August 12, 2019 By David Bisson 3 min read

Last week in security news, the world learned of new WhatsApp vulnerabilities that allowed a threat actor to intercept and manipulate messages exchanged in private chats and group conversations. Researchers also spotted a new version of a fast-growing ransomware family along with a wiper sample that masqueraded as crypto-ransomware. Lastly, plenty of new malware campaigns and techniques emerged throughout the week.

Top Story of the Week: WhatsApp Vulnerabilities

Check Point Research revealed that it had notified WhatsApp of three vulnerabilities near the end of 2018. The team found that digital attackers could abuse the flaws to intercept and manipulate users’ messages in 1 of 3 ways:

  1. Use the “quote” feature to change the identity of a sender
  2. Alter the text of someone’s response
  3. Send a public message disguised as a private conversation so the recipient’s response would be visible to other users.

WhatsApp fixed the third issue after Check Point Research informed the encrypted messaging service of its findings. However, the team found that the first and second exploitation channels were still available as of early August 2019.

Source: iStock

Also in Security News

  • Industrial Control Systems Under Attack From HEXANE: Dragos observed a new threat group called HEXANE targeting oil and gas companies located in the Middle East using general IT themes and novel detection evasion schemes. The firm also observed the group targeting telecommunications providers in the Middle East, Central Asia and Africa, presumably in an attempt to lay the groundwork for future network-based attacks.
  • New Version of MegaCortex Ransomware Released: In early August, Accenture spotted a new version of MegaCortex ransomware that uses anti-analysis features to evade detection. The threat also came with a hardcoded password, a technique that enables its handlers to target a larger number of users.
  • Trickbot Delivered via Obfuscated JS File: Researchers at Trend Micro detected a Trickbot campaign that used spam emails to deliver a malicious Microsoft Word document. This file, in turn, used a heavily obfuscated JS file to download a Trickbot payload.
  • New GermanWiper Malware Masquerades as Ransomware: On July 30, Bleeping Computer learned of a new malware family called GermanWiper after users began posting about it on its forums. The malware demanded a ransom from its victims, but they couldn’t recover their information even if they paid, since the threat overwrote their files’ data with ones and zeros.
  • Attackers Using SystemBC to Mask C&C Traffic: In the beginning of June, Proofpoint observed both the Fallout and RIG exploit kits delivering a new proxy malware family called SystemBC. This malware used a SOCKS5 proxy to mask traffic pertaining to command-and-control (C&C) infrastructure that used HTTP connections for banking Trojans like Danabot.
  • Lokibot Variant Comes With New Tricks: In summer 2019, Trend Micro found a new Lokibot variant when it notified a Southeast Asian company of a potential threat. This version used an autostart registry that pointed to a VBS file as a persistence mechanism, and also came with the ability to use steganography so that it could reference information during its unpacking routine.
  • Phishers Targeting U.S. Utility Organizations: At the end of July, Proofpoint detected a phishing campaign in which digital attackers masqueraded as the National Council of Examiners for Engineering and Surveying (NCEES). They used this disguise to download LookBack malware on victims’ devices.

Security Tip of the Week: Take Data Protection to the Next Level

The rise of destructive malware such as GermanWiper and MegaCortex v2 highlights the need for organizations to protect their data against digital threats. Security professionals can help their employers do this by creating an accurate inventory of data sources and monitoring those assets that contain personal information for suspicious activity. Security teams should couple these processes with an ongoing security awareness training program that educates employees of phishing attacks and other social engineering threats.

More from

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

What Telegram’s recent policy shift means for cyber crime

4 min read - Since its launch in August 2013, Telegram has become the go-to messaging app for privacy-focused users. To start using the app, users can sign up using either their real phone number or an anonymous number purchased from the Fragment blockchain marketplace. In the case of the latter, Telegram cannot be linked to the user’s real phone number or any other personally identifiable information (PII).Telegram has also long been known for its hands-off moderation policy. The platform explicitly stated in its…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today