Among the cybercrime known to us, EventBot seems to be a real threat among many users. EventBot is targeting financial applications and steal SMS messages to allow malware to bypass two-factor authentication. Keep reading to find out more security news.

For more articles, check out our #onpatrol4malware blog.

malicious Microsoft Office documents

COVID-19 Scam Roundup – April 20, 2020

Source: tripwire

Scams leveraging COVID-19 as a lure have stolen tens of millions of dollars from their victims. The FTC had received reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Read more.

IOT

PinnacleCart Server-Side Skimmers and Backdoors

Source: Sucuri

This time, Sucuri analysts found malware on a website powered by PinnacleCart, a webstore solution used by a large number of popular websites with hundreds of thousands of monthly visitors. Read more.

malicious Microsoft Office documents

Research Shows Number of Potentially Compromised Organizations More than Doubles Since January

Source: Team Cymru

On a normal week, the compromised organization for a small country such as Finland is approximately 200 organizations. But for the week of 2020-03-16, it had suddenly jumped to 800. Read more.

EventBot

CIRA launches Canadian Shield to provide free privacy and security to Canadians online Service to include first global deployment of a national DNS over HTTPS protocol

Source: CIRA

Canadian Shield will provide enterprise-grade privacy and cybersecurity protection to Canadians by leveraging CIRA’s national DNS infrastructure. Read more.

malicious Microsoft Office documents

CIRA launches Canadian Shield to provide free privacy and security to Canadians online Service to include first global deployment of a national DNS over HTTPS protocol

Source: CIRA

Canadian Shield will provide enterprise-grade privacy and cybersecurity protection to Canadians by leveraging CIRA’s national DNS infrastructure. Read more.

malicious Microsoft Office documents

DNS-over-HTTPS causes more problems than it solves, experts say

Source: ZDNet

Most experts think DoH is not good, and people should be focusing their efforts on implementing better ways to encrypt DNS traffic — such as DNS-over-TLS — rather than DoH. Read more.

malicious Microsoft Office documents

Upgraded Aggah malspam campaign delivers multiple RATs

Source: Talos

Cisco Talos has observed a new Aggah campaign consisting of the distribution of maldocs via malspam emails distributing a multi-stage infection to a target user’s endpoint. Read more.

EventBot

Named: The Top 5 Vulns Behind a Ransomware Surge

Source: Computer Business Review

In the incidents MSFT tracked, threat actors spent months obtaining access to systems and maintaining a persistent threat on networks. Read more.

malicious Microsoft Office documents

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

Source: Microsoft

Ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020. Read more.

EventBot

EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN

Source: cybereason

EventBot is a mobile banking trojan and infostealer that abuses Android’s accessibility features to steal user data from financial applications, read SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication. Read more.

malicious Microsoft Office documents

POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers

Source: Cornell University

To eliminate the threat of acoustic covert channels, audio hardware can be disabled and the use of loudspeakers can be strictly forbidden. Such are considered to be \textit{audio-gapped}, and hence immune to acoustic covert channels. Read more.

malicious Microsoft Office documents

Kaiji: New Chinese Linux malware turning to Golang

Source: Intezer

This botnet utilizes its own custom implant, which MalwareMustDie named Kaiji based on one of the function names. The botnet was built from scratch using the Golang programming language, which is rare in the IoT botnet landscape. Read more.