Threat Briefing: November 15, 2024

Cybersecurity and technology companies work tirelessly to create security solutions that counter and deter cyber threat actors. However, these adversaries often adapt, finding ways to bypass even the latest defenses. For instance, a recently discovered infostealer has successfully circumvented a new feature designed for Google Chrome and related browsers.

Both cybercriminals and nation-state actors continue to innovate, leveraging advanced tools to identify victims and deploy novel malware variants.

• Glove Stealer Capable of Bypassing Google’s App-Bound Encryption for Chrome Browser – Glove Stealer is an infostealer designed to harvest credentials, cryptocurrency wallet information, and data from password managers. It targets multiple browsers, including Chrome, Brave, Opera, and Edge. Notably, Glove can bypass the app-bound encryption introduced in Google Chrome 127, a feature aimed at preventing cookie theft. This malware is distributed via phishing emails, which deceive victims into executing a command that installs the infostealer on their devices, compromising their sensitive information. Security Week
• Golssue Used to Send Mass Phishing Emails to GitHub Users – The tool first appeared on a cybercriminal forum over the summer, offered either for rent or as a purchasable source code for cyber threat actors. Known as Golssue, it has the ability to extract email addresses from GitHub profiles. Threat actors could leverage this feature to steal GitHub credentials and compromise repositories, posing significant risks to developers and organizations. The Hacker News
• U.S. Government Confirms Chinese Affiliated Salt Typhoon Linked to Breaches of Telecom Agencies – The breach enabled Salt Typhoon to access call record data of U.S. politicians and information related to U.S. law enforcement requests submitted to telecommunications companies. Salt Typhoon compromised systems belonging to Lumen, AT&T, and Verizon, obtaining specific details about telephone calls involving several U.S. politicians and their staff. Federal agencies are actively investigating the breach to uncover further details. The Record
• Over 70,000 Domains Compromised in “Sitting Ducks” Campaign – Since 2018, cyber threat actors have been hijacking domains belonging to prominent businesses and government agencies by exploiting misconfigurations in domain name system (DNS) settings. While some hijackings last less than 60 days, others have persisted for longer periods. These compromised domains are often repurposed for malicious activities, including sending spam and serving as command-and-control (C2) infrastructure for malware campaigns.The Hacker News
• North Korea Cyber Threat Actors Deploying Malware Within Flutter Applications – The specific North Korean group behind this activity remains unidentified. However, the campaign shares infrastructure with a previous malware operation attributed to North Korea. The malware is disguised as a game developed using Flutter but carries a name suggesting it is a cryptocurrency exchange application. Written in the Dart programming language, the malware also has variants developed in Go and Python, showcasing its adaptability. The Hacker News