CyberCrime - W/E - 10/3/19
Google Play Apps Found Harboring Malware to Spy on Egyptian Journalists and Activists (10/03/2019)
Check Point Software studied a targeted attack against journalists and human rights activists in Egypt that had been previously reported on by Amnesty International in March. According to the Check Point team, unknown or previously undisclosed malicious artifacts belonging to this operation were uncovered. The attackers began developing mobile applications to monitor their targets and hosted them on Google Play. Upon notification, Google removed the malicious apps. The attacks have been ongoing since at least 2018 and many of the victims are political and social activists, high-profile journalists, and members of non-profit organizations in Egypt.
Check Point Software studied a targeted attack against journalists and human rights activists in Egypt that had been previously reported on by Amnesty International in March. According to the Check Point team, unknown or previously undisclosed malicious artifacts belonging to this operation were uncovered. The attackers began developing mobile applications to monitor their targets and hosted them on Google Play. Upon notification, Google removed the malicious apps. The attacks have been ongoing since at least 2018 and many of the victims are political and social activists, high-profile journalists, and members of non-profit organizations in Egypt.
MasterMana Campaign Uses Various Criminal Tactics to Steal Money, Remain Hidden (10/03/2019)
Prevailion has uncovered new details concerning the MasterMana Botnet, which uses business email compromise schemes and backdoors to pilfer cryptocurrency wallets and has been in operation since at least December 2018. This campaign is attributed to the Gorgon Group, a well-known threat and intelligence entity. The operation's phishing emails revealed infected document attachments. Opening the infected document initiated the attack's multi-pronged, labyrinth-like kill-chain which aids in detection evasion by relying upon trust placed third-party Web sites and services, such as Bitly, Blogspot, and Pastebin. The threat actors also modified older Pastebin posts to cease execution and added features to avoid sandboxing. Ultimately, the victim would download a .NET dll that would perform process hollowing and load a fileless backdoor, either a variant of the Azorult malware or the Revenge remote access Trojan.
Prevailion has uncovered new details concerning the MasterMana Botnet, which uses business email compromise schemes and backdoors to pilfer cryptocurrency wallets and has been in operation since at least December 2018. This campaign is attributed to the Gorgon Group, a well-known threat and intelligence entity. The operation's phishing emails revealed infected document attachments. Opening the infected document initiated the attack's multi-pronged, labyrinth-like kill-chain which aids in detection evasion by relying upon trust placed third-party Web sites and services, such as Bitly, Blogspot, and Pastebin. The threat actors also modified older Pastebin posts to cease execution and added features to avoid sandboxing. Ultimately, the victim would download a .NET dll that would perform process hollowing and load a fileless backdoor, either a variant of the Azorult malware or the Revenge remote access Trojan.