We have now come into a new month, and this set of InfoSec articles discusses how some specific malware operates. One of these is the Evilnum malware which was previously seen in attacks against financial technology companies. Read on and learn more in this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Mylobot

How Police Secretly Took Over a Global Phone Network for Organized Crime

Source: Vice

Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. Read more.

Evilnum malware

More evil: A deep look at Evilnum and its toolset

Source: WeLiveSecurity

ESET has analyzed the operations of Evilnum, the APT group behind the Evilnum malware previously seen in attacks against financial technology companies. Read more.

malicious Microsoft Office documents

New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

Source: Trend Micro

It is discovered a new Mirai variant that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which have not been observed exploited by past Mirai variants. Read more.

Evilnum malware

The Tetrade: Brazilian banking malware goes global

Source: SecureList

The Tetrade is our designation for four large banking trojan families created, developed and spread by Brazilian crooks, but now on a global level. Read more.

Evilnum malware

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

Source: Malwarebytes

Considering the ongoing tensions between India and China, it is believed that this new campaign is operated by a Chinese state-sponsored actor. Read more.

Mylobot

Blackbaud Hack: Universities lose data to ransomware attack

Source: BBC

At least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked a cloud computing provider. Read more.

Mylobot

Garmin says systems back online after cyber attack

Source: Yahoo News

Computer networks of the smartwatch and electronics firm Garmin were coming back online Monday, the company said, after an outage widely believed to have been due to a ransomware attack. Read more.

Mylobot

Cerberus banking Trojan team breaks up, source code goes to auction

Source: ZDNet

The source code of the Android-based Cerberus banking Trojan is being auctioned off due to the break-up of the development team. Read more.

malicious Microsoft Office documents

Office 365 phishing baits employees with fake SharePoint alerts

Source: Bleeping Computer

Employees using Microsoft Office 365 are targeted in a phishing campaign that makes use of bait messages camouflaged as automated SharePoint notifications to steal their accounts. Read more.

malicious Microsoft Office documents

Can we disable ransomware launched as a SYSTEM on thousands of machines at the same time?

Source: TEHTRIS

There is a large infrastructure protected and monitored by TEHTRIS remotely from its SOC in France, which has been targeted with the well-known weapon called SODINOKIBI. Read more.