Each week, FortiGuard Labs publishes a Threat Brief that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief:
- Read about our FortiGuard Labs researchers analysis of several new spam samples caught in our proprietary spam monitoring system associated with a Remcos RAT campaign.
- Our researchers noticed an interesting tweet where they found a file that is part of a new BadPatch campaign. BadPatch is a tag used for a set of malware that was used in a campaign with possible link to Gaza hackers.
- We also review the ELECTRICFISH tool that is used to tunnel traffic between two IP endpoints, allowing one to export data without raising any flags. It is believed that this is one of the tools used by APT38 to amass more than $100 million in funds.
- The EternalBlue Downloader has been adapted to exploit the BlueKeep vulnerability. If a user is infected with this version of the EternalBlue Downloader, the malware will attempt to detect if the infected machine can be exploited with the BlueKeep vulnerability, and if so, report this to a C2 server where it will get further instructions to carry out an attack.
- FortiGuard Labs is reporting increased detections for an Adobe ColdFusion vulnerability. This vulnerability is an unrestricted file upload vulnerability that, if properly exploited, could easily lead to a remote code execution.
- This week, industry researchers uncovered a criminal scheme where a trojanized Tor browser was used to fleece darknet users of their bitcoins. Over several months the gang was able to collect $40,000 in stolen bitcoins.
Read more details about these stories and more in our FortiGuard Labs Weekly Threat Intelligence Brief. Read this week's issue and subscribe to the weekly email distribution.