Ransomware strain evolves, RATs cause mischief, and yet another data breach strikes

The Magniber strain is back stronger than ever, Ukraine suffers a RAT attack, and LabCorp is hit with possible breach.

Magniber ransomware grows stronger and scarier

The Magniber strain of ransomware is back, stronger than before, and starting to spread through much of Asia. Cybersecurity experts are taking note of the substantial changes the malware has undergone over the past year.

The Magnitude exploit kit has been used to distribute malware, with a leaning toward ransomware, since 2013. Last year, the kit was used to distribute its own brand of malware, Magniber, but the attacks were limited to South Korea. This month, however, researchers discovered a revamped Magniber, with more aggressive infection capabilities and a wider reach across Asia, already hitting targets in Taiwan and Hong Kong. Digging into the code, researchers found it had been equipped to reach beyond South Korea with more whitelisted languages, including Chinese and Malay. The ransomware has also been updated with obfuscation techniques and the ability to target victims with surgical precision. As of the writing of this article, no decryption methods for Magniber-ransomed files are yet available.

Cryptomining company Bitmain moves to Silicon Valley

Cryptomining is not only a legal operation (when consensual), but also a billion-dollar industry. The largest cryptomining company in the world, China-based Bitmain, was recently valued at $12B and plans to go public later this year with an IPO. Perhaps in preparation of its first public offering, the company is moving to Silicon Valley and setting up shop in a 20,000 square-foot space in downtown San Jose.

Bitmain has been in the process of expanding its operation to North America, recently setting up mining centers in both Quebec and Washington state. The company is involved in several mining-related operations, including the investment startup Circle, the browser Opera, and the blockchain startup Block.one. Bitmain expects its financial evaluation to jump to $40B once it goes public.

3 malware RATs target Ukrainian government

In the English language, a group of rats is called a mischief of rats, and mischief is indeed what these recently reported remote access Trojans have been causing. In what some experts are regarding as a cyber espionage campaign, three RATs are being delivered together in customized, targeted attacks against various Ukraine government offices.

All three RATs can do everything a typical Trojan can, but each have their own unique specialties. Most formidable is the one known as Vermin, which has the ability to capture keystrokes with a keylogger, steal passwords from the Chrome and Opera browsers, access files from a connected USB drive, and record sound from around the victim’s computer. Another of the RATs is called Quasar, which can create backdoors in the victims’ systems. The third RAT is named Sobaken, and its strength is in evasion and anti-sandboxing.

The malware will terminate if its victim’s keyboard layout and IP address are not Russian or Ukrainian. The Ukraine has long been a proving ground for Russian cyberattacks, and cybersecurity experts speculate this RAT campaign is currently in a testing phase. Strong antivirus software like Avast Free Antivirus will detect and protect against this type of malware.

LabCorp investigates possible data breach

One of America’s largest medical diagnostics companies, LabCorp, in a report to the US Securities and Exchange Commission this week, states that it “detected suspicious activity on its information technology network” over the weekend of July 14th. The corporation reports that upon this detection, certain systems were immediately taken offline in a containment effort. Those systems should be restored and running again within the next several days, LabCorp states.

“Data breaches happen every day,” notes Avast Security Evangelist Luis Corrons. “At least this time, the company under attack realized that something was happening and could take action, probably minimizing the damage. We have to remember that in many cases companies only learn of attacks after being notified by a third party that found the already-stolen data.”

In their SEC filing, LabCorp writes “At this time, there is no evidence of unauthorized transfer or misuse of data,” adding that the company will cooperate with authorities in any investigation into the possible breach.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.