Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
April 16, 2021Rewterz Threat Advisory – Ubuntu Shiftfs and Overlays Vulnerabilities
April 19, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
April 16, 2021Rewterz Threat Advisory – Ubuntu Shiftfs and Overlays Vulnerabilities
April 19, 2021Severity
High
Analysis Summary
An online malware campaign has been identified which is to target in the name of FBR. However, fake domain “fbr.news” is being used for said purpose. Victims receive two emails from alert@fbr.news. First email contains password-protected Malicious attachment portraying FBR defaulter list and the second email contains passwords for the attachment. This 2-stage mechanism is used to bypass antivirus protection and gain victims’ confidence. Once the attached docu has been downloaded and runs on the target system; all stored data in the device is compromised. It is advised that any email originating from alert@fbr.news should be immediately deleted. Also, emails from unknown addresses must never be opened.
Impact
- Gain access
- Device compromise
Indicators of Compromise
Domain Name
fbr[.]news
From Email
alert@fbr[.]news
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment.