Threat Intelligence Report - July 21, 2023.

The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.


NetFire Threat Intelligence Team

Other articles

BundleBot Malware Distributed through Facebook Ads


A new malware strain, BundleBot, is leveraging .NET single-file deployment techniques to capture sensitive information from infected hosts, distributed via Facebook Ads and compromised accounts. Masquerading as utilities, AI tools, games, and even Google's AI chatbot, Google Bard, the malware uses custom obfuscation, captures data from web browsers, takes screenshots, and extracts Discord tokens, Telegram information, and Facebook account details, with a particular interest in targeting Facebook business and advertising accounts.


Read more:



4,000 Roblox Developers’ Info Leaked


A data breach impacting Roblox, a popular online game creation platform, has exposed the personal information of about 4,000 Roblox developers, including data such as home addresses, phone numbers, and dates of birth. The breach, which may date back to 2020, opens up these individuals to potential scams, harassment, and identity theft, with a heightened risk considering that children as young as 13 are allowed to join Roblox's Developer program.


Read more:


GitHub Warns Developers of Potential Targeting by Lazarus Hackers


GitHub has issued a warning about a social engineering campaign linked to the North Korean state-sponsored Lazarus hacking group, which is targeting developers in blockchain, cryptocurrency, online gambling, and cybersecurity sectors to deliver malware. The hackers use either compromised accounts or fake personas pretending to be developers or recruiters, invite their targets to collaborate on a project, and infect their devices with malware through malicious NPM dependencies within GitHub repositories.


Read more:



Google Cloud Bad.Build Flaw Requires Ongoing Vigilance


Cybersecurity researchers have discovered a privilege escalation vulnerability, called Bad.Build, in Google Cloud that could allow malicious actors to tamper with application images, potentially leading to supply chain attacks. Despite Google implementing a partial fix, there are concerns that this does not eliminate the privilege escalation vector, emphasizing the need for customers to monitor the behavior of the default Google Cloud Build service account and apply the principle of least privilege to mitigate potential risks.


Read more:


Weak MS-SQL Servers Breach Networks through Mallox Ransomware


Mallox ransomware activities have surged by 174% in 2023, with the group commonly exploiting weak MS-SQL servers through dictionary attacks to breach networks, as reported by Palo Alto Networks Unit 42. The ransomware also attempts to stop and remove SQL-related services, delete volume shadow copies, clear system event logs, and bypass security measures before encrypting files, posing a significant cybersecurity risk.


Read more:


Follow us at NetFire and stay tuned for more insights.



#NetFireThreatIntelligence #ThreatIntelligence #NetFireCloud #SecureCloud #BundleBot #LazarusHackers #BadBuildFlaw #Google #Mallox #NetOnFire