News Heading - 1

US and Canadian Authorities in a Joint Advisory Warned of Rising Truebot Activity

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a joint cyber security advisory , the US and Canadian federal authorities warned about an increasing use of a newly identified Truebot malware variant. The malware also known as Silence.Downloader in recent times has garnered attention because of its usage by ransomware groups like CL0P.

The Truebot malware is known to collect and steal information from victims for financial gains by delivering phishing emails with malicious attachments. However, the variant that is currently targeting organizations across the US and Canada is exploiting CVE-2022-31199, a remote code execution (RCA) vulnerability in the Netwrix Auditor software.

The on-premises and cloud-based IT system auditing software’s vulnerability is exploited by threat actors to gain initial access and move laterally within the targeted organization’s network. The advisory further went on to say that the malware once downloaded renames itself and deploys FlawedGrace (RAT) onto the compromised network.

The remote access trojan ( RAT ) is ‘’able to modify registry and print spooler programs,’’ features it manipulates to escalate privileges and establish persistence onto the host’s network.

After a few hours of the breach, Truebot also executes Cobalt Strike (RAT) payloads for various post-exploitation attacks, including ransomware deployment and data theft. In addition to these RAT variants and tools, Truebot is also associated with the deployment of other delivery vectors and tools like Raspberry Robin and Teleport.

The joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Canadian Centre for Cyber Security (CCCS) also stressed on the need for immediate mitigation and incident response measures in case of malware detection. It also advised hunting for signs of this malware infection by using the guidelines outlined in the cyber security advisory.

The authorities also advised organizations using Netwrix’s IT system auditing software to apply vendor provided patches to CVE-2022-31199 vulnerability and update it to version 10.5. The advisory also recommended reporting the Truebot hack incident to CISA or the FBI.

News Heading - 2

Meduza Stealer: A New Malware Targets Sensitive Data of Windows Users

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

A new Windows-based infostealer named ‘’Meduza Stealer’’ has been discovered by security researchers of Uptycs Threat Research team. An actively developed tool with the potential of new features additions, the stealthy malware with its advanced data theft capabilities can avoid detection by majority of security software.

The primary objective of this malware is stealing data that includes browsing history, login credentials, bookmarks, password managers, two-factor authentication (2FA) and crypto wallet extensions.

Meduza also uses a variety of Windows APIs to collect system information from the victim’s machine. This includes computer name, CPU details, hardware ID and RAM details, usernames, timezone, operating system details, public IP address, system build, screenshots, and geographical location.

The malware with a self-terminating capability does not use any obfuscation techniques, rather it immediately terminates its attack on the targeted host if the connection to the attacker’s server fails. Its execution is also aborted if a victim’s location is in its predefined list of excluded countries from the CIS region (Commonwealth of Independent States) and Turkmenistan.

In addition to stealing a variety of personal and system-related information on Windows devices, the malware also extracts information from 76 crypto wallets, Discord, Steam, 19 password manager apps, and 95 web browsers. The details have been shared by Uptycs in its research article.

Following its investigation, Uptycs has said that although no data breach incident can be associated with this malware, its stealth capability cannot be undermined. ‘’Left unchecked, the consequences for those affected could be severe, including financial losses and the potential for large-scale data breaches that can have far-reaching implications for organizations,’’ noted the company.