Operation Dark Caracal

Threat Meter

 

Wide-range of cybercriminals are now using a new piece of ‘undetectable’ spying malware that targets Windows, macOS, Solaris and Linux systems.

CrossRAT is a cross-platform remote access Trojan that can target all four popular desktop operating systems, Windows, Solaris, Linux, and macOS, enabling remote attackers to manipulate the file system, take screenshots, run arbitrary executables, and gain persistence on the infected systems.

According to researchers, Dark Caracal hackers do not rely on any “zero-day exploits” to distribute its malware; instead, it uses basic social engineering via posts on Facebook groups and WhatsApp messages, encouraging users to visit hackers-controlled fake websites and download malicious applications.

Source: The Hacker News

How do you protect yourself?

Your system gets infected from this malware using simple social engineering attacks. Do not click links or download applications from people you don’t recognize or trust on Facebook or WhatsApp.

Read more on our one blog post on different ways you can stay protected.

 

CVE-2018-0771

Threat Meter

 

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could lead to remote code execution in Adobe Flash Player 28.0.0.137 and earlier versions.  Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users.  These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Source: Adobe

How do you protect yourself?

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version:

Product Version Platform Priority Availability
Adobe Flash Player Desktop Runtime 28.0.0.161 Windows, Macintosh 1 Flash Player Download Center

Flash Player Distribution

Adobe Flash Player for Google Chrome 28.0.0.161 Windows, Macintosh, Linux and Chrome OS 1 Google Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 28.0.0.161 Windows 10 and 8.1 1 Microsoft Security Advisory
Adobe Flash Player Desktop Runtime 28.0.0.161 Linux 3 Flash Player Download Center

 

Operation FALLCHILL

Threat Meter

 

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.

During analysis of the infrastructure used by FALLCHILL malware, the U.S. Government identified 83 network nodes. Additionally, using publicly available registration information, the U.S. Government identified the countries in which the infected IP addresses are registered.

Source: US Government

How do you protect yourself?

Network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.