Weekly Malware Roundup – September 11, 2023

This is the GreyKeep Security Malware Roundup for September 11, 2023. Here’s a summary of what’s in this week’s edition:

Targets

Android Windows (NTLMv2) Windows (Advanced Installer) Microsoft IIS Microsoft Teams Cisco ASA

Apple MacOS Apple iPhone Fortinet SSL-VPN Zoho ManageEngine Facebook Messenger IRM Next Generation

Organizations

Ukraine Cybersecurity researchers

Graphic designers Hotels and resorts

Threat Actors

North Korea Lazarus (N. Korea) APT28/Fancy Bear (Russia)

APT34 (Iran) Charming Kitten (Iran) Hive0117

Malware / Ransomware

Blastpass Atomic Stealer Pegasus Spyware DarkGate Fancy Bear PhoenixMiner lolMiner Mirai Botnet (Pandora)

SideTwist Backdoor Agent Tesla variant Akira Ransomware Sponsor Malware HijackLoader Evil Telegram DarkWatchman Powershell scripts

Malware in the News

Apple

• Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain
• Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

Microsoft

• Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts
• Microsoft Teams users targeted in phishing attack delivering DarkGate malware
• Protecting Your Microsoft IIS Servers Against Malware Attacks

Android

• Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
• Mirai Botnet Variant ‘Pandora’ Hijacks Android TVs for Cyberattacks

Cisco

• Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

Facebook

• Facebook Messenger phishing wave targets 100K business accounts per week

Specific Groups

• North Korea-linked threat actors target cybersecurity experts with a zero-day
• Weaponized Windows Installers Target Graphic Designers in Crypto Heist
• Hackers Exploit Zero-Day Flaw in Software Used by Resorts and Hotels

Government & Military

• Russia’s ‘Fancy Bear’ APT Targets Ukrainian Energy Facility

Other Malware News

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
• US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
• Iranian hackers backdoor 34 orgs with new Sponsor malware
• CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
• Hive0117 Group Attacking Employees of Energy, Finance, & Software Industries
• New HijackLoader malware is rapidly growing in popularity in the cybercrime community
• Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Check out our latest Cybersecurity Daily for more security news, alerts, and products.