SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Long-running trojan now targeting Android devices
Description: The developers of LodaRAT have added Android as a targeted platform. A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. This new malware follows the same principles of other Android-based RATs that we have seen on the threat landscape. Along with this new Android variant, an updated version of Loda for Windows has been identified in the same campaign. These new versions for Loda4Windows and Loda4Android show that the development effort is clearly carried out by the same group Cisco Talos calls "Kasablanca." The operators behind LodaRAT tied to a specific campaign targeting Bangladesh, although others have been seen.
References: https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
Snort SID: 53031
ClamAV signatures: Win.Packed.LokiBot-6963314-0, Doc.Exploit.Cve_2017_11882-7570663-1, Doc.Downloader.Loda-7570590-0
Title: Accusoft ImageGear vulnerabilities could lead to code execution
Description: Accusoft ImageGear contains two remote code execution vulnerabilities. ImageGear is a document and imaging library from Accusoft that developers can use to build their applications. The library contains the entire document imaging lifecycle. These vulnerabilities are present in the Accusoft ImageGear library, which is a document-imaging developer toolkit. An adversary could exploit any of these vulnerabilities to cause various conditions, including an out-of-bounds write, to eventually execute code. A target needs to open a specially crafted file to trigger these vulnerabilities.
Reference: https://blog.talosintelligence.com/2021/02/vuln-spotlight-accusoft-image.html
Snort SIDs: 43608, 43609, 56158 - 56161, 56365, 56366, 56451, 56452