CYFIRMA Research – Details, episodes & analysis

Mobile Threat Alert: GhostGrab Malware!
 
Cybercriminals are getting more sophisticated, and GhostGrab is a clear example. This Android malware doesn’t just steal banking credentials—it can also:

• Run hidden cryptocurrency mining that drains your battery and CPU
• Harvest debit card and online banking login information
• Intercept SMS messages, including one-time passwords (OTPs)
• Collect detailed device and SIM data
• Hide itself and resist removal
• Use phishing pages within apps to trick victims into revealing sensitive information
• Leverage Firebase as a Command & Control (C2) server, making traditional detection more difficult

How to Protect Yourself:

✅ Only download apps from official sources, such as the Google Play Store or, for iOS devices, the Apple App Store
 ✅ Avoid unknown APKs and suspicious links
 ✅ Monitor your bank accounts and SMS activity regularly
 ✅ Keep your device and apps updated
 
Mobile malware is evolving—stay informed, stay protected.

Link to the Research Report: https://www.cyfirma.com/research/ghostgrab-android-malware/

#CYFIRMA #CyfirmaResearch #CyberSecurity #MobileSecurity #AndroidMalware #GhostGrab #CyberThreats #ThreatAlert #ETLM   #ExternalThreatLandscapeManagement

https://www.cyfirma.com/

Critical Alert: CVE-2025-6541 – TP-Link Omada Gateway Remote Command Injection

Organizations using TP-Link Omada Gateway devices must act immediately. This critical vulnerability allows attackers to execute arbitrary OS-level commands via the device web management interface. Exploitation can lead to full device compromise, exposure of credentials, configuration changes, and potential lateral movement within enterprise networks.

Link to the Research Report: https://www.cyfirma.com/research/cve-2025-6541-tp-link-omada-gateway-remote-command-injection-vulnerability-analysis/

#CyberSecurity #TPLink #CVE20256541 #OmadaGateway #RCE #ThreatIntel
#VulnerabilityAlert #NetworkSecurity #CommandInjection #CYFIRMA
#CYFIRMAresearch #ETLM #ExternalThreatLandscapeManagement

https://www.cyfirma.com/

China's South China Sea ambitions stalled: ASEAN Fights Back Amid U.S. Distractions – check out the latest CYFIRMA report on Beijing's ambitions hitting a wall in the South China Sea, and the fallout in cyberspace. 

Link to the Research Report: https://www.cyfirma.com/research/grey-zone-warfare-in-chinas-stalled-south-china-sea-ambitions/

#Geopolitics #CYFIRMAresearch #ThreatIntelligence #cybersecurity #ETLM #currentaffairs #MilitaryAffairs #GreyZoneCoertion #UNCLOS #MischiefReef #Spratlys #ExternalThreatLandscapeManagement

https://www.cyfirma.com/

CYFIRMA's investigation uncovered a major data breach at Cisco, led by the notorious threat actor IntelBroker. On October 14, 2024, IntelBroker posted on BreachForum, revealing that critical data such as source code, hard-coded credentials, SSL certificates, API tokens, and confidential documents were stolen. This breach impacts Cisco's B2B clients, with over 26 client source codes compromised.
 
Our investigation also found that despite Cisco’s efforts to block access, the hackers regained entry using hard-coded credentials found in previously exfiltrated data. This exposes serious security risks and highlights the need for immediate remediation.
 
Link to the Research Report: Data Breach Investigation on Cisco - CYFIRMA

#DataBreach #CyberSecurity #CYFIRMAInvestigation #CiscoBreach #ThreatIntel #SupplyChainRisk #HackerAlert #CyberDefense #Breachforum #DataLeak #CYFIRMA #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

The proliferation of stealers, particularly those masquerading as open-source projects, poses significant risks to users. With capabilities to steal sensitive information, such as passwords, cryptocurrency wallets, and browser data, these malware variants not only threaten individual privacy but also create broader cybersecurity challenges.

As developers continue to leverage and modify existing stealers, users must remain vigilant and aware of the potential dangers associated with seemingly benign software, particularly those offered for free.

Link to the Research Report: The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer - CYFIRMA

#CyberSecurity #CyberThreat #DivulgeStealer #Dedsec #DuckStealer #CYFIRMA 

#CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

The Israeli invasion of Lebanon began with the declared goal to remove Hezbollah's military infrastructure from the south of the country so that Israelis living in northern Israel could return to their homes, from which they have been driven by the low-intensity conflict raging on the border since Hamas' raid on Gaza last year.

The Israeli army has hit thousands of Hezbollah targets in Lebanon and Syria and has eliminated Hezbollah’s leader Hassan Nasrallah. After a brief hesitation, Iran finally carried out a large-scale ballistic missile strike on Israel in retaliation, and the whole world is now waiting for Israel's response. The targets could be Iran's nuclear program and spark a war that would affect the whole region and have secondary consequences for the entire world.

Link to the Research Report: WORLD ON THE BRINK : WAR IN THE MIDDLE EAST THREATENS TO ENTER A NEW DESTRUCTIVE PHASE - CYFIRMA

#Geopolitics #CYFIRMAresearch #ThreatIntelligence #Cybersecurity #ETLM #currentaffairs #ExternalThreatLandscapeManagement #ETLM #CYFIRMA #HassanNasrallah

https://www.cyfirma.com/

Stay ahead of cybersecurity trends with CYFIRMA's September 2024 Ransomware Report. This month’s analysis highlights significant shifts among top ransomware groups like Medusa, which saw a 525% surge in victims, while others like RansomHub and Meow experienced declines.
 
Key industries such as IT and transportation saw notable increases, while sectors like manufacturing and finance recorded drops. The report also explores emerging threats like Kransom, a ransomware disguised as a popular game and highlights the impact of ransomware groups leveraging vulnerabilities in SonicWall systems. Don’t miss out—read the full report to understand the evolving threat landscape and how you can protect your organization.
 
Link to the Research Report: TRACKING RANSOMWARE - SEPTEMBER 2024 - CYFIRMA

#ThreatLandscape #StaySecure #CyberSecurity #RansomwareReport #ThreatIntelligence #Ransomware #DigitalDefense #Cyfirma #ETLM #Ransomhub #Medusa #orca #kransom #USA #Manufacturing #CyfirmaResearch #ExternalThreatLandscapeManagement #StayProtected #DataProtection

https://www.cyfirma.com/

Immediate action is required for all organizations using iTunes for Windows! CVE-2024-44193 is a critical local privilege escalation vulnerability that could lead to unauthorized system access. Attackers exploit misconfigured permissions in the AppleMobileDeviceService.exe to elevate privileges and gain control. Given the widespread use of iTunes, this poses a significant risk. Update iTunes to version 12.13.3 or later, monitor systems for anomalies, and review permissions to prevent exploitation. Stay proactive and secure your systems now! Check CYFIRMA Research's latest report. 

Link to the Research Report: iTunes Local Privilege Escalation (CVE-2024-44193) Vulnerability Analysis and Exploitation - CYFIRMA

#CyberSecurity #VulnerabilityManagement #iTunes #CVE202444193 #CYFIRMAResearch #VulnerabilitySummary #ExternalThreatLandscapeManagement #ETLM #Cyfirma

https://www.cyfirma.com/

Our latest research dives deep into Yunit Stealer, a sophisticated malware designed to steal sensitive data, such as credentials, cookies, and cryptocurrency wallets. This malware employs advanced evasion techniques, including obfuscation and persistence methods, making it a formidable threat to cybersecurity. Yunit Stealer can disable Windows Defender, modify registry keys, and use scheduled tasks to maintain its presence on infected systems. It exfiltrates data via Telegram and Discord webhooks, ensuring the stolen information reaches the attacker securely.
 
 The developer has connections to various gaming platforms, indicating a possible link between gaming interests and the creation of this malware. Our analysis highlights the importance of staying informed and vigilant to protect your systems from such threats. Stay informed and protect your systems with our comprehensive insights!

Link to the Research Report: YUNIT STEALER - CYFIRMA

#CyberSecurity #Malware #YunitStealer #DataProtection #CyberThreats #TechNews #CYFIRMA #StaySafe #CyberAwareness #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

A new malware threat, Vilsa Stealer, has surfaced. Discovered on GitHub, this malware is designed to quietly steal your most sensitive information, everything from browser passwords to cryptocurrency wallets and even Discord credentials. What makes it particularly scary is its ability to sneak past security measures and hide in your system, all the while sending your stolen data to a remote server.
 
Stay vigilant, update your security tools, and educate your teams about recognizing and avoiding suspicious activity.

Link to the Research Report: VILSA STEALER - CYFIRMA

#CyberSecurity #MalwareAlert #DataProtection #CyberThreat #VilsaStealer #CYFIRMA #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/