Weekly Malware Roundup – September 25, 2023

This is the GreyKeep Security Malware Roundup for September 25, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Android WinRAR GitHub GitLab

Azure Redis Free Download Manager

Organizations

Azerbaijan City of Dallas Middle East telecom U.S. banks Latin American banks

Ukrainian Military Israeli organizations Political activists/journalists (Middle East)

Threat Actors

Earth Lusca (China) Transparent Tribe (Pakistan)

OilRig (Iran) Stealth Falcon

Malware / Ransomware

ShroudedSnooper SprySOCKS CapraRAT VenomRAT Snatch Culturestreak ValleyRAT Gh0stRAT Gelsemium

Operation Rusty Flag BlackCat Ransomware Sandman BBTok Trojan P2PInfect Royal SideTwist Deadglyph Xenomorph

Malware in the News

Android

• CapraRAT Impersonates YouTube to Hijack Android Devices
• Xenomorph Android malware now targets U.S. banks and crypto wallets

Apple

• Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
• New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware

Google Chrome

• Recently patched Apple, Chrome zero-days exploited in spyware attacks

Azure

• BlackCat Ransomware Leveraging Remote Monitoring Tools to Encrypt Azure Storage

Rust

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

WinRAR

• Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT

Government & Military

• China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign
• FBI, CISA Issue Joint Warning on ‘Snatch’ Ransomware-as-a-Service
• Dallas says Royal ransomware breached its network using stolen account
• Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
• Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals

Other Malware News

• ShroudedSnooper’ Backdoors Use Ultra-Stealth in Mideast Telecom Attacks
• Who’s Behind the 8Base Ransomware Website?
• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks
• Culturestreak’ Malware Lurks Inside GitLab Python Package
• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT
• Mysterious ‘Sandman’ APT Targets Telecom Sector With Novel Backdoor
• New variant of BBTok Trojan targets users of +40 banks in LATAM
• Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
• Ukrainian Hacker Suspected to be Behind “Free Download Manager” Malware Attack
• Deadglyph, a very sophisticated and unknown backdoor targets the Middle East
• Iranian Nation-State Actor OilRig Targets Israeli Organizations

Check out our latest Cybersecurity Daily for more security news, alerts, and products.