Farseer Malware

 

 

A new brand of malware has been developed to give a threat group the tools required to attack Windows operating systems alongside their usual Android targets.

On Tuesday, cybersecurity researchers from Palo Alto’s Unit 42 said the malware, dubbed Farseer, has connections to HenBox, a cyberespionage malware detected in 2018 in attacks against Google’s Android operating system.

HenBox primarily targets the Turkish Uyghur group in order to steal data including personal and device information, including any phone numbers with a Chinese prefix. The malware is also able to compromise smartphone cameras and microphones.

Generally focused on smartphones, the hackers have now expanded their horizons with the launch of Farseer. The malware is spread through phishing campaigns and malicious .PDF files which employ social engineering tactics through the copy-and-paste of news articles sourced through a Myanmar website.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Farseer malware and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.

 

CVE-2018-20250

 

 

A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware.

The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could allow bad actors to remotely execute malicious code on victims’ machines simply by persuading them to open a file.

Source: ThreatPost

How do you protect yourself?

Researchers urge WinRAR users to update as soon as possible to the newest version of the software, 5.70 beta 1.

 

B0r0nt0K Ransomware

 

 

A new ransomware called B0r0nt0K is encrypting victim’s web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.

In a BleepingComputer forum post, a user stated that a client’s web site was encrypted with the new B0r0nt0K Ransomware. This encrypted web site was running on Ubuntu 16.04 and had all of its files encrypted, renamed, and had the .rontok extension appended to them.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against B0r0nt0K Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.