Over the past two weeks, we saw the news about the infected WordPress site that revealed a malicious C&C script. Also, a new Android malware family on the Google Play Store secretly subscribes users to premium services downloaded over 3,000,000 times. Read this and more news on our latest digested blog.
For more articles, check out our #onpatrol4malware blog.
Infected WordPress Site Reveals Malicious C&C Script
Bitcoin prices are down 60% year to date, trading far from the all-time highs of $69,000 seen last November. Some altcoins have plummeted even farther in value, with digital currencies collapsing in value in the past six months. Read more.
New Android Malware On Google Play Installed 3 Million Iimes
A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. The malware, named ‘Autolycos,’ was discovered by Evina’s security researcher Maxime Ingrao. Read more.
Large-Scale Phishing Campaign Bypasses MFA
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets. Read more.
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
Source: Unit42 PaloAlto
Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Read more.
Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai
Mantis Botnet launched 3,000 DDoS attacks in one month using only 5,000 small bots after which Cloudflare dubbed the botnet as “the most powerful botnet to date.” Read more.
North Korean APT Targets US Healthcare Sector With Maui Ransomware
Source: Malwarebytes LABS
State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health (HPH) sector for the past year using the Maui ransomware, according to a joint CSA from the FBI, CISA, and the Department of the Treasury. Read more.