No recent events yet!
Grandoreiro, a multi-component banking trojan that runs as Malware-as-a-Service (MaaS), is targeting more than 1,500 banks globally. According to reports, the malware has infected banking applications and websites in more than 60 countries, including Central and South America, Africa, Europe, and the Indo-Pacific. Investigation further revealed that the malware has infected more than 41 banking applications in Nigeria. The new version includes significant changes such as string decryption and DGA calculation, allowing at least 12 different C2 domains per day. Grandoreiro's attack chain includes obtaining email addresses from affected hosts and delivering more phishing attempts through the Microsoft Outlook client. Cybercriminals could use the software to gather sensitive financial data, potentially resulting in financial losses. This underscores the need for network and system administrators as well as device users to emplace safeguards to prevent likely attacks.
Security investigations revealed that a self-propagating USB malware released in 2020, is still active and spreading across systems worldwide, through infected USB drives. Monitoring of the PlugX worm variant revealed that about 2.5 million IP addresses were infected, in over 170 countries including Nigeria and over 100,000 unique IPs still send daily requests to the sinkhole, indicating that the botnet remains active. It is worthy to note that 15 out of the 170 countries affected by the malware spread, account for 80% of the infections recorded, Nigeria inclusive.
A new evolving malware family that targets mobile banking apps on Android smartphones has been discovered. The android trojan dubbed Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware. Brokewell is capable of device takeover, remote control, data exfiltration and monitoring capabilities. Furthermore, the malware has the capability to bypass Android 13, 14, and 15 restrictions, while deploying phishing tactics such as fake browser updates as a means to trick targets into downloading and installing a version of the malware.
Security researchers identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS. The vulnerability allows the threat actor to remotely exploit the firewall device, create a reverse shell, and download further tools onto the device. The attacker focused on exporting configuration data from the devices, and then leveraging it as an entry point to move laterally within the victim organizations. Accordingly, users of Palo Alto products in Nigeria are advised to upgrade their products to the latest versions as recommended.
Multiple critical vulnerabilities have been reported in Oracle products. The identified security flaws could allow attackers to remotely execute code, manipulate data, or gain unauthorized access to systems. Notably, security research revealed that over 200 vulnerabilities can be exploited remotely by unauthenticated attackers. Nonetheless, Oracle has released its Critical Patch Update (CPU) including 441 security patches, with over 200 addressing remotely exploitable flaws. Also, the released updates include patches for third-party components in Solaris, Oracle Linux, and Oracle VM Server for x86. Accordingly, users are advised to upgrade their products to the latest versions as recommended.
