Read some of the most interesting and useful infosec articles from the last two weeks, in particular a couple about the newcomer Nemty ransomware. The NCSC published a reminder / warning about the upcoming end of life for Python2 (January 2020).
For more articles, check out our #onpatrol4malware blog.
Recent Phishing Attack on ProtonMail Accounts of Bellingcat Journalists Linked to Russia
Source: CPO Magazine
ProtonMail is a unique web-based email service that offers strong standard end-to-end encryption and has a basic tier that is free. Read more.
Firefox 69: Third‑Party Tracking Cookies and Cryptomining Now Blocked by Default
Source: ESET
Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking. Read more.
Ransomware hits hundreds of dentist offices in the US
Source: ESET
Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet has learned from a source. Read more.
China Chopper still active 9 years later
Source: Talos
China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. Read more.
Phishing Campaign Delivers Quasar RAT Payloads via Fake Resumes
Source: BleepingComputer
A new phishing campaign uses fake resume attachments designed to deliver Quasar Remote Administration Tool (RAT) malicious payloads. Read more.
Definitive Dossier of Devilish Debug Details
Source: FireEye
Welcome to part one of a multi-part, tweet-inspired series about PDB paths, their relation to malware, and how they may be useful. Read more.
New Nemty Ransomware May Spread via Compromised RDP Connections
Source: BleepingComputer
A new ransomware has been spotted over the weekend, carrying references to the Russian president and antivirus software. Read more.
Time to shed Python 2
Source: NCSC
The end of life (EOL) date for Python 2 has been a long time coming, but it’s finally in sight. As of the 1st of January 2020, Python 2 will no longer be supported. Read more.
Fully equipped Spying Android RAT from Brazil: BRATA
Source: Kaspersky
“BRATA” is a new Android remote access tool malware family. We used this code name based on its description – “Brazilian RAT Android”. Read more.
Nemty Ransomware Gets Distribution from RIG Exploit Kit
Source: BleepingComputer
The operators of Nemty ransomware appear to have struck a distribution deal to target systems with outdated technology that can still be infected by exploit kits. Read more.
Threat Actor behind Astaroth is using Cloudflare Workers
Source: Medium
The group behind the Astaroth attack campaign changed tactics and they ran a campaign in August using Cloudflare Workers. Read more.
JSWorm: The 4th Version of the Infamous Ransomware
Source: Yoroi
Ransomware is continuously supported with the purpose of creating revenues for cyber criminals. One of them is JSWorm, which has been updated to version 4. Read more.
Warning Issued After Malware Is Found To Have Hijacked Bitcoin Blockchain
Source: Forbes
Bitcoin’s blockchain has been hijacked by a new strain of the Glupteba malware that uses the network to resist attacks. Read more.
Crimeware in the Modern Era: A Cost We Cannot Ignore
Source: Medium
Chronicle researchers conducted an investigation into the evolution of crimeware from 2013 through 2018. Read more.
Thousands of servers infected with new Lilocked (Lilu) ransomware
Source: ZDNet
Thousands of web servers have been infected and had their files encrypted by a new strain of ransomware named Lilocked (or Lilu). Read more.