anubis - Cyber Threats

Emerging Cyber Threats Relevant In April 2023

Apr 9, 2023

In our April 2023 highlights we review statistics from March 2023. Several types of cyber threats were observed by researchers to have more indicators than usual. While these threats may not have been the most prevalent, the increase in indicators suggests that they are becoming more sophisticated and pose a growing risk to organizations. They are:

  • Anubis trojan,
  • Babuk ransomware,
  • Batloader,
  • Moobot botnet,
  • Swrort Trojan.

One such malware is Anubis, an Android banking trojan that attempts to steal sensitive banking information. It is typically distributed via infected email attachments, malicious online advertisements, social engineering, and deceptive applications. Once infected, victims may experience decreased device performance, battery life, and internet connection speed, as well as significant data loss and stolen personal information, including credentials and financial assets. In March 2023, researchers reported a significant increase in the number of indicators associated with Anubis, highlighting the need for mobile device users to be cautious when downloading apps and to keep their devices up to date with the latest security patches.

Another malware that has grabbed our attention is Babuk ransomware, which is a relatively new threat that has been gaining traction in recent months. It targets businesses to steal and encrypt their data in double-extortion attacks. Babuk ransomware is a sophisticated ransomware compiled for several platforms, with Windows and ARM for Linux being the most commonly used versions. The Babuk group is currently targeting a range of sectors, including transportation, healthcare, plastics, electronics, and agriculture, across multiple geographies, including Middle East, India, Europe, US and South Africa. In March 2023, researchers reported a significant increase in the number of indicators associated with Babuk, highlighting the need for organizations to implement robust backup and recovery solutions to minimize the impact of a ransomware attack.

BatLoader is another malware that has raised our concerns. It is a type of malware that is often used by cybercriminals to deliver other types of malware onto victims’ devices. It is typically spread through phishing emails or social engineering tactics. It is an initial access malware that heavily utilizes batch and PowerShell scripts to gain a foothold on a victim’s machine. The threat actors behind BatLoader use search engine optimization (SEO) poisoning to lure users into downloading the malware from compromised websites, making it hard to detect and block. In March 2023, researchers reported a significant increase in the number of indicators associated with Batloader, highlighting the need for organizations to implement strong email security measures and to provide regular training to employees on how to spot and avoid phishing scams.

Moobot, a Mirai variant botnet, is another malware that has come to attention in March 2023. It targets exposed networking devices running Linux, including D-Link and Hikvision cameras, and other devices with Realtek vulnerabilities. Compromised endpoints can be controlled by its C&C server and deliver further attacks, such as distributed denial-of-service attacks. One notable feature of new Moobot versions is their ability to scan for and kill processes of other known bots to harvest maximum hardware power for launching DDoS attacks.

Finally, Trojan Swrort, a backdoor malware, arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Swrort opens a backdoor on the infected computer, allowing the threat actor to download and execute more malware. In March 2023, researchers reported a significant increase in the number of indicators associated with Swrort, highlighting the need for organizations to implement strong mobile device security measures, such as mobile device management (MDM) solutions and mobile threat defense (MTD) solutions.

Early detection of these threats is critical to minimize their impact on digital infrastructure and business operations. Being aware of the active malware threats in the wild is important to protect against their potentially devastating effects.

The Anubis, Babuk, Batloader, Swrort, and Moobot are just a few examples of the cyber threats that are currently gaining traction. However, users of the RST Threat Feed can access a wealth of information on a wide range of cyber threats to help them stay ahead of the evolving threat landscape. By implementing strong cybersecurity measures and staying informed about the latest threats, organizations can reduce the risk of a cyber attack and protect their networks and data from harm.