Threat Research

FortiGuard Labs Weekly Threat Update – November 1, 2019

By Jeannette Jarvis | November 01, 2019

Each week, FortiGuard Labs publishes a Threat Brief to subscribers that profiles notable hot topics and threats that were discovered or discussed during the week. Here is a recap of what we are covering in this week’s Threat Brief:

  • Mobile device security threats, and Android-based malware in particular, are on the rise. In fact, 14% of all cyber threats – not just on mobile devices – are now detected on Android devices. With employees accessing critical business apps from personal devices, the risk exposure to introducing malicious attacks into your organization through a compromised mobile device is high. Protecting your organization is everyone's responsibility, and in this week’s report we outline five critical elements needed to enhance your cyber security awareness program.

  • While we’re on the topic of mobile device security, this week we saw some prominent mobile threat activity, including a new xHelper Trojan dropper that is not only able to reinstall itself on Android devices after it is removed, but it can do so even after a full factory reset of the device. Once infected, the device connects to a command and control server where additional payloads, such as droppers, rootkits, and more are downloaded.

  • FortiGuard Labs researchers recently came across a number of websites advertising cryptocurrency exchange platforms. Upon further analysis, we found that these sites were phishing sites, with domains registered and hosted on a Russian website hosting service. If you are investing in cryptocurrency, be sure you use legitimate exchange platforms.

  • The WordPress Plugin MM Forms Community is prone to vulnerabilities that let attackers upload arbitrary files. This week we discuss a specific vulnerability that we have seen experience a 20% increase in attacks over the last month, with Belarus and Spain recording the most activity.

  • Raccoon is an information stealer sold in underground forums as a Malware-as-a-Service (MaaS). When this information stealer was first discovered back in April, it was only available in Russian and sold in Russian hacking forums. Now, the Raccoon developers have expanded their market reach to English hacking forums. Read this week’s Threat Brief to learn the interesting details behind this malware.

  • We also profile some malware tools used by threat actors named after characters and items found in a popular Japanese anime series. Overall, these tools have been found to have various nefarious capabilities, such as information stealing, password harvesting, keylogging, and more. These tools are currently targeting shipping and transportation companies in Kuwait.

You can find more details about these and other issues in the FortiGuard Labs Weekly Threat Intelligence Brief. Follow these links to read this week's issue and subscribe to the weekly email distribution.    

Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio

Read about the FortiGuard Security Rating Service, which provides security audits and best practices.