Weekly Threat Briefing: Backdoors, iOS Vulnerability, Remote Access Trojans, TrickBot Update, and more

The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: Android Vulnerability, Data breach, COVID-19, Ransomware, Russia, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Trending Cyber News and Threat Intelligence

The Octopus Scanner Malware: Attacking The Open Source Supply Chain

(published: May 29, 2020)

GitHub has issued an alert about a malware found in Java projects, that can run on Linux, macOS, and Windows. The malware, named “Octopus Scanner” has been found in 26 repositories that are managed using NetBeans, a Java Integrated Development Environment (IDE). Once the user downloads a repo, the malware infects the local machine and spreads into other Java projects after scanning for a local install of NetBeans. The next step of the malware is to download a Remote Access Trojan (RAT) and look for confidential information, including proprietary source code.Recommendation: It is important for organizations to ensure that they have defense in depth. This assists with detecting supply chain attacks as well as many other types of attacks. Specifically for developers, it is recommended that all third party libraries and repositories are audited, from a reliable source, and that unnecessary libraries should be removed from projects.MITRE ATT&CK: [MITRE ATT&CK] Supply Chain Compromise - T1195Tags: GitHub, Java, Malware, Octopus Scanner, RAT