ElectroRAT Quietly Steals Cryptocurrency Across Multiple Operating Systems
After operating for nearly a year, ElectroRAT, a silent cryptocurrency stealer has finally been identified using multiple different trojanized apps to operate on Windows, Mac, and even Linux systems. To make these malicious apps appear more credible, the authors advertised on social media and cryptocurrency-related websites and may have helped lead to thousands of installations. By spreading their attack across multiple different operating systems, the attackers have greatly increased their chances for accessing information of some real value and importance.
New Zealand Bank Patches Bug, But Hours Too Late
In the days surrounding Christmas, Accellion provided a patch for a known vulnerability in their file transferring software, but attackers exploited this bug before some customers were able to update. The New Zealand Reserve Bank was the target of this attack, and with a 21-hour delay on the patch reaching New Zealand from Accellion’s California location, the window for the attack was very small. To make matters worse, the attack occurred over the Christmas holiday, so the proper responders were delayed as well.
Major Increase in Malicious Vaccine-related Domains
In the month following the release of the first COVID-19 vaccine for public availability, the number of domains with ‘vaccine’ in the title increased 94.8% over the previous month. As with the popularity of malicious COVID-related domains being registered in March of last year, cybercriminals are taking advantage of the pandemic’s hold over the general public in order to profit. With over 2,000 new domains with COVID-related keywords being created, the real worry is how to find accurate and reliable information amongst the surge of illegitimate sites.
Dairy Farm Group Faces $30 Million Ransom
One of the largest retailers in Asia, Dairy Farm Group, has suffered a ransomware attack by the REvil group, which has left them with a demanded ransom of roughly $30 million dollars. To make matters worse, the attack is still ongoing, nearly 9 days after it was first identified. The attackers also still have full control over the company’s email systems, likely to be used for additional phishing attacks or identity theft operations. Officials have confirmed that the attack was isolated to a small number of devices, but they haven’t been able to stop the continuing transmission of data to the attacker’s systems.
Global Authorities Take Down Emotet Botnet
In the wake of a global law enforcement push earlier this week, authorities have gained control of the servers responsible for operating the infamous Emotet botnet. This organization was responsible for infecting millions of devices across the world and using them to further the devastating spread. Police in Ukraine have also arrested a couple individuals that may be facing up to 12 years for their involvement with the cybercrime activities. Emotet started out as a banking trojan but has changed tactics over the years to include being the entry point for other ransomware variants to be dropped onto a system for their own purposes.