Hackers Antagonize Universities, Create Trojans and Find 'Crazy Bad' Zero Day

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Cyberattacks on Singapore Universities Not 'Work of Casual Hackers' 

A couple of Singaporean higher-education institutions suffered separate cyberattacks in April, and officials say it wasn’t “the work of casual hackers.”

The National University of Singapore and Nanyang Technological University suffered IT network breaches last month, according to Channel NewsAsia. NUS had an “unauthorised intrusion into its IT systems through a single server,” and NTU discovered a malware attack.

Both universities alerted the Cyber Security Agency, a government office that oversees federal cybersecurity functions. Authorities said the hackers may have intended to steal government or research-related information, but no student information was targeted.

The first of its kind on Singapore universities, the digital attacks were “targeted, carefully planned and ‘not the work of casual hackers,’” authorities said, according to Channel NewsAsia.

"We know who did it, and we know what they were after,” CSA CEO David Koh said. "But I cannot reveal this for operational security reasons.”

Both universities said they have taken measures to clean up after the attacks and to isolate affected systems.

Malware Found Hiding in Mac Version of Popular Video App

The developers of an open-source transcoder app warned users some installers for the Mac version of HandBrake may have malware after they discovered a compromised mirror download server.

On May 6, HandBrake said users who downloaded the software between May 2 and May 6 have a “50/50 chance” they also got a Proton Trojan that could allow remote access to their computers, We Live Security reported.

“If you see a process called ‘Activity_agent in the OS X Activity Monitor application, you are infected,” the alert said.

Mac Rumors said users with versions 0.10.5 and earlier should check their systems, but versions 1.0 and later aren’t affected.

Apple pushed out a signature feature to prevent new infections and HandBrake suggests users change all passwords stored in the operating system keychain and browsers, according to Threatpost.

Microsoft Patches ‘Crazy Bad’ Zero Day in Operating System

Microsoft released an emergency patch to address a bug Google Project Zero security experts found over the weekend.

Microsoft issued a security advisory Monday, which should roll out automatically over the next 48 hours across Microsoft systems.

On Twitter, Project Zero researchers said they found a bug in Windows products that would allow someone to take control of the system, calling it “crazy bad” and “wormable.”

The flaw allows attackers to take control of a system if Microsoft Malware Protection Engine—used by other Microsoft security products—scans a special file sent through email, instant messaging or a malicious site, ZDNet reported.  

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Microsoft advisory said.

The Project Zero team said malware using the vulnerability could replicate itself and spread to other systems. Microsoft said there have been no reported exploits in the wild, according to ZDNet.