Weekly our experts select relevant news in the cybersecurity industry. Over the last two weeks, we saw the “Earth Preta’s Cyberespionage Campaign Hits Over 200” This study on an active cyberespionage campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures. “MacStealer: New macOS-based Stealer Malware Identified” and much more.
For more articles, check out our #onpatrol4malware blog.
MacStealer: New macOS-based Stealer Malware Identified
Source: uptycs
Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Read more.
Earth Preta’s Cyberespionage Campaign Hits Over 200
Source: Trend Micro
This study on an active cyberespionage campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures. Read more.
How scammers employ IPFS for email phishing
Source: Secure List Kaspersky
In 2022, scammers began actively using IPFS for email phishing attacks. They would place HTML files containing a phishing form in IPFS and use gateways as proxies. Read more.
Beware: Fake IRS tax email delivers Emotet malware
Source: MalwareBytes LABS
A Form W-9 is a form you fill in to confirm certain personal details with the IRS. Name, address, and Tax Identification Number are all things you can expect to fill in on one of these forms. Read more.
Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles
Source: Malware Bytes Labs
Between late 2022 and early 2023, Project Zero reported 18 vulnerabilities in a chip powering those devices. Read more.
Exploiting aCropalypse: Recovering Truncated PNGs
Source: David Buchanan
This article assumes you’ve already heard about the aCropalypse vulnerability, aka CVE-2023-21036. If not, go read about it here (oops, this page doesn’t exist yet. Read this tweet in the meantime). Read more.
Nexus: a new Android botnet?
Source: Cleafy
On January 2023, a new Android banking trojan appeared on multiple hacking forums under the name of Nexus. However, Cleafy’s Threat Intelligence & Response Team traced the first Nexus infections way before the public announcement in June 2022. Read more.