Only two days after the release of GandCrab 4.0, FortiGuard Labs found a newer version (v4.1) being distributed using the same method, which is through compromised websites disguised as download sites for cracked applications.
It has been over two months since GandCrab has undergone a major update. While this latest version includes an overhaul in terms of the code structure, its major purposes are practically the same.
FortiGuard Labs spotted a malicious document with the politically themed file name “Draft PH-US Dialogue on Cyber Security.doc”. This document takes advantage of the vulnerability CVE-2017-11882. Upon successful exploitation, it drops a malware in the victim’s %temp% directory.
As part of our ongoing threat research at FortiGuard Labs, we discovered that EHCP contains an SQL Injection and multiple cross-site Scripting (XSS) vulnerabilities.
Microsoft fixed an use-after-free bug in the Edge Chakra Engine in the May 2018 Patch. This bug (CVE-2018-0946) causes the Chakra Engine to access a freed function address that can possibly be exploited to execute arbitrary code when a vulnerable system browses a malicious web page via Microsoft Edge.
In conjunction with the Cyber Threat Alliance, Symantec today released their blog post on an APT (advanced persistent threat) group codenamed "Thrip.” As part of our membership with the Cyber Threat Alliance (CTA), we have received these indicators ahead of publication to ensure that FortiGuard customers are protected from this latest disclosure.