Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
When AI Moderation Blocks Cybersecurity: Challenges of Producing Threat Actor Videos
Source: Malware Patrol
While we fully support preventing #AI from facilitating misinformation, this was clearly not the case here. Cyber threat actors engage in harmful activities, and videos about them will inevitably address such topics. Nevertheless, it is necessary to educate cybersecurity practitioners and the general public about these malicious actions. Read more.
New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers
Source: The Hacker News
Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. Read more.
QuickBooks popup scam still being delivered via Google ads
Source: Malwarebytes LABS
Researchers have seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires victims to download and install a program that will generate a popup, also showing a phone number. In both instances, that number is fraudulent. Read more.
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
Source: UNIT 42
Unit 42 researchers identified a North Korean IT worker activity cluster tracked as CL-STA-0237. This cluster was involved in recent phishing attacks using malware-infected video conference apps. It likely operates from Laos, using Lao IP addresses and identities. Read more.
Malware Spotlight: A Deep-Dive Analysis of WezRat
Source: CHECK POINT RESEARCH
The latest version of WezRat was recently distributed to multiple Israeli organizations in a wave of emails impersonating the Israeli National Cyber Directorate (INCD). WezRat can execute commands, take screenshots, upload files, perform keylogging, and steal clipboard content and cookie files. Read more.
New Glove infostealer malware bypasses Chrome’s cookie encryption
Source: BLEEPING COMPUTER
During their attacks, the threat actors used social engineering tactics similar to those used in the ClickFix infection chain, where potential victims get tricked into installing malware using fake error windows displayed within HTML files attached to the phishing emails. Read more.
New PXA Stealer targets government and education sectors for sensitive information
Source: CISCO TALOS
Researchers discovered a new Python program called PXA Stealer that targets victims’ sensitive information, including credentials for various online accounts, VPN and FTP clients, financial information, browser cookies, and data from gaming software. PXA Stealer has the capability to decrypt the victim’s browser master password and uses it to steal the stored credentials of various online accounts. Read more.
Strela Stealer: Today’s invoice is tomorrow’s phish
Source: Security Intelligence
The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. Read more.
Volt Typhoon rebuilds malware botnet following FBI disruption
Source: BLEEPING COMPUTER
In this campaign, the malicious .RDP attachment contained several sensitive settings that would lead to significant information exposure. Once the target system was compromised, it connected to the actor-controlled server and bidirectionally mapped the targeted user’s local device’s resources to the server. Read more.
LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign
Source: BlackBerry
The threat actor behind LightSpy, who is believed with a high level of confidence is associated with Chinese cyber-espionage group APT41, has now expanded their toolset with the introduction of DeepData, a modular Windows-based surveillance framework that significantly broadens their espionage capabilities. Read more.