Categories
Breach Cyber Security Emotet Malware TrickBot Trojan

Magecart target NutriBullet, Coronavirus app asks users for ransom, and more

Major cybersecurity events on 18th March: From registering several new domains to building a malicious tracker app, deceptive Coronavirus scammers are at large, making the most of the current situation. New TrickBot tool employed to disrupt PCs and telecommunications.

Round Up of Major Breaches and Scams

Magecart hackers have spent weeks lurking on NutriBullet’s website

RiskIQ published research on Wednesday detailing how a hacking group, known as Magecart Group 8, snuck malicious code onto NutriBullet’s website to collect financial information from customers who purchased blenders and other products from the company. The attack began on Feb. 20 and continues today, despite an interruption between March 1 and March 5, RiskIQ said.

Hackers created thousands of coronavirus (COVID-19) related sites as bait

According to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.

Round Up of Major Malware and Ransomware Incidents

Beware of Android coronavirus tracker app that locks your device & asks for ransom payment

Security researchers from Domaintools observed a malicious Coronavirus tracker app that locks the user’s Android device and asks for a ransom payment. The good news is that the malware is not distributed through the official Google play store, but through the website coronavirusapp[.]site.

Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19 tracking map

Mobile security firm Lookout has traced a malicious Android application to what it says is a long-running campaign to spy on people in Libya. The spyware masquerades as the popular map produced by Johns Hopkins University that tracks the spread of COVID-19, the disease caused by the novel coronavirus. The software, called SpyMax, allows the operator to exfiltrate call and text logs, and remotely activate microphones and cameras.

TrickBot, Emotet malware use coronavirus news to evade detection

The TrickBot and Emotet Trojans have started to add text from Coronavirus news stories to attempt to bypass security software using artificial intelligence and machine learning to detect malware. Before malware is distributed in phishing campaigns or other attacks, developers commonly use a program called a ‘crypter’ to obfuscate or encrypt the malicious code. This is done in the hopes that it makes the malware appear to be harmless and thus FUD (Fully UnDetectable) to antivirus software.

New TrickBot tool targets telecommunications in the U.S, Hong Kong

The criminals behind the TrickBot banking trojan have retooled it for targeting telecommunications organizations in the U.S. and Hong Kong, according to new research from BitDefender. The new module, a malicious .dll file “rdpScanDll” allow attackers to run brute-forcing operations against Remote Desktop Protocols (RDPs).

Round Up of Major Vulnerabilities and Patches

Cisco patches several vulnerabilities in SD-WAN solution

Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a “high severity” rating. The high-severity vulnerabilities — all of them reported to Cisco by Orange Group — are caused by insufficient input validation. They can be exploited to make unauthorized changes to the system, escalate privileges to root, and inject arbitrary commands that are executed with root permissions.