Cyber Security Weekly Recap (12-18 Dec.)

Cyber Security Weekly Recap 12 18.12.2022 1024x630

Linux Users Affected by CHAOS Malware, an Attack Vector for Cryptocurrency Mining

An open-source remote access trojan (RAT) called CHAOS is used in cryptocurrency mining attacks against the Linux operating system.

After being installed, the CHAOS RAT may send extensive information about the compromised system to a remote server, as well as perform file operations, capture screenshots, force a system restart, and visit any URL it pleases.

Security researchers are alarmed that, due to the various functionalities the malicious tool has, and the fact that its development demonstrates that cloud-based threat actors are continually developing their malicious tactics, it is crucial for businesses and web users to exercise heightened security vigilance.

Google is adding passkey support for Chrome for Windows, macOS, and Android.

Google has started rolling out built-in support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome.

Instead of using passwords or other easily phishable authentication elements, the IT giant recommends using passkeys as a significantly safer replacement because they cannot be reused.

Google started testing the new security feature on Android, macOS, and Windows 11 about two months, and now it’s finally ready for widespread use in version 108.

Malware Distributed in Official Repositories threatens Python and JavaScript Developers.

The newest security threat to harm software supply chains is a malware campaign aimed at the Python Package Index (PyPI) and the npm repositories for Python and JavaScript. The campaign distributes typo-squatted and phony modules that spread a ransomware strain.

The security company Phylum claims the malicious packages include code that, once installed, obtains a Golang-based ransomware binary from a remote server.

If the attack is successful, the victim’s desktop background gets replaced with a CIA-themed picture (the U.S. Central Intelligence Agency) controlled by the actor. As an added feature, the malware is programmed to encrypt data and ask for a cryptocurrency payment as a ransom.

A Zero-Day Exploitable Flaw Was Just Found in Apple Products.

Apple rolled out updates to its iOS, iPadOS, macOS, tvOS, and Safari web browsers to fix a new zero-day vulnerability that might allow malicious code to be executed.

The technology giant has identified a type of confusion problem in the WebKit browser engine, which might be triggered while processing specially designed information and lead to arbitrary code execution. The vulnerability has been tracked with the CVE-2022-42856 identifier.

According to Apple, there is information that suggests this vulnerability was extensively exploited against iOS versions prior to iOS 15.1.

While the specifics of the attacks are still unknown, it’s safe to assume that social engineering or a watering hole was engaged in infecting the devices via a browser session spent on a malicious or legitimate but compromised site.

Threat actors are using Android malware that targets money-lending apps to blackmail users.

A New Android malware operation has been spotted using money-lending applications to blackmail users into handing over sensitive data in order to have their loans paid back.

Zimperium, a mobile security firm, has named this trend MoneyMonger, noting that the applications were built using the cross-platform Flutter framework.

According to the security company, MoneyMonger uses Flutter’s framework to conceal harmful features and complicate the identification of malicious activities via static analysis.

The attack is said to have begun in May 2022 and is related to another initiative previously revealed by the Indian cybersecurity company K7 Security Labs.

Microsoft Issues Cross-Platform DDoS Botnet Warning For Attacks Aimed At Minecraft Servers

Microsoft warned of a cross-platform botnet that targets private Minecraft servers with distributed denial-of-service (DDoS) assaults.

Although it originates from malicious software downloads on Windows hosts, the botnet MCCrash has a unique spreading mechanism that enables it to expand to Linux-based computers.

According to the research, the botnet gets distributed via enumerated default credentials on internet-exposed Secure Shell (SSH)-enabled devices. The reason attacks like this are possible is that IoT devices are often configured for remote setup with potentially risky settings.

Samba Releases Security Updates to Address Multiple Critical Flaws

After discovering various flaws that may be exploited to take control of vulnerable devices, Samba has published software upgrades to patch these issues.

These vulnerabilities are being tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141.

Patches for the critical vulnerabilities were included in versions 4.17.4, 4.16.8, and 4.15.13, all of which were issued on December 15, 2022.

Samba provides file server, printing, and Active Directory services, and it is an open-source Windows interoperability package for Linux, Unix, and macOS.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment