November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-14287 – Sudo Flaw Lets Linux Users Run Commands As Root
October 15, 2019Rewterz Threat Advisory – Cisco IOS XE Software Web UI Command Injection Vulnerabilities
October 15, 2019Rewterz Threat Advisory – CVE-2019-14287 – Sudo Flaw Lets Linux Users Run Commands As Root
October 15, 2019Rewterz Threat Advisory – Cisco IOS XE Software Web UI Command Injection Vulnerabilities
October 15, 2019
Severity
High
Analysis Summary
Attackers have created an elaborate scheme to distribute a cryptocurrency trading program that installs a backdoor on a victim’s Mac or Windows PC.
Security researcher MalwareHunterTeam discovered a scheme where an attacker has created a fake company that is offering a free cryptocurrency trading platform called JMT Trader. When this program is installed, it will also infect a victim with a backdoor Trojan.
This scheme starts with a professionally designed web site where the attackers promote the JMT Trader program .
To help promote the site and program, they also created a Twitter account that is used to promote the fictitious company.
Impact
- Financial loss
- Exposure of sensitive information
Indicators of Compromise
Malware Hashes
MD5
- 48971e0e71300c99bb585d328b08bc88
- c4aa6f87124320eadc342d2fe7364896
SH256
- 9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641
- 4d6078fc1ea6d3cd65c3ceabf65961689c5bc2d81f18c55b859211a60c141806
- 07c38ca1e0370421f74c949507fc0d21f4cfcb5866a4f9c0751aefa0d6e97542
SHA1
4fcc84583126689d03acf69b9fca5632f7d44752
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.