Emotet is back from the dead, with a new version utilizing their tried-and-true method of loading a variety of payloads, including malicious Office files, ZIPS and other silent methods. In other cybersecurity news, a new banking trojan named Sharkbot has been infecting Android devices across the world.
Fake threat warnings sent from hacked FBI email system
A recent email spam campaign is spreading fake threat warnings to thousands of recipients, all coming from a legitimate FBI email address. The phony emails claim to have identified a threat actor operating on the recipient’s device and that they have already stolen information about the victim. It’s believed that an official FBI email server was compromised as the emails came from an internal domain. Luckily, it seems the machine in question was not connected to the main network so the threat actors didn’t actually access any sensitive information.
Trickbot used for return of Emotet
Researchers have been monitoring the return of the infamous banking trojan named Emotet. This latest iteration loads a variety of payloads, from malicious Office files and ZIPs to more silent methods. By using TrickBot loaders to distribute these payloads, it seems only a matter of time until the use of Emotet spreads, hoping to regain a market foothold similar to its prior state.
SharkBot banking trojan spreading through Android devices
Android devices in multiple countries have been identified as being infected with a new banking trojan called SharkBot. This new trojan doesn’t seem to belong to any current malware family – though it uses a familiar tactic by abusing the Automatic Transfer System to maliciously access credentials on an Android device. It can also compromise the Android Accessibility services to excessively spam the user for permissions, until the user inevitably concedes to the relentless wave of pop-ups. This opens up an array of sophisticated overlays to steal login credentials and SMS messages.
Hacker group targets Israeli organizations
Multiple Israeli organizations fell victim to cyberattacks that are leaving users with encrypted machines, though there doesn’t seem to be any demanded ransom. The Moses Staff group have been exploiting vulnerabilities that are already known, but are often left unpatched by careless IT admins which leaves entire networks available to unauthorized access. This attack seems to be politically motivated as there are no ransoms for the required decryption keys. Additionally, the attacks may be tied to prior attacks on Israeli-owned organizations.
Australian water supplier compromised for nearly a year
For a nine-month period, between August 2020 and May 2021, an Australian water supplier suffered a data breach on systems that contained sensitive customer information. Fortunately, the regional auditing office has stepped in to inform the supplier of the breach and to assist in making the appropriate corrections to the vulnerable systems.
