ThreadKit Malware

 

 

In the recently released report, Fidelis threat research analysts found that despite reported arrests, Cobalt Group continues to remain active, using a new version of ThreadKit, a macro delivery framework sold and used by numerous actors and groups. In addition, researchers identified CobInt, a loader and backdoor framework utilized in profiling systems.

The threat group had largely been targeting banks in Eastern Europe using phishing emails with malicious PDF attachments that allowed the group to steal more than $32,000 from multiple ATMs in an overnight attack.

Prior to Interpol reportedly arresting the group’s leader in March 2018, it was estimated that the threat actors had pilfered as much as $1.2 billion from banks across 40 different countries.

Source: Infosecurity Magazine

How do you protect yourself?

Proper security measures must be in place to defend against ThreadKit malware and similar threats. Make sure you only download legitimate apps from the app store and do not click on suspicious links. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-20299

 

 

A recently discovered security vulnerability affects both the Bosch Smart Home 360° indoor as well as the Eyes outdoor cameras. It potentially allows the unauthorized execution of code on the device via the network interface.

The vulnerability can be used to remotely execute code on the device (RCE). This would enable a potential attacker, for example, to bypass access restrictions (e.g. username / password) or to reactivate disabled features (e.g. telnet). A necessary prerequisite for this attack is the network access to the webserver (HTTP / HTTPS) of the device. Despite its high rating, possible attacks are considered incapable of accessing private keys if they are stored on the devices’ Trusted Platform Module (TPM). An affected camera can be restored to its original state by the factory reset button.

Source: Bosch

How do you protect yourself?

The recommended approach is to update the firmware of all Bosch Smart Home cameras to a fixed version, that is, 6.52.4 or higher. Updated firmware files are available and offered to all customers via the existing update mechanism in the Bosch Smart Home camera app.

 

Zebrocy Trojan

 

 

The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy (a.k.a. APT28, Fancy Bear or Sednit) – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language.

The similarities between the new payload and previous Zebrocy variants start with the fact that the versions share the same command-and-control (C2) URL, according to an analysis from Palo Alto’s Unit 42 group. Beyond that, additional overlaps include the fact that it does initial data collection on the compromised system, exfiltrates this information to the C2 server and attempts to download, install and execute an additional payload from the C2.

Source: Threatpost

How do you protect yourself?

Proper security measures must be in place to defend against Zebrocy Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.