October 3, 2023

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, June 24, 2023.

1. Malware Dropper Based on A JavaScript

Researchers have provided details of a new strain of JavaScript-based dropper that delivers two forms of malware onto victims’ systems dubbed as PindOS after a user-agent string of the same name in the code, the dropper contains comments in Russian and delivers Bumblebee and IcedID malware.

Bumblebee is a malware loader associated with the Conti ransomware group discovered in March 2022 and acts as a primary vector for multiple types of other malware, including ransomware. IcedID is modular banking malware designed to steal financial information that has been around since 2017. The PindOS dropper exhibits a change in how Bumblebee is used, shifting from using PowerShell to JavaScript. The change indicates an attempt by the threat actors to adapt and refine their attack methods to maximize efficiency and evade detection.

2. Fake WannaCry Ransomware Targeting Gamers

Researchers have spotted a phishing campaign targeting Russian-speaking players of Enlisted, a multiplayer first-person shooter. The hackers used a fake website that closely resembles the official Enlisted webpage to distribute ransomware. Though the campaign is not attributed to any group, it is believed that the campaign is connected to the tussle between Russia and Ukraine

Enlisted is a freely available game that takes place during World War II and revolves around major battles fought across all war fronts. The game was published by Russia-founded company Gaijin Entertainment in 2021 and has between 500,000 and a million active monthly players. The fake Enlisted website hosts a legitimate game installer and ransomware that mimics the infamous WannaCry crypto worm, created by the North Korean hacking group Lazarus.



We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

3. Security and Compliance Frameworks

Cyber security compliance is all about ensuring that the companies adhere to all the important regulatory requirements and follow the national and state-level cyber laws to protect sensitive information. Organizations have to implement the systematic risk governance approach that combines with the respective authorities, industry-relevant units, and laws to meet the data management requirements.

An information security management system that adheres to the regulatory requirements to guide companies about the precautionary measures that should be followed to minimize the possibility of a breach. IT security compliance helps in monitoring and accessing the process of devices, systems, and networks that adhere to regulatory compliance requirements.

Here we discussed many frameworks that’s been in the existence and followed


4. Mystic Stealer Dissection

Mystic Stealer is an info stealer malware active since April 2023 and rented for $150/month, or $390/ quarter. It currently targets 40 web browsers, 70 browser extensions, 21 applications for cryptocurrencies, 9 MFA and password management programs, 55 browser extensions for cryptocurrencies, Steam and Telegram credentials.

All Windows versions, from XP to 11, can be impacted by Mystic Stealer, which supports both 32-bit and 64-bit OS architectures. It has a small footprint on infected devices, operating directly in memory with no dependencies. This makes it harder to detect by antivirus software, and its anti-virtualization checks help the malware detect sandboxed environments.

5. Black Cat Group takes Credit for Reddit Breach

BlackCat ransomware gang has taken the credit for the February 2023 cyberattack against Reddit, claiming to have stolen 80 gigabytes of data. Reddit disclosed the breach shortly after being hacked and described the incident as the result of a sophisticated and highly targeted phishing attack in which an employee’s credentials and MFA tokens were stolen.

The attackers accessed internal documents, internal dashboards, business systems, source code, the information of hundreds of contacts and current and former employees, and advertiser data.

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Leave a Reply

%d bloggers like this: