing messages laced with Word documents that contain a malicious VBA macro to distribute the UPPERCUT backdoor, which is also known as ANEL. FireEye has advised users to consider disabling Office macros in their settings and not to open documents from unknown sources.
Bogus Financial Apps Removed from Google Play (09/19/2018)
Fake financial applications were found in Google Play and masqueraded as six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phished for credit card details and/or login credentials to the impersonated legitimate services. ESET's security team noted that the apps were installed over a thousand times prior to Google giving them the boot.
Fake financial applications were found in Google Play and masqueraded as six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms, the malicious fakes phished for credit card details and/or login credentials to the impersonated legitimate services. ESET's security team noted that the apps were installed over a thousand times prior to Google giving them the boot.
Linux, Windows Servers Vulnerable to Xbash Ransomware/Miner/Worm (09/18/2018)
A new malware family called Xbash is targeting both Windows and Linux servers and is the work of the Iron Group, a threat actor known for launching ransomware attacks. Xbash has both ransomware and coin mining capabilities along with worm-like characteristics. It spreads by attacking weak passwords and exploiting unpatched vulnerabilities. Palo Alto Networks has released its findings on Xbash.
A new malware family called Xbash is targeting both Windows and Linux servers and is the work of the Iron Group, a threat actor known for launching ransomware attacks. Xbash has both ransomware and coin mining capabilities along with worm-like characteristics. It spreads by attacking weak passwords and exploiting unpatched vulnerabilities. Palo Alto Networks has released its findings on Xbash.
Ransomware Attack Renders FL School District's Systems Useless for Three Days (09/18/2018)
The computer system for a Florida school district was taken offline for three days following an attack by the GandCrab ransomware. The Miami Herald reported that the Monroe County School District first had issues on September 9 and contacted Symantec, which is its security provider. The ransomware was a variant of GandCrab that Symantec had not seen previously but the vendor helped to secure the district's files and the school systems became operational again on September 12.
The computer system for a Florida school district was taken offline for three days following an attack by the GandCrab ransomware. The Miami Herald reported that the Monroe County School District first had issues on September 9 and contacted Symantec, which is its security provider. The ransomware was a variant of GandCrab that Symantec had not seen previously but the vendor helped to secure the district's files and the school systems became operational again on September 12.