Social Engineering














             Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi - Since
             our last research on TA505, we have observed new activity from the group that involves campaigns
             targeting different countries over the last few weeks. We found them targeting countries in the
             Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries such as India,
             Japan, Argentina, the Philippines, and South Korea. This blog post covers the updates from TA505’s
             campaigns and indicators of compromise (IoCs), as well as the latest tactics, techniques, and
             procedures of these campaigns, particularly those observed in late June. We also analyzed a new
             malware tool named Gelup (detected by Trend Micro as Trojan.Win32.GELUP.A), which we saw the
             group use in one of the campaigns on June 20.

                    Source:  https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-
                    campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/




             Fake Samsung firmware update app tricks more than 10 million Android users - Over ten million
             users have been duped in installing a fake Samsung app named "Updates for Samsung" that
             promises firmware updates, but, in reality, redirects users to an ad-filled website and charges for
             firmware downloads. The app takes advantage of the difficulty in getting firmware and operating
             system updates for Samsung phones, hence the high number of users who have installed it.
                    Source:  https://www.zdnet.com/article/fake-samsung-firmware-update-app-tricks-more-
                    than-10-million-android-users/



             US Cyber Command warns that the Outlook is not so good - Iranians hitting email flaw - An
             ongoing Iranian government-backed hacking campaign is now trying to exploit a Microsoft Outlook
             flaw from 2017. The US Cyber Command has issued an alert that hackers have been actively going
             after CVE-2017-11774. The flaw is a sandbox escape bug in Outlook that allows an attacker who
             already possesses the victim's Outlook credentials to change the user's home page. That page, in
             turn, can have embedded code that downloads and executes malware when Outlook is opened.

                    Source:  https://www.theregister.co.uk/2019/07/03/outlook_flaw_iran/





             Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer - Never-before-
             seen Mac malware, dubbed OSX/CrescentCore, has been discovered in the wild. The trojan, spotted
             on various websites masquerading as an Adobe Flash Player installer, drops malicious applications
             and browser extensions on victims’ systems when downloaded. OSX/CrescentCore is spread via
             various websites, where it is masqueraded as an Adobe Flash Player installer. However, the
             “installer” is actually a .dmg file (an Apple disk image) that delivers the malware.

                    Source: https://threatpost.com/mac-malware-pushed-via-google-search-results-
                    masquerades-as-flash-installer/146178/

                                                    www.accumepartners.com                                            9