Threat Intelligence Cybersecurity Hacking News Oct, 12 2022
Ursnif, the banking trojan, appears to have moved on. The malware has used the power of connecting to a remote server to receive commands in its latest attack chain. As a result, the operator behind it may intend to participate in future ransomware operations. Another malware, Clicker, was discovered spreading through 16 malicious apps masquerading as utility apps on the Google Play Store. To avoid detection, hackers have included a randomized delay between downloading an app and activating it with malicious missions.
What else? The company confirmed that SIM swapping took over an unspecified number of Verizon customers. It was also revealed that an unauthorized third party gained access to the last four digits of customers' credit cards.
Top Breaches Reported in the Last 24 Hours
Whitworth University discloses breach
Approximately two million people. Git folders were discovered to be publicly accessible on the internet. These folders contain sensitive project information, such as remote repository addresses and commit history logs. Researchers discovered 1,931,148 IP addresses with live servers and a public folder structure. Over 31% of those who were exposed Git folders were found in the United States, 8% in China, and 5% in Germany.
Whitworth University discloses breach
Whitworth University confirmed to the state attorney general's office that a ransomware attack may have affected data for thousands of former and current students and staff. The incident is said to have affected 5,182 people in Washington state. There was no word on whether the university paid a ransom or not.
Top Malware Reported in the Last 24 Hours
With LDR4, Ursnif is no more a banking trojan
Ursnif, like Emotet, Qakbot, and TrickBot, has evolved into a capable backdoor that drops next-stage payloads. As an initial intrusion vector, the new variant, dubbed LDR4, has been observed using recruitment and invoice-related email lures to download a maldoc, which fetches and launches the malware.
Clicker used for mobile ad fraud
McAfee discovered 16 mobile apps infected with Clicker malware, with over 20 million downloads in total. The Clicker malware has been seen posing as seemingly innocuous utility apps such as cameras, QR code readers, currency/unit converters, note-taking apps, and dictionaries. When the malware is installed on a device, it secretly redirects victims to bogus websites and simulates ad clicks.
Domestic Kitten’s spyware campaign
Furball malware has been used in a recent mobile infection campaign that has come to light. It conceals itself under a phoney translation programme (sarayemaghale.apk) for an Iranian website that offers books, periodicals, and articles in translation. The malware can assist hackers in accessing sensitive information, including contacts, files on external storage, basic system metadata, and more. It is owned by Iranian threat actor Domestic Kitten.
Top Vulnerabilities Reported in the Last 24 Hours
Flaw fixed in Azure Service Fabric
A problem impacting Azure Service Fabric clusters was fixed by Microsoft. The flaw, dubbed FabriXss and designated CVE-2022-35829, is a spoofing vulnerability in SFX v1. A hacker might get complete administrator access to Azure Service Fabric clusters by abusing the issue. The bug was given a "medium severity" rating by Microsoft, who also mentioned that human involvement is necessary for exploitation.
Top Scams Reported in the Last 24 Hours
Sim swapped for Verizon customers
Customers of Verizon Prepaid whose accounts were hijacked had their phone numbers exposed to online criminals in a SIM-swapping scam. Investigations showed that con artists may successfully move the victim's phone number to another device, giving them access to the victim's other online accounts and the ability to tamper with OTPs.