Our selection of the most recent infosec articles from around the web, including write ups about both the Masad and Arcane stealer, all accompanied by a possible link between Magecart Group 4 and Cobalt Group. For informational purposes, the Proofpoint Q2 Threat Report is available along with a detailed article about SOCKS proxy.
For more articles, check out our #onpatrol4malware blog.
How Tortoiseshell created a fake veteran hiring website to host malware
Source: Talos
Cisco Talos recently discovered a threat actor attempting to take advantage of Americans who may be seeking a job, especially military veterans. Read more.
Magecart Group 4 – A link with Cobalt Group?
Source: HYAS
While working jointly with the threat intelligence team at Malwarebytes, we found some interesting patterns in the email addresses used to register domains belonging to Magecart. Read more.
Divergent: “Fileless” NodeJS Malware Burrows Deep Within the Host
Source: Talos
Cisco Talos recently discovered a new malware loader being used to deliver and infect systems with a previously undocumented malware payload called “Divergent.” Read more.
Frequent VBA Macros used in Office Malware
Source: Security Affairs
The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Read more.
Proofpoint Q2 2019 Threat Report
Source: Proofpoint
The data presented in this report were collected during the second quarter of 2019 and reflect the disappearance of the Emotet botnet from the threat landscape beginning in June. Read more.
SOCKS Proxy Primer: What Is SOCKs5 and Why Should You Use It?
Source: Security Intelligence
SOCKS, which stands for Socket Secure, is a network protocol that facilitates communication with servers through a firewall by routing network traffic to the actual server on behalf of a client. Read more.
Masad Stealer: Exfiltrating using Telegram
Source: Juniper
Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Read more.
Arcane Stealer V and its Maker
Source: Fidelis
July 2019, Fidelis Threat Research Team (TRT) acquired and began analyzing a sample of Arcane Stealer V. Read more.
DoorDash Data Breach Impacts Personal Data of Almost 5M Users
Source: ThreatPost
Food delivery service DoorDash disclosed a data breach that affects almost 5 million customers, drivers and merchants using its platform. Read more.
EFF: Encrypted DNS could help close the biggest privacy gap on the Internet
Source: TECHSPOT
Alongside technologies like TLS 1.3 and encrypted SNI, DoH has the potential to provide tremendous privacy protections. Read more.
New iOS exploit checkm8 allows permanent compromise of iPhones
Source: Malwarebytes
This morning, an iOS researcher with the Twitter handle @axi0mX announced the release of a new iOS exploit named checkm8 that promises to have serious consequences for iPhone and iPad hardware. Read more.
Phishing attacks abusing appspot.com and web.app domains on Google Cloud
Source: Zscaler
Our researchers recently detected similar activity on the Google domains Appspot.com and Web.app. Read more.
New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
Source: TrendMicro
We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. Read more.