TamperedChefÐÅÏ¢ÇÔÈ¡·¨Ê½Í¨¹ýڲƭÐÔPDF±à×ëÆ÷´«²¼

°ä²¼¹¦·ò 2025-09-01

1. TamperedChefÐÅÏ¢ÇÔÈ¡·¨Ê½Í¨¹ýڲƭÐÔPDF±à×ëÆ÷´«²¼


8ÔÂ30ÈÕ £¬½üÆÚÍøÂ簲ȫ×êÑÐÈËÔ±Åû¶ÁËÒ»Â·Éæ¼°Google¸æ°×ÍÆ¹ãµÄ¸´ÔÓÍøÂç·¸×ï»î¶¯ £¬ÍþвÐÐΪÕßͨ¹ý50Óà¸öαÔìÓòÃû·Ö·¢Ð¯´øTamperedChefÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þµÄPDF±à×빤¾ß¡£¸Ã»î¶¯³öÏÖ¶à½×¶ÎÌØµã £¬×Ô2024Äê6ÔÂ26ÈÕÆð £¬¹¥»÷Õßͨ¹ý×¢²á»òÊÕÊÜÍøÕ¾ÍÆ¹ã"AppSuite PDF Editor"µÈ¹¤¾ß £¬ÀûÓÃÖÁÉÙËÄ¼ÒÆóÒµµÄºÏ·¨Ö¤ÊéÇ©ÊðºýŪÐÔÀûÓ÷¨Ê½ £¬Ðγɼ¼Êõ¿ÉÐŶȼÙ×°¡£Ö÷Ìâ¶ñÒâÈí¼þTamperedChefͨ¹ý¿ÉÖ´ÐÐÎļþµÄ"-fullupdate"²ÎÊý´¥·¢ £¬ÔÚ8ÔÂ21ÈÕǰÒÔÕý³£Ö°ÄÜʾÈË £¬´ýGoogle¸æ°×ʵÏÖ60ÌìÍÆ¹ãÖÜÆÚǰËÄÌìºöÈ»¼¤»î¶ñÒâÄ £¿é¡£¸ÃÇÔÈ¡·¨Ê½Í¨¹ýDPAPI½Ó¿Ú½âÃÜä¯ÀÀÆ÷Êý¾Ý £¬³ÁµãÇÔÈ¡Óû§Æ¾Ö¤¡¢ÍøÂçCookieµÈÃô¸ÐÐÅÏ¢ £¬²¢¾ß±¸¼ì²â°²È«´úÀíµÄ»·¾³¸ÐÖªÄÜÁ¦¡£×êÑнÒʾ¸Ã·¸×ïÍŻﹹ½¨ÁË»¥ÓйØÁªµÄÀûÓÃÉú̬ £¬³ýÖ÷¹¥PDF¹¤¾ß±í £¬»¹Í¨¹ýOneStart¡¢EpibrowserµÈDZÔÚÓк¦·¨Ê½£¨PUP£©Ðγɽ»²æÏ°È¾Á´¡£Expel¹«Ë¾·¢ÏÖ²¿ÃÅÀûÓûáÓÕµ¼Óû§½«É豸ע²áΪסլ´úÀí £¬¹¥»÷Õß¿ÉÄÜͨ¹ýºÏ·¨´úÀí·þÎñÉÌÏ´°×·¸·¨Á÷Á¿¡£ÖµÍ×ÌùÐĵÄÊÇ £¬¼´±ã´úÂëÊðÃûÖ¤ÊéÒѱ»³·³ý £¬µ±Ç°ÒÑ×°ÖÃÉ豸ÈÔÃæ¶Ô³ÖÐø·çÏÕ¡£


https://www.bleepingcomputer.com/news/security/tamperedchef-infostealer-delivered-through-fraudulent-pdf-editor/


2. APT37ÀûÓõý±¨Îļþ¶Ôº«·¢Æð¾«ÃÜÍøÂç´¹µö¹¥»÷


8ÔÂ29ÈÕ £¬ÍøÂ簲ȫ¹«Ë¾Seqrite×îÐÂÅû¶ £¬³¯ÏÊÖ§³ÖµÄºÚ¿Í×éÖ¯APT37½üÆÚÕë¶Ôº«¹úµ±¾Ðݵý±¨»ú¹¹ÌáÒé´úºÅ"º«¹ú»ÃÓ°Ðж¯"µÄÓã²æÊ½ÍøÂç´¹µö¹¥»÷ £¬Í¨¹ýË«³Áµö¶üÕ½Êõ³É¹¦ÉøÈëÖ¸±êϵͳ¡£¸Ã×éÖ¯ÀûÓú«¹ú×êÑлú¹¹ÄÚ²¿Í¨Ñ¶ºÍ³¯Ïʹٷ½ÉêÃ÷Îļþ×÷Ϊ¹¥»÷ÔØÌå £¬Õ¹Ê¾¸ß¶È¶¨Ô컯µÄÍøÂç¼äµýÄÜÁ¦¡£³õ´Î¹¥»÷ÖÐ £¬APT37αÔ캫¹ú¹ú¶Èµý±¨×êÑÐЭ»áµÚ52ÆÚͨѶÎļþ £¬ÓÕÆ­Ö¸±ê³ÉÔ±ÏÂÔØÔ̺¬¶ñÒâLNK¿ì½Ý·½Ê½µÄPDFÎĵµ¡£Ö´Ðкó £¬¸Ã¿ì½Ý·½Ê½´¥·¢ÄÚ´æ¼ÓÔØµÄRokRATºóÃÅ £¬Í¨¹ý¶à²ã»ìºÏ¼¼Êõ£¨Ô̺¬Åú´¦Öþ籾¡¢XOR½âÃܼ°ÎÞÎļþ×¢È룩ʵÏÖÒñ±ÎפÁô¡£¹¥»÷Á´»¹Ñ¡È¡Î±ÔìHTTPÁ÷Á¿ÉÏ´«TEMPÎļþµÄ·½Ê½ £¬¶ã±Ü´«Í³°²È«¼ì²â¡£µÚ¶þ´Î¹¥»÷Ôò¶Ô×¼º«¹úµ±¾ÖÄÚ¸ó¼°Í³Ò»²¿µÈ»ú¹¹ £¬ÀûÓó¯ÏÊ×î¸ß¸¨µ¼È˽ðÕý¶÷µÄ°ûÃýðÓëÕý7ÔÂ28ÈÕ°ä·¢µÄµÐ¶ÔÉêÃ÷×÷Ϊµö¶ü¡£¹¥»÷Õß¹¹½¨ÁËÀàËÆµÄÉøÈëõè¾¶£º¶ñÒâLNKÎļþ¿ªÊͼÙ×°³ÉPDFÉÏ´«µÄ»ìºÏ×é¼þ £¬Í¨¹ýPowerShellºÅÁîÖ´ÐÐÄÚ´æÖеļÓÃÜÔØºÉ £¬×îÖÕ´ÓC2·þÎñÆ÷»ñÈ¡abs.tmpÖ´ÐкóÐø²Ù×÷¡£Á½´Î¹¥»÷¾ùѡȡ"µö¶üÎļþ+¶ñÒâ¿ì½Ý·½Ê½"µÄ×éºÏģʽ £¬½áºÏÄÚ´æÖ´ÐÐÓëÁ÷Á¿»ìºÏ¼¼Êõ £¬ÐγÉÄÑÒÔ×·×ÙµÄÒñ±Îͨ·¡£


https://www.infosecurity-magazine.com/news/north-korea-apt37-spear-phishing/


3. ºÚ¿ÍÐû³ÆÇÔÈ¡ÁË43.3ÍòÒ½ÁÆ´ÓÒµÕߵľßÌåÐÅÏ¢


8ÔÂ29ÈÕ £¬Ò»¸öÊ¢ÐÐÊý¾Ýй¶ÂÛ̳ÉϳöÏÖÕë¶ÔÃÀ¹úÒ½ÁÆ´ÓÒµÕߵĴó¹æÄ£Êý¾Ýй¶Ìû×Ó £¬¹¥»÷ÕßÐû³Æ»ñÈ¡ÁËÔ̺¬43.3ÍòÃûÒ½Éú¡¢±í¿ÆÒ½Éú¼°Ò½ÁƱ£½¡×¨ÒµÈËÔ±Ãô¸ÐÐÅÏ¢µÄÊý¾Ý¿â¡£Cybernews×êÑÐÍŶӷÖÎöÑù±¾ºóÖ¸³ö £¬Ð¹Â¶Êý¾Ýº­¸ÇÈ«Ãû¡¢µç»°¡¢Ö°³Æ¡¢×¨ÒµÁìÓò¡¢Ò½ÔºÐÅÏ¢¡¢µç×ÓÓʼþ¡¢µØÖ·µÈÓ×ÎÒÓ빤×÷ÕË»§»ìºÏÐÅÏ¢ £¬ÆäÆðÔ´¿ÉÄÜÖ¸ÏòµÚÈý·½·þÎñÌṩÉ̵ķì϶¡£Õâ´Îй¶³öÏÖÁ½´óÌØµã£ºÆäÒ» £¬²¿Ãŵç×ÓÓʼþ´Ëǰδ³Ê´Ë¿Ì¹«¿ªÊý¾Ýй¶ÊÂÎñÖÐ £¬°µÊ¾Êý¾Ý¿ÉÄÜÕûºÏ×ÔÂÅ´Îδ¹«¿ª·ì϶»òÌØ¶¨Î´Åû¶µÄµÚÈý·½·þÎñй¶ £»Æä¶þ £¬¹¥»÷Õß´ËÇ°Ôø°ä²¼°´µØÓò¡¢ÐÐÒµ·ÖÀàµÄÀàËÆÊý¾Ý¿â £¬Åú×¢Æä¿ÉÄÜͨ¹ý¶àÔ´ÍøÂç¿ÌÒâ°µ²Ø¾ßÌåÆðÔ´¡£ÕâÖÖģʽÔö³¤ÁË×·×ÙÊý¾ÝÔ´Í·µÄÄѶÈ £¬Ò²·´Ó³³öÒ½ÁÆÐÐÒµµÚÈý·½·þÎñÉú̬µÄ°²È«Òþ»¼¡£Ò½ÁÆÊý¾ÝÒò¸ß¼ÛÖµ³ÉÎªÍøÂç·¸×ï³ÁµãÖ¸±ê¡£Ð¹Â¶ÐÅÏ¢¿É±»ÓÃÓÚ¶à³Á¶ñÒⳡ¾°£º×îÖ±½ÓµÄÊÇÉí·Ý͵ÇÔ £¬Í¨¹ýαÔìÒ½ÁÆ´ÓÒµÕßÉí·Ý¿ªÉèڲƭÕË»§ £»¸üΣÏÕµÄÊǶ¨Ïò´¹µö¹¥»÷ £¬¹¥»÷Õß¿ÉÄܼÙ×°³ÉÒ½ÁÆ»ú¹¹·¢ËÍÔ̺¬¶ñÒâÁ´½ÓµÄÄÚÈÝ £¬ÓÕµ¼Êܺ¦Õßй©¸ü¶àÓ×ÎÒÐÅÏ¢»òÏÂÔØÀÕË÷Èí¼þ¡£


https://cybernews.com/security/american-doctors-data-breach-healthcare/


4. WhatsApp 0-Day·ì϶±»ÀûÓù¥»÷iOSºÍmacOSÓû§


8ÔÂ31ÈÕ £¬WhatsApp´¹Î£½¨¸´ÁËÒ»¸ö±àºÅΪCVE-2025-55177µÄÑϳÁ0day·ì϶ £¬¸Ã·ì϶ÔÊÐí¹¥»÷Õßͨ¹ýÁãµã»÷¼äµýÈí¼þ¹¥»÷ÈëÇÖiOSºÍMacÓû§µÄÉ豸 £¬ÎÞÐèÓû§µã»÷Á´½Ó»ò´ò¿ªÎļþ¼´¿ÉÇÔÈ¡Êý¾Ý¡£Õâ´Î·ì϶ÓÉWhatsAppÄÚ²¿°²È«ÍŶӷ¢ÏÖ £¬ÊôÓÚ¸´ÔӵĹ¥»÷Á´µÄÒ»²¿ÃÅ £¬½áºÏÁËÁíÒ»¸öÒÑÓÉÆ»¹û½¨¸´µÄ·ì϶£¨CVE-2025-43300£© £¬ÐγɿÉÔ¶³ÌÖ´ÐжñÒâ´úÂëµÄÆëÈ«¹¥»÷õè¾¶¡£¾Ý°²È«²¼¸æ £¬¸Ã·ì϶ԴÓÚ¡°¹ØÁªÉ豸ͬ²½ÐÂÎÅÊÚȨ²»ÆëÈ«¡± £¬¹¥»÷Õß¿ÉÀûÓô˻úÔìÇ¿ÔìÖ¸±êÉ豸´¦ÖöñÒâÍøÖ·ÄÚÈÝ £¬½ø¶øÖ²Èë¼äµýÈí¼þÇÔÈ¡¶ÌÐŵÈÃô¸ÐÐÅÏ¢¡£WhatsAppÒÑÏò¡°²»µ½200Ãû¡±Ìض¨Ö¸±êÓû§·¢ËÍ֪ͨ £¬²¢Ç¿Å²Óû§Ðèµ±¼´¸üÐÂÖÁ×îа汾ÒÔ·À±¸·çÏÕ¡ £¿¨Ëþ¶û¹ú¶ÈÍøÂ簲ȫ¾Ö£¨NCSA£©Ö¸³ö £¬¸Ã·ì϶µÄÑϳÁÐÔÔÚÓÚÆäÀûÓÃÐÂÎÅͬ²½»úÔì»ñÈ¡É豸³õ²½½Ó¼ûȨÏÞ £¬¶ø¹ú¼ÊÌØÉâ×éÖ¯°²È«³¢ÊÔÊÒÔò½«Æä¶¨ÐÔΪ¡°¸ß¼¶¼äµýÈí¼þ»î¶¯¡± £¬³ÆÆä´Óǰ90ÌìÄÚÒÑÕë¶ÔÓû§ÌáÒé¹¥»÷¡£³¢ÊÔÊÒÕÆ¹ÜÈËDonncha ¨® Cearbhaill½¨ÒéÓû§¸üÐÂÉ豸»ò¸´Ô­³ö³§ÉèÖÃÒÔ³¹µ×¶Ï¸ùDZÔÚÍþв¡£


https://hackread.com/whatsapp-0-day-exploit-attack-targeted-ios-macos-users/


5. TAOTH»î¶¯£º±»½Ù³ÖµÄÈí¼þ¸üÐÂÔÚÑÇÖÞ¸÷µØ´«²¼¶ñÒâÈí¼þ


9ÔÂ1ÈÕ £¬Ç÷Ïò¿Æ¼¼½üÈÕÅû¶һ·´úºÅ"TAOTH"µÄ¸´ÔÓÍøÂç¼äµý»î¶¯ £¬¸ÃÐж¯×Ô2024Äêµ×Æô¶¯ £¬Í¨¹ý½Ù³ÖÈí¼þ¸üзþÎñÆ÷ºÍÓã²æÊ½ÍøÂç´¹µö¹¥»÷ £¬ÔÚ¶«ÑǵØÓò¶¨Ïò´«²¼¶à¸ö¶ñÒâÈí¼þ¼Ò×å £¬Ö¸±êº­¸ÇÖйú´ó½¡¢Ì¨Íå¡¢Ïã¸Û¡¢ÈÕ±¾¼°º«¹úµÄÒì¼ûÈËÊ¿¡¢¼ÇÕß¡¢×êÑÐÈËÔ±ºÍÉ̽çÇ̳þ £¬²¿ÃÅÃÀ¹úºÍŲÍþÓû§Ò²ÔⲨ¼°¡£¹¥»÷ÕßÀûÓÃÒѰγýµÄËѹ·×¢ÒôÊäÈë·¨¸üлúÔìÖ´Ðй©¸øÁ´¹¥»÷£º2024Äê10Ô £¬ÔÚËѹ·ÊäÈë·¨ÖÕ³¡¸üÐÂÎåÄêºó £¬Íþв×éÖ¯ÊÕÊÜÆäʧЧÓòÃû £¬Í¨¹ý¿´ËƺϷ¨µÄ¸üйý³Ì·Ö·¢¶ñÒâ¸ºÔØ¡£Óû§×°Öùٷ½×°Ö÷¨Ê½ºóÊýÓ×ʱ £¬ÏµÍ³»á×Ô¶¯´¥·¢¹¥»÷Õß½ÚÔìµÄÓò¸üР£¬Ö²ÈëTOSHIS¡¢DESFY¡¢GTELAMºÍC6DOORËÄ´ó¶ñÒâÈí¼þ¼Ò×å¡£³ý¹©¸øÁ´¹¥»÷±í £¬TAOTHÐж¯»¹½áºÏÓã²æÊ½ÍøÂç´¹µö£º¹¥»÷Õß·¢ËͼÙ×°³ÉÕþÖÎÖ÷ÌâÎĵµµÄÓʼþ £¬ÓÕµ¼Óû§½Ó¼ûÐéÎ±ÔÆ´æ´¢Ò³ÃæÏÂÔØ¶ñÒâ´æµµ £¬»òͨ¹ýαÔìGoogle/MicrosoftµÇ¼ÃÅ»§Æ­È¡OAuthÊÚȨ £¬½ø¶ø²Ù¿ØÓÊÏäÖ´ÐкáÏòÍøÂç´¹µö¡£


https://securityonline.info/taoth-campaign-hijacked-software-updates-are-spreading-malware-across-asia/


6. SikkahBot£ºÕë¶ÔÃϼÓÀ­¹ú´âÉúµÄÐÂÐͰ²×¿¶ñÒâÈí¼þÖ´ÐнðÈÚڲƭ


9ÔÂ1ÈÕ £¬Cyble×êÑÐÓëµý±¨³¢ÊÔÊÒ£¨CRIL£©½üÆÚ¸æ·¢ÁËһ·רÃÅÕë¶ÔÃϼÓÀ­¹ú´âÉúµÄÐÂÐÍAndroid¶ñÒâÈí¼þ»î¶¯"SikkahBot"¡£¸Ã»î¶¯×Ô2024Äê7ÔÂÆð»îÔ¾ £¬Í¨¹ýαÔìÃϼÓÀ­¹ú½ÌÓýίԱ»á¹Ù·½½±Ñ§½ðÀûÓ÷¨Ê½Ö´Ðо«×¼Ú¿Æ­ £¬ÒÑÐγɼ¯ÍøÂç´¹µö¡¢Êý¾ÝÇÔÈ¡Óë×Ô¶¯»¯½ðÈÚÂòÂôÓÚÒ»ÌåµÄ¸´ºÏÐÍÍþв¡£¹¥»÷Õßͨ¹ý¶ÌÐÅ·¢ËÍËõ¶ÌÁ´½Ó £¬ÓÕµ¼Êܺ¦Õß½Ó¼û¶ñÒâAPKÏÂÔØÍøÕ¾¡£¼Ù×°³ÉÕý¹æ½±Ñ§½ðÀûÓõĶñÒâÈí¼þÔÚ×°Öúó £¬»áÒªÇóÓû§Ê¹Óùȸè»òFacebookÕ˺ŵǼ £¬²¢Öð²½Ë÷È¡ÐÕÃû¡¢ËùÊô»ú¹¹µÈÓ×ÎÒÐÅÏ¢ £¬×îÖÕÓÕµ¼Óû§ÌṩǮ°üºÅ¡¢PINÂëµÈÃô¸Ð²ÆÕþÊý¾Ý¡£CRILÖ¸³ö £¬Êܺ¦ÕßÌá½»ÐÅÏ¢ºó»áÊÕµ½"¿Í·þ½«ÁªÏµ"µÄÐéαÌáÐÑ £¬ÊµÔòÒÑÂäÈëÚ¿Æ­ÏÝÚå¡£SikkahBotµÄÖ÷ÌâÍþвÔÚÓÚÆäÀÄÓÃÉ豸ȨÏÞµÄÄÜÁ¦¡£ÔÚ»ñÈ¡Óû§ÐÅÀµºó £¬¶ñÒâÈí¼þ»áÇ¿ÔìÒªÇóÎÞ×è°­·þÎñ¡¢¶ÌÐŽӼû¡¢Í¨»°ÖÎÀíµÈ¸ß·çÏÕȨÏÞ £¬ÊµÏÖ¶ÔÉ豸µÄÉî¶È½ÚÔ졣ͨ¹ý×¢²á¶ÌÐżàÌýÆ÷ £¬Æä¿ÉÀ¹½ØÔ̺¬"bKash""NAGAD"µÈÒøÐйؼü´Ê¼°Ìض¨·þÎñºÅÂëµÄ¶ÌÐÅÄÚÈÝ £¬²¢ÉÏ´«ÖÁ¹¥»÷Õß½ÚÔìµÄFirebase·þÎñÆ÷¡£¸üΣÏÕµÄÊÇ £¬¸Ã¶ñÒâÈí¼þÄÜ×Ô¶¯µÇ¼ÃϼÓÀ­¹úÖ÷Á÷ÒøÐÐÀûÓà £¬Í¨¹ý´ÓC2·þÎñÆ÷¼ìË÷PINÂë²¢×Ô¶¯Ìî³äµÇ¼×Ö¶Î £¬ÊµÏÖδ¾­ÊÚȨµÄתÕ˲Ù×÷¡£


https://securityonline.info/fraudulent-scholarship-apps-a-new-malware-campaign-targets-students-in-bangladesh/