Among the cybercrime known to us, EventBot seems to be a real threat among many users. EventBot is targeting financial applications and steal SMS messages to allow malware to bypass two-factor authentication. Keep reading to find out more security news.
For more articles, check out our #onpatrol4malware blog.
COVID-19 Scam Roundup – April 20, 2020
Source: tripwire
Scams leveraging COVID-19 as a lure have stolen tens of millions of dollars from their victims. The FTC had received reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Read more.
PinnacleCart Server-Side Skimmers and Backdoors
Source: Sucuri
This time, Sucuri analysts found malware on a website powered by PinnacleCart, a webstore solution used by a large number of popular websites with hundreds of thousands of monthly visitors. Read more.
Research Shows Number of Potentially Compromised Organizations More than Doubles Since January
Source: Team Cymru
On a normal week, the compromised organization for a small country such as Finland is approximately 200 organizations. But for the week of 2020-03-16, it had suddenly jumped to 800. Read more.
CIRA launches Canadian Shield to provide free privacy and security to Canadians online Service to include first global deployment of a national DNS over HTTPS protocol
Source: CIRA
Canadian Shield will provide enterprise-grade privacy and cybersecurity protection to Canadians by leveraging CIRA’s national DNS infrastructure. Read more.
CIRA launches Canadian Shield to provide free privacy and security to Canadians online Service to include first global deployment of a national DNS over HTTPS protocol
Source: CIRA
Canadian Shield will provide enterprise-grade privacy and cybersecurity protection to Canadians by leveraging CIRA’s national DNS infrastructure. Read more.
DNS-over-HTTPS causes more problems than it solves, experts say
Source: ZDNet
Most experts think DoH is not good, and people should be focusing their efforts on implementing better ways to encrypt DNS traffic — such as DNS-over-TLS — rather than DoH. Read more.
Upgraded Aggah malspam campaign delivers multiple RATs
Source: Talos
Cisco Talos has observed a new Aggah campaign consisting of the distribution of maldocs via malspam emails distributing a multi-stage infection to a target user’s endpoint. Read more.
Named: The Top 5 Vulns Behind a Ransomware Surge
Source: Computer Business Review
In the incidents MSFT tracked, threat actors spent months obtaining access to systems and maintaining a persistent threat on networks. Read more.
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
Source: Microsoft
Ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020. Read more.
EVENTBOT: A NEW MOBILE BANKING TROJAN IS BORN
Source: cybereason
EventBot is a mobile banking trojan and infostealer that abuses Android’s accessibility features to steal user data from financial applications, read SMS messages, and steal SMS messages to allow the malware to bypass two-factor authentication. Read more.
POWER-SUPPLaY: Leaking Data from Air-Gapped Systems by Turning the Power-Supplies Into Speakers
Source: Cornell University
To eliminate the threat of acoustic covert channels, audio hardware can be disabled and the use of loudspeakers can be strictly forbidden. Such are considered to be \textit{audio-gapped}, and hence immune to acoustic covert channels. Read more.
Kaiji: New Chinese Linux malware turning to Golang
Source: Intezer
This botnet utilizes its own custom implant, which MalwareMustDie named Kaiji based on one of the function names. The botnet was built from scratch using the Golang programming language, which is rare in the IoT botnet landscape. Read more.