Last Updated on September 18th, 2023, By
 In AppSec Bulletin

Freshly Uncovered MetaStealer Malware Focuses on macOS Users.

A new malware called MetaStealer is targeting macOS systems to steal sensitive data. It uses social engineering tactics, disguising itself as fake design clients, and distributing through deceptive disk image bundles with names like ‘Brief_Presentation-Task_Overview-(SOW)-PlayersClub.’ Some variants pretend to be popular software like Adobe. MetaStealer’s code is complex, with obfuscation techniques similar to other malware like Sliver and Poseidon, and it can bypass Apple’s XProtect. Another malware, Atomic Stealer, uses a fake TradingView app to target macOS users, but MetaStealer differs in code and distribution methods. This highlights a growing trend of targeting Mac users, and organizations should deploy security solutions to protect against MetaStealer variants.

Source – Cyware Social News

CoinEx exchange loses approximately $27 million worth of cryptocurrency in a suspected hacking incident.

On September 12, crypto exchange CoinEx faced an unusual situation with significant outflows to an unfamiliar address, raising suspicions of a hack. The estimated losses, as calculated by the blockchain security platform Cyvers Alerts, amounted to around $27 million. This incident began with a transfer of approximately 4,947 Ether (ETH), valued at $7.9 million, to an Ethereum account that had no prior history. Following this, the CoinEx hot wallet made large token transfers to the same address, including 408,741 Dai (DAI), 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and more. Blockchain security experts flagged this activity as suspicious, and CoinEx later confirmed the anomalous withdrawals, stating that a special investigative team was looking into the situation. They assured users that any losses resulting from this breach would be fully compensated.

Source – Coin telegraph news

A recently identified WiKI-Eve attack has the capability to pilfer numeric passwords via WiFi connections.

The “WiKI-Eve” attack can intercept smartphone cleartext transmissions over WiFi and accurately deduce numeric keystrokes, potentially revealing numerical passwords with up to 90% accuracy. This attack exploits a security gap in WiFi routers and devices that use beamforming feedback information (BFI) to enhance signal direction. BFI data is exchanged in cleartext, making it susceptible to interception.

Researchers discovered that numeric keystrokes could be identified 90% of the time, 6-digit numerical passwords deciphered with 85% accuracy, and complex app passwords cracked with roughly 66% accuracy. While the attack targets numeric passwords, a majority of users still use such passwords.

The WiKI-Eve attack is a real-time interception of WiFi signals during password entry, requiring the attacker to identify the target through network indicators like MAC addresses. It captures BFI time series data created by keystrokes impacting WiFi antennas behind the screen.

Machine learning, specifically a “1-D Convolutional Neural Network,” is used to consistently recognize keystrokes despite typing variations. A “Gradient Reversal Layer” suppresses domain-specific features, helping the model learn consistent keystroke representations.

The attack’s success depends on the attacker’s distance from the access point, with longer distances reducing accuracy. In experiments, WiKI-Eve successfully inferred six-digit numerical passwords with an 85% success rate in under a hundred attempts.

The attack was also tested on WeChat Pay passwords, achieving a 65.8% success rate. Overall, the research highlights the need for improved security in WiFi access points and smartphone apps to protect against such attacks, including measures like keyboard randomization, data traffic encryption, and signal obfuscation.

Source – The Bleeping Computer

Google Looker Studio becomes a target for crypto phishing attacks.

Hackers are exploiting Google Looker Studio to create fraudulent cryptocurrency phishing websites, targeting digital asset holders and potentially compromising their accounts and finances. These phishing emails appear authentic and promise cryptocurrency rewards, leading recipients to fake web pages where they are asked to provide their cryptocurrency wallet login information. To protect against such attacks, it is advised to implement robust security measures, including document and file scanning, URL protection, and basic cybersecurity practices such as verifying unexpected rewards, enabling 2FA on cryptocurrency accounts, and staying informed about phishing trends.

Source – Cyware Social News

Hackers Gain Unauthorized Access to More Than 3,200 Vendor Records in Airbus Cybersecurity Breach.

In a recent cybersecurity incident, a threat actor compromised confidential information from 3,200 Airbus vendors, including sensitive details like names, phone numbers, and email addresses. The actor, known as “USDoD,” had previously sold the FBI’s InfraGrad database in December 2022.

Following the FBI’s pursuit, “USDoD” and other threat actors formed “BreachForums” as a platform for selling stolen data. In September 2023, “USDoD” posted on these forums, claiming membership in the “Ransomed” ransomware group responsible for attacks in September 2023 and announcing the Airbus data leak.

The breach’s source can be traced back to an employee of a Turkish airline who obtained an illegal copy of Microsoft .NET framework, leading to the spread of the RedLine malware, designed to collect sensitive information without user consent. Threat actors used the obtained credentials for the initial attack vector.

Info-stealer infections have seen a 6000% surge since 2018, making them a primary attack vector. A comprehensive report on the cyber attack provides detailed information.

Organizations are advised to restrict unauthorized software downloads and prohibit the use of pirated software to enhance security.

Source – Cyber Security News