Light Dark
May 11, 2020 By David Bisson 3 min read

Last week in security news, researchers observed a new version of the Lazarus Group’s Dacls remote-access Trojan (RAT) targeting Mac users via a trojanized two-factor authentication (2FA) app. That wasn’t the only new piece of malware that made headlines last week. Security analysts also unveiled their discovery of a new ransomware family, a new internet of things (IoT) botnet written in Golang and a new mobile banking Trojan.

Top Story of the Week: Dacls RAT Begins Targeting Mac Users

Malwarebytes found that malicious actors were distributing the new Dacls RAT variant via a trojanized version of MinaOTP, a 2FA app that is commonly used by Chinese speakers. The malicious app, known as “TinkaOTP,” first caught security researchers’ attention back in early April. At the time of discovery, it produced no hits with any antivirus engines on VirusTotal.

This version of Dacls arrived with all six of the plugins employed by the RAT’s Linux variant for executing commands, managing files and performing other functions. However, it arrived with an additional SOCKS plugin that enabled the malware to proxy traffic from the victim to its command-and-control (C&C) server.

Source: iStock

Also in Security News

  • LMS Plugin Vulnerabilities Allow Students to Access Data: Check Point Research performed a security audit of the LearnPress, LearnDash and LifterLMS WordPress learning management system (LMS) plugins. In the process, the research team uncovered several vulnerabilities that enabled a student or even an unauthenticated user to steal data, access student records and/or change their grades.
  • VCrypt Leverages 7-Zip to Create Password-Protected Archives of Data Folders: Bleeping Computer learned of a new ransomware strain going after French users. This threat specifically abused the 7-Zip command-line program to create password-protected archives of the data folders that it had targeted.
  • Automation Incorporated Into LockBit Ransomware’s Infection Chain: In an incident analyzed by McAfee Labs, malicious actors used a brute-force attack to target an organization with LockBit ransomware. This threat used automation to perform reconnaissance of the network and to instruct other hosts to effectively load the ransomware using a PowerShell command.
  • Credit Card Skimmer Disguises Itself as a Favicon: Malwarebytes knew that something was wrong when its researchers spotted several e-commerce sites loading a Magento favicon from myicons[.]net, a domain that had previously been identified as malicious. A closer look revealed that this favicon loaded JavaScript credit card skimming code when presented with a checkout page.
  • Kaiji Linux Malware Distinguishes Itself From Other IoT Botnets: Intezer found that the new Kaiji Linux malware was different from other IoT botnets. First, the threat was written in Golang — a rare programming language for IoT malware. Second, Kaiji limited its SSH brute-force attacks to target the root user only.
  • Vulnerabilities Used by Malicious Actor to Target Nearly 1M WordPress Sites: In late April, Wordfence’s Threat Intelligence Team spotted a threat actor engaging in various attacks abusing cross-site scripting (XSS) vulnerabilities. A closer look revealed that the threat actor had been responsible for targeting 900,000 websites using similar attack attempts.
  • Over 200 Personal Finance Apps Susceptible to EventBot: First detected by Cybereason, EventBot was capable of targeting Android devices and abusing Accessibility Services at the time of discovery in March 2020. These techniques enabled the malware to infect over 200 personal finance apps and even infiltrate cryptocurrency wallets such as Coinbase.
  • Evil Clippy Shipping Spam Used to Distribute Dridex Payload: Votiro’s Research Team observed a phishing email campaign that appeared to originate from DHL, FedEx and other shipping giants. That campaign leveraged Evil Clippy to hide malicious macro code within Microsoft Excel spreadsheets and distribute a Dridex payload.

Security Tip of the Week: Augment Your Organization’s Malware Defenses

Security professionals can best protect their organizations against threats such as the Dacls RAT by investing in a security solution that extends the accuracy of manual analysis across the network. To do so, organizations can invest in tools that leverage artificial intelligence (AI) to spot more sophisticated attack attempts that would seek to move throughout the network.

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature