'Reporters without Borders' website misused in wateringhole attack
A14CCC5922EFC6C7CEC1BB58C607381C99967ED4B7602B7427B081209AAF1656 is an interesting injector which downloads something which pretends to be an error webpage, decodes its content, which is in fact position-independent code which is later injected to another process. This is also RAT, contacting d.wt.ikwb.com (184.108.40.206, Hong Kong).
We've contacted the RSF webmaster and the code should be already removed. Avast users are protected on multiple levels against this threat, also updating to latest versions of the vulnerable software packages is a must. Or getting rid of them, as most users can safely replace MSIE with another browser, and completely uninstalling Java, reducing the attack surface.
Our Aposemat Team has been testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics explored was exfiltration of data via the IPv6 protocol, which we discuss in this post.
Popular banking services, including PayPal, Revolut and Venmo, allow users to request money from others with a few easy steps. Although simple, this functionality could increase the likelihood of related spearphishing attacks.