Cyber threats keep targeting industries worldwide and have become more and more sophisticated. Cyber threats and data breaches have become synonymous with each other. This report outlines the most significant threats in the wild across Windows, Android, and macOS platforms and their propagation methodology.
Windows Threats
RedLine
This is a stealer Trojan that stays stealth on the victims’ system to steal login credentials, cookies, credit card information, crypto wallets, etc. It is distributed via malicious email attachments, malvertising, social engineering, and pirated software.
Amadey
This Trojan can steal sensitive information, log keystrokes, download and install other malware, send spam from the victim’s system, and possibly add the victim’s system to its botnet. Similar to RedLine, it is also distributed via malicious email attachments, malvertising, social engineering, and pirated software.
Remote Control and Surveillance (Remcos)
This Remote Access Trojan (RAT) is a commodity malware. Buyers can purchase and use it for whatever purpose they wish. If misused, this tool can be used to control victims’ systems remotely. This can steal financial and other credentials, impersonate the victim and add the victim’s system to a botnet. This also is distributed via malicious email attachments, malvertising, social engineering, and pirated software.
Mobile Threats
Anubis
This is a banking Trojan, stealing sensitive financial information, and causing financial and reputational loss to the victims. It propagates via malicious Google Play Store apps.
Hiddad
This family of malware uses aggressive advertising as a means to mint money. It uses a lot of hidden adware to display ads. It propagates by repackaging legitimate apps and releasing them to third-party app stores.
AhMyth
It is a RAT which does credential stealing – financial and otherwise, and also stealing cryptocurrency. It also captures users’ screen and has keylogging capabilities too. It also affects device performance. It propagates via trojanized fake applications and malvertising.
macOS Threats
EvilQuest
This is a Mac-specific ransomware that encrypts your files just like any other ransomware would do. This malware spreads via malicious installers and pirated downloads.
Bundlore
This is a family of adware droppers targeting macOS systems. Once the system is infected, it becomes very slow due to unwanted software that was installed due to this. This adware spreads via deceptive software installers. These apps can also steal users’ sensitive information and redirect users to shady websites.
Adload
It is a type of browser hijacking malware that makes users visit malicious websites. It bypasses built-in and third-party security defenses and also prevents users from uninstalling the same. This spreads via deceptive apps and pirated downloads.
Synataeb
This app generates revenue by displaying unwanted advertisements. It is a type of adware. It also has the capability to redirect users to shady websites and possibly steal confidential information. This propagates via fake installers and pirated downloads.
BuhoCleaner
Though it promises to clean your Mac, it does not offer real protection to your Mac or improve its performance. This propagates via fake installers and deceptive apps.
Top Vulnerabilities
EoP Vulnerability in Microsoft’s Win32K
The elevation of privilege (EoP) vulnerability, CVE-2023-29336, is in a core kernel-side driver used in Windows. This is an important zero-day vulnerability that has been exploited in the wild. Exploitation allows SYSTEM level privileges on the intended host.
Windows 10, Windows Server 2008, 2012, and 2016 are the products impacted.
PaperCut Vulnerability exposes victim’s system to ransomware
The remote code execution (RCE) vulnerability, CVE-2023-27350, allows threat actors to bypass authentication on vulnerable PaperCut NG 22.0.5 (Build 63914) installations and thereafter execute arbitrary code with SYSTEM privileges.
Vulnerability in Apple’s browser engine
CVE-2023-28204 is a vulnerability in WebKit’s browser engine that supports Apple’s web browsers, allowing the processing of malicious crafted web content leading to the exposure of sensitive information.
To conclude, organizations should keep up with the constantly evolving cyber threat landscape by staying abreast of the latest in the cybersecurity industry. They should follow good cyber hygiene practices such as using strong passwords, patching all the known vulnerabilities, periodically doing penetration testing on their network to strengthen its security, investing in good security products such as one from the K7 Product Series and keeping it updated to stay protected from the latest threats.
