Light Dark
August 26, 2019 By David Bisson 3 min read

Last week in security news, researchers spotted a phishing campaign that used evasion tactics to target utility organizations with Adwind. Analysts also observed evasive adware that hid itself within dozens of apps available for download on the Google Play store and a botnet variant that likely evaded detection for two years. Finally, security professionals uncovered vulnerabilities affecting a smart camera, along with a ransomware strain targeting Fortnite users.

Top Story of the Week: A New Adwind Campaign

In the summer of 2019, Cofense detected an attack email that originated from a hijacked account at Friary Shoes. The attack also abused the domain of Fletcher Specs to host the campaign’s payload.

With these elements in place, the attack email asked recipients from organizations who serve the national grid utilities infrastructure to open an attachment containing remittance advice. The attachment appeared to be a PDF document, but it was actually a JPEG file that redirected victims to the domain hosting Adwind. Once it was installed, the malware granted its handlers the ability to take screenshots, harvest browser credentials and record audio from the microphone.

Source: iStock

Also in Security News

  • Adware Uses Dozens of Apps to Infiltrate Play Store: Trend Micro discovered that a piece of adware called AndroidOS_Hidenad.HRXH had found its way onto the Google Play Store by concealing itself within 85 photography and gaming apps. The adware used various techniques to help avoid time-based detection systems.
  • Multiple Vulnerabilities Found in Smart Camera: Over the summer of 2019, Cisco Talos uncovered multiple vulnerabilities in the Nest Cam IQ Indoor camera. These weaknesses enabled attackers to create a denial-of-service condition and, in certain situations, gain control of an infected device to create more malicious outcomes.
  • Botnet Variant Evaded Detection for Up to Two Years: Trend Micro also came across a variant of the MyKings botnet during an investigation of changes made to the machine registry of a server owned by an electronics company in the Asia-Pacific region. The researchers discovered that the threat had been using the task scheduler, registry, Windows Management Instrumentation and bootkit of each machine it infected, which helped the botnet remain hidden for the previous two years.
  • Asruex Uses Old Bugs to Infect Word Docs and PDF Files: Trend Micro detected a variant of the Asruex botnet masquerading as a PDF file. This version arrived with the ability to abuse two older vulnerabilities, CVE-2012-0158 and CVE-2010-2883, and inject code into Word documents and PDF files.
  • Funds Stolen by APT Increased Fivefold: Group-IB observed that Silence, a Russian-speaking advanced persistent threat (APT), has increased the geography and frequency of its attacks. This helped Silence steal a total of $4.2 million, a fivefold increase since the firm issued its original report in September 2018.
  • Ransomware Family Targets Fortnite Players: Researchers at Cyren discovered that cyberattackers have been targeting Fortnite players with a fake game hack tool. The utility actually turned out to be a Syrk, a variant of the open-source Hidden-Cry ransomware.
  • Visa Adds Threat Detection and Disruption Capabilities: Visa announced a series of capabilities designed to help financial institutions and merchants protect against fraud and other cyberthreats. The multinational financial services corporation noted that it will scan the front ends of e-commerce websites for signs of payment card skimmers and use deep learning to monitor for automated attacks.

Security Tip of the Week: Protect Against Evasive Attacks and Known Vulnerabilities

The security news stories covered above highlight just how important it is for security professionals to help their organizations defend against malware. To do so, professionals should make the case for investing in artificial intelligence (AI) capabilities to defend against evasive attacks and monitor apps for anomalous behavior. A comprehensive vulnerability management program is also critical, as it can help keep critical enterprise assets up to date with known patches.

 |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature