Betabot malware

 

 

The malware, which is also known as Neurevt, is a sophisticated infostealer that began as a banking Trojan, but now includes features that allow its operators to practically take over a victim’s machine, steal sensitive information and shut down more than 30 popular anti-malware products, according to Assaf Dahan, senior director of threat hunting at Cybereason.

Betabot’s main features include a browser form grabber, an FTP and mail client stealer, a robust rootkit, the ability to download additional malware, and the ability to execute commands, he wrote in blog post.

The malware also includes modules for stealing banking information, running distributed denial of service attacks, and mine cryptocurrency illicitly.

Betabot exploits an 18-year-old vulnerability in the Equation Editor tool in Microsoft Office, which was discovered and patched by Microsoft in 2017, once again underlining the importance of keeping software patches up to date.

Dahan warns that Betabot implements a wide range of self-defence mechanisms commonly found in modern malware, including anti-debugging, anti-virtual machine/sandbox, anti-disassembly and the ability to detect security products and analysis tools.

In addition, the malware has an exhaustive blacklist of file and process names, product IDs, hashes and domains from major antivirus, security and virtualisation companies.

Source: ComputerWeekly

How do you protect yourself?

Proper security measures must be in place to defend against Betabot malware and similar threats. Avoid clicking unknown links and downloading suspicious attachments. Researchers suggest to keep up with Microsoft patches to ensure all vulnerabilities are patched. In addition, businesses should disabling the Equation Editor feature in Microsoft Office.

 

 

CVE-2018-12386

 

 

Mozilla Firefox patches critical vulnerabilities in Firefox and Firefox ESR. A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered.

Source: Mozilla

How do you protect yourself?

Security vulnerabilities are fixed in Firefox 62.0.3 and Firefox ESR 60.2.2.

 

DanaBot banking Trojan

 

 

The DanaBot banking Trojan traditionally ran campaigns that targeted Australia and European banks, but new research shows a new campaign that is targeting banks in the United States as well.

The North American campaign discovered by ProofPoint is being spread through malspam that pretends to be digital faxes from eFax. These emails state that the recipient received a fax and then prompts the user to download them.

When the recipient clicks on the download button, they will download a malicious Word document that pretends to be the eFax. When opened, the document will instruct the users to click on the “Enable Content” button to properly view it.

Once a user clicks on the Enable Content button, Word macros will fire off and download and install Hancitor on the victim’s machine. Hancitor will then download DanaBot and other malware, such as Pony, onto the computer.

According to security researcher TomasP the U.S. based targeted by this new DanaBot campaign include Bank of America, Wells Fargo, TD Bank, Royal Bank, and JP Morgan Chase.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against Danabot trojan and similar threats. Having proper up-to-date endpoint and firewall security provides a cross-generational blend of threat defense techniques to protect systems from malware.