VIEH Daily threat Analysis | 08 August 2024

In the shadowy world of cyber espionage, a new player has emerged: GoGra, a Go-based backdoor that stealthily infiltrated a South Asian media organization. The malware wielded the Microsoft Graph API as its weapon of choice for command-and-control operations.

Mozilla and Google have fortified their defenses, releasing critical browser updates to patch vulnerabilities that could otherwise serve as gateways for malicious exploits. While Chrome received patches for six bugs, Firefox got patches for 14. 

Researchers uncovered a vulnerability in Microsoft 365, which could leave users dangerously exposed to phishing attacks. This flaw allows hackers to invisibly cloak the ‘First Contact Safety Tip’ in Outlook, which alerts users to emails from unknown senders, by manipulating CSS in HTML emails.

Top Malware Reported in the Last 24 Hours

New GoGra targets media organization

A new Go-based backdoor called GoGra targeted a South Asian media organization, using the Microsoft Graph API for command-and-control. The backdoor executes commands via cmd.exe and sends encrypted results to the user. It is linked to a nation-state hacking group known as Harvester. Once infiltrated, GoGra is designed to read messages from an Outlook user account, indicating a focus on cyber espionage.

Chameleon masquerades as CRM app

The Chameleon Android banking trojan has been targeting users in Canada by posing as a CRM app. The campaign expanded its victimology footprint to Canada and Europe, mirroring previous attacks in Australia, Italy, Poland, and the U.K. The trojan uses CRM-related themes to target customers in the hospitality sector and B2C employees. It bypasses Google’s Restricted Settings to deploy its payload, which can conduct on-device fraud and transfer funds illegally. By masquerading as a CRM tool, Chameleon aims to access corporate banking and poses a significant risk to organizations.

New ransomware strain spotted

A new ransomware strain called Zola was discovered, which was found to be a rebranding of the existing Proton family. The ransomware employs common hacking tools and techniques to escalate privileges and hinder recovery efforts. The attackers used common hacking tools like Mimikatz and ProcessHacker to escalate privileges and gain access rights. The ransomware payload of Zola was around 1MB in size and created a mutex to prevent concurrent execution. It also checked for administrative rights and had a kill switch to terminate the process if a Persian keyboard layout was detected.

Top Vulnerabilities Reported in the Last 24 Hours

Chrome and Firefox released updates

Mozilla and Google released updates for their web browsers to fix multiple vulnerabilities. Google’s Chrome version 127.0.6533.99 addresses six vulnerabilities, including a critical out-of-bounds memory access issue. Mozilla’s Firefox version 129 patches 14 vulnerabilities, with 11 rated as high severity. The patched vulnerabilities in both web browsers could be exploited for various malicious activities, such as spoofing, arbitrary code execution, and obtaining sensitive information.

Microsoft 365 bug found

Researchers found a way to bypass a key anti-phishing feature in Microsoft 365, increasing the risk of users falling for malicious emails. The flaw allows attackers to hide the ‘First Contact Safety Tip’ in Outlook, which alerts users about emails from unfamiliar senders. By manipulating the CSS in HTML emails, hackers can make the safety message invisible to recipients. In addition, they can also spoof security icons in encrypted emails to appear more legitimate. 

Kibana bug patch released

Kibana has a security flaw (CVE-2024-37287) allowing arbitrary code execution via prototype pollution. This affects self-managed Kibana installations on host OS, Kibana Docker instances, Elastic Cloud, Elastic Cloud Enterprise, and Elastic Cloud on Kubernetes. The issue is limited within the Kibana Docker container and can be prevented by seccomp-bpf. Affected versions include Kibana 8.x prior to 8.14.2 and Kibana 7.x prior to 7.17.23.

Join our internship: Click here

Post Credit: symantec enterprise, threatfabric, acronis, security week, bleeping computers, elastic, cyware

Leave a Comment

Your email address will not be published. Required fields are marked *