Light Dark
March 16, 2020 By David Bisson 3 min read

Last week in security news, researchers spotted a new attack campaign in which malicious actors leveraged trojanized versions of popular hacking tools to spread the njRat Trojan. Various other Trojan families made headlines, as well. Geost drew attention to itself by using unofficial webpages to target Russian banks, while the new Cinobi banking Trojan made its debut in an exploit kit campaign targeting Japanese users.

Top Story of the Week: njRat’s New Attack Campaign

Cybereason came across a new njRat campaign in which digital attackers trojanized hacking tools and installers. They then posted these modified tools on forums and websites in an attempt to bait other hackers into installing them.

When someone attempted to install one of those tools, the campaign pulled an njRat payload hosted on a compromised WordPress site. Successful installation of the malware gave attackers the ability to hijack a victim’s machine. At that point, they had the option of conducting secondary attacks like launching distributed denial-of-service (DDoS) attacks or stealing sensitive data.

Also in Security News

  • Unofficial Webpages Employed by Geost Trojan to Target Russian Banks: Researchers at Trend Micro observed digital attackers using webpages with randomly generated server hostnames to distribute the Geost banking Trojan. In doing so, these malicious actors directed Geost at users who lacked access to or chose to circumvent the Google Play store.
  • IQY Files Converted Into Delivery Mechanism for Paradise Ransomware: Lastline detected a spam campaign that attempted to trick users into opening an attached internet query (IQY) file. In the case that a user complied, the IQY file retrieved a malicious Excel formula from the attackers’ command-and-control (C&C) server and used it to install Paradise ransomware.
  • Phishing Scam Facilitated by Fake Customer Service Chatbot: In a new phishing scam campaign shared with Bleeping Computer, digital attackers programmed a chatbot to pose as a customer service agent and walk the victim through several screens designed to steal their data. The chatbot even asked victims to reenter their information as a double-verify mechanism.
  • Phone System Disabled by Durham, NC, Following Ryuk Attack: IT personnel for the City of Durham, North Carolina, decided to contain a Ryuk ransomware attack by temporarily disabling the municipality’s phone system. This decision disrupted Durham residents’ ability to contact several city services and facilities including Durham City Hall.
  • Adult Content Used as Lure to Spread Raccoon Malware: IBM X-Force came across an attack email in which malicious actors claimed to have hacked one of the victim’s friend’s accounts and discovered nude images of their girlfriend. The attackers then threatened to share those pictures with the friend’s contacts unless the recipient opened an attachment that secretly contained the Raccoon infostealer.
  • Japanese Banking Customers Targeted With Bottle EK, Cinobi Banking Trojan: Trend Micro discovered a new campaign called “Operation Overtrap” in which digital criminals leveraged phishing emails and the Bottle exploit kit (EK) to target Japanese banking customers. Those methods commonly led users to the new Cinobi banking Trojan.
  • Vulnerability in Exchange Control Panel Exploited by Threat Actors: Researchers at the U.K.-based firm Veloxity observed malicious actors crafting new attacks that exploited CVE-2020-0688, a vulnerability that affects Microsoft’s Exchange Control Panel. This discovery followed just weeks after the tech giant issued a patch for the security flaw.
  • Exploits Targeting IoT Devices With Mirai Surged in February 2020: In its “Most Wanted Malware” roundup for February 2020, Check Point Research revealed that it had spotted a surge in exploitation attempts targeting vulnerable internet of things (IoT) devices with the Mirai botnet. Many of those attacks specifically abused a “PHP php-cgi Query String Parameter Code Execution” vulnerability.

Security Tip of the Week: Review Your Domains’ Security Measures

Security professionals can help protect their websites against compromise by reviewing an asset inventory for all information concerning their domains. This inventory should include a rundown of the security measures that are in place to protect the organization’s domains against takeover attempts.

At the same time, infosec personnel should consider protecting their organizations against DDoS attacks by investing in a solution that’s powered by artificial intelligence (AI) and machine learning (ML) to dynamically detect attack attempts.

 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

January 7, 2025

Mobile device security: Why protection is critical in the hybrid workforce

4 min read - In our mobile-first/mobile-last world, many employees’ work days both start and end on a mobile device. Mobile devices are now essential tools for productivity and communication. As many organizations transition to hybrid work environments, mobile devices offer a rich target for malicious actors because they are often the least protected corporate devices and offer platforms from which to launch social engineering attacks.Unlike traditional computers, which are generally well-defended with antivirus software and cybersecurity protocols, mobile devices are frequently left vulnerable…

January 6, 2025

Abusing MLOps platforms to compromise ML models and enterprise data lakes

15 min read - For full details on this research, see the X-Force Red whitepaper “Disrupting the Model: Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes”.Machine learning operations (MLOps) platforms are used by enterprises of all sizes to develop, train, deploy and monitor large language models (LLMs) and other foundation models (FMs), as well as the generative AI (gen AI) applications built on top of these models. The rush to leverage AI throughout enterprises has meant that security has been often…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature