01 Mar Newsletter For First Week of March 2023
ChromeLoader Campaign Lures With Malicious VHDs For Popular Games
Security researchers have noticed that the operators of the ChromeLoader browser hijacking and adware campaign are now using VHD files named after popular games. Previously, such campaigns relied on ISO-based distribution. The malicious files were discovered by member of the Ahnlab Security Emergency Response Center (ASEC) through Google search results to queries for popular games. Among the game titles abused for adware distribution purposes are Elden Ring, ROBLOX, Dark Souls 3, Red Dead Redemption 2, Need for Speed, Call of Duty, Portal 2, Minecraft, Legend of Zelda, Pokemon, Mario Kart, Animal Crossing, and more.
Hackers Using Trojanized MacOS Apps To Deploy Evasive Cryptocurrency Mining Malware
Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed by means of an unauthorized modification in Final Cut Pro, a video editing software from Apple. An earlier iteration of the campaign was documented exactly a year ago by Trend Micro, which pointed out the malware’s use of i2p to conceal network traffic and speculated that it may have been delivered as a DMG file for Adobe Photoshop CC 2019.
Dish Network Goes Offline After Likely Cyberattack, Employees Cut Off
American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. The widespread outage affects Dish.com, Dish Anywhere app as well as several websites and networks owned by the corporation. Customers also suggest the company’s call center phone numbers are unreachable. Additionally, customers are facing authentication issues when signing into TV channel apps such as MTV & Starz via their Dish credentials. Dish Network’s remote employees have been cut off from accessing their work systems.
PureCrypter Malware Hits Govt Orgs With Ransomware, Info-stealers
A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains. Researchers at Menlo Security discovered that the threat actor used Discord to host the initial payload and compromised a non-profit organization to store additional hosts used in the campaign. “The campaign was found to have delivered several types of malware including Redline Stealer, AgentTesla, Eternity, Blackmoon and Philadelphia Ransomware,” the researchers say.
TELUS Investigating Leak Of Stolen Source Code, Employee Data
Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company. TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.
Russian Malware Dev Behind NLBrute Hacking Tool Extradited To US
A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4. Also known as dpxaker, Dariy Pankov is now charged with access device fraud and computer fraud and faces a maximum sentence of 47 years in federal prison if convicted on all counts. “The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords,” the Justice Department said in a press release on Wednesday.
Hackers Use Fake ChatGPT Apps To Push Windows, Android Malware
Threat actors are exploiting the popularity of OpenAI’s ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. ChatGPT gained immense traction since its launch in November 2022, becoming the most rapidly growing consumer application in modern history with more then100 million users by January 2023. This massive popularity and rapid growth forced OpenAI to throttle the use of the tool and launched a $20/month paid tier (ChatGPT Plus) for individuals who want to use the chatbot with no availability restrictions.
Google Paid $12 million In Bug Bounties To Security Researchers
Google last year paid its highest bug bounty ever through the Vulnerability Reward Program for a critical exploit chain report that the company valued at $605,000. In total, Google spent over $12 million for more than 2,900 vulnerabilities in its products discovered and reported by security researchers.
Forsage DeFi Platform Founders Indicted For $340 million Scam
A Federal grand jury in the District of Oregon has indicted four Russian nationals founders of Forsage decentralized finance (DeFi) cryptocurrency investment platform for allegedly running a global Ponzi and pyramid scheme that raised $340 million. Forsage was promoted as a “smart contract system” that automatically distributes income to investors based on an algorithm, not requiring manual withdrawal requests. The project promised 100% transparency, complete decentralization, peer-to-peer transactions, no owner/admin, no chance of scams or sudden shutdown, and no company or third party involved.
Ransomware Attack Forces Produce Giant Dole to Shut Down Plants
Produce giant Dole has been forced to shut down plants as a result of a ransomware attack that appears to have resulted in product shortages in some grocery stores. In a statement posted on its website on Wednesday, Dole said it was dealing with a cybersecurity incident involving ransomware. The company has contacted law enforcement and external cybersecurity experts to help it address and investigate the attack. The Ireland-based company said the impact to its operations has been limited but, according to reports, the Dole ransomware attack has caused problems for some stores
The TechLab Cyber Security Team responsible for monitoring, identifying, detecting, protecting, isolating, responding and recovering based on current threats provides 24x7x365 services, TechLab Security specializes in various security products, projects, network devices, end-user devices, and system.
The TechLab Cyber Security Team Major Responsibilities Are:
• Monitor, Analyze, Correlate & Escalate Intrusion Events,
• Develop Appropriate Responses; Protect, Detect, Respond,
• Conduct Incident Management and Forensic Investigation,
• Maintain Security Community Relationships,
• Various Cyber Security Consulting Services such as Penetration Testing, Vulnerability Assessment, PCI-DSS Compliance and ISO27001 implementation and Audit compliances,
• Assist in Crisis Operations.