Rewterz Threat Alert – CVE-2020-0022 – Google Android Bluetooth code execution
February 11, 2020Rewterz Threat Advisory – CVE-2020-5316 – Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution
February 12, 2020Rewterz Threat Alert – CVE-2020-0022 – Google Android Bluetooth code execution
February 11, 2020Rewterz Threat Advisory – CVE-2020-5316 – Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution
February 12, 2020Severity
Medium
Analysis Summary
Financial malware Metamorfo is back with a new variant with added technique of forcing victims to retype passwords into their systems which it tracks via a keylogger. Researchers found a new spate of phishing emails targeting users and distributing new variant of Metamorfo malware. Metamorfo was seen targeting Brazilian financial firms and now it’s expanding it’s geographic range.
This newest variant, which targets payment-card data and credentials at financial institutions with Windows platforms, packs a new trick up its sleeve. Once executed, the malware kills the auto-suggest data entry fields in browsers, forcing victims to write out their passwords – which it then tracks via a keylogger.
The infection is caused through a phishing emails and that distribute a ZIP archive containing an MSI file (named “view-(AVISO)2020.msi”). Researchers inspected this MSI file’s stream (a sequence of bytes written to files, giving more information about their attributes) and found JavaScript code mixed in with a wide swath of garbage strings.
Impact
- Information theft
- Financial loss
Indicators of Compromise
File name
view-(AVISO)2020.msi
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.