SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
Description: Talos recently observed a malicious campaign offering fake installers of popular software as bait to get users to execute malware on their systems. This campaign includes a set of malware distribution campaigns that started in late 2018 and have targeted mainly Canada, along with the U.S., Australia and some EU countries. Two undocumented malware families (a backdoor and a Google Chrome extension) are consistently delivered together in these campaigns. An unknown actor with the alias "Magnat" is the likely author of these new families and has been constantly developing and improving them. The attacker's motivations appear to be financial gain from selling stolen credentials, fraudulent transactions and Remote Desktop access to systems.
Snort IDs: 58650 and 58651
ClamAV signature: Win.Dropper.MagnatExtension-9911899-0
Title: Attackers actively exploiting vulnerability in popular patch management software
Description: Software company Zoho warned users that they should update their Desktop Central and Desktop Central MSP services as soon as possible. Attackers are actively exploiting a vulnerability in the products, tracked as CVE-2021-44515, that could allow them to bypass authentication and execute arbitrary code on affected ManageEngine Desktop Central servers. Zoho also released an exploit detection tool for organizations to see if they had been targeted by attackers using this vulnerability.