4. The number of malicious coronavirus-related domains that have been
registered since the start of January.
The researchers
said. "0.8 percent
of these domains
were found to be
malicious (93
websites), and
another 19
percent were
found to be
suspicious (more
than 2,200
websites).
5. RiskIQ saw more than 13,500 suspicious domains on Sunday, March 15; more
than 35,000 domains the next day; and more than 17,000 domains the day after
that.
Android users are also targeted:
The most notable of all campaigns targeting Android users is a ransomware strain
that locks user devices after users install a Coronavirus tracker app.
11. APT 36 is spreading Crimson RAT via Coronavirus Themed
Phishing Emails
Pakistani state sponsored
targeting Indian government
URLs:
email.gov.in.maildrive[.]email/?a
tt=1579160420
email.gov.in.maildrive[.]email/?a
tt=1581914657
12. World Health Organization Facing Cyber Attacks
During Coronavirus Response
A malicious site imitating the WHO’s email system was created to collect the
account information of the organization’s employees.
The activity began around March 13.
It was suspected that, ‘DarkHotel’ APT group is behind this incident.
The password-stealing attack went unsuccessful, confirmed by Flavio Aggio
(CISO, WHO) in a conversation with Reuters reporters.
13. TrickBot Mobile App Bypasses 2‐Factor
Authentication for Net Banking Services
When the malware is run, it exfiltrates a wide range of information, including —
● Personal device information
● SMS messages
● Recording targeted applications for a one-time password (TAN)
● Photos
Earlier in March, the malware added a new feature, a module called rdpScanDLL,
that brute forces remote desktop protocol (RDP) accounts. Also this past month,
TrickBot added a Windows 10 ActiveX control to execute malicious macros.
14. Microsoft reveals 2 unpatched Zero - days flaws in
Windows
The Remote Code Execution (RCE) vulnerabilities affect Adobe Type
Manager (ATM) Library, the part of Windows that manages PostScript
Type 1 fonts.
For now, there’s no software fix, which could be as far away as the next
‘Patch Tuesday’ update, scheduled for 14 April 2020.
File: atmfd.dll