X-Industry

A new phishing campaign has been observed delivering Remote Access Trojans (RAT) such as VCURMS and STRRAT using a malicious Java-based downloader.  The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware, an unusual aspect of the campaign is VCURMS' use of a Proton Mail email address ("sacriliage@proton[.]me") for communicating with a command-and-control (C2) server.

The attack chain commences

Recently, security researchers have uncovered close to 4,000 unique secrets inside nearly 3,000 PyPI packages https://pypi.org   and says that more than 760 of these secrets were found to be valid.  Overall, the researchers identified 151 individual types of secrets, including AWS, Azure AD, GitHub, Dropbox, and Auth0 keys, credentials for MongoDB, MySQL, and PostgreSQL, and SSH, Coinbase, and Twilio Master credentials.

Valid credentials pose a critical and immediate threat to organizations, as

Activity Summary - Week Ending 28 August 2020:

• Fairdeal Furniture LTD, located in Mombasa Kenya is still Keylogged
• Red Sky Alliance observed 26 unique email accounts compromised with Keyloggers
• Analysts identified 68,495 connections from new unique IP addresses
• Red Sky Alliance identified 3,148 new IP addresses participating in various Botnets
• Team TNT targeting AWS using Kinsing variant
• Maze Ransomware
• US SBA Loan Relief Phishing Campaign
• Oil prices remain somewhat stagnant – even with Hurrica