ZeroFox Daily Intelligence Brief - July 9, 2025

ZeroFox Daily Intelligence Brief - July 9, 2025

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Stealth Banking Malware Infects Thousands via Fake PDF Viewer
• Japan’s Nippon Steel Solutions Discloses Zero-Day Attack
• Global Scam Impersonates News Sites

Stealth Banking Malware Infects Thousands via Fake PDF Viewer

Source: https://www.bleepingcomputer.com/news/security/android-malware-anatsa-infiltrates-google-play-to-target-us-banks/

What we know: Anatsa banking trojan infiltrated a popular app store through a fake PDF viewer app with over 50,000 downloads. Once installed, the malware activates immediately, targeting users of North American banking apps.

Context: Anatsa is a persistent Android banking malware known for bypassing app store security. It uses deceptive overlays and fake maintenance messages to steal login credentials and perform fraudulent transactions.

Analyst note: Legitimate-looking apps can hide malware like Anatsa, putting users’ digital security at risk. The trojan can hijack banking sessions, log keystrokes to steal credentials, and automate unauthorized transactions—often without the user's awareness. Victims could also lose account access, delaying fraud detection and making it harder to report or stop in time.

Japan’s Nippon Steel Solutions Discloses Zero-Day Attack

Source: https://www.nssol.nipponsteel.com/press/2025/20250708_160000.html

What we know: Japan’s Nippon Steel Solutions (NS Solutions) has announced a data leak owing to a zero-day cyberattack on network equipment. Personal data related to the company’s customers, partners, and employees is suspected to have been leaked.

Context: NS Solutions said it detected a suspicious server access on March 7, 2025, and immediately isolated the compromised server from the network. Investigation is underway and the company is preparing to inform affected individuals.

Analyst note: The zero-day vulnerability is likely to be used in cyberattacks on other networks. Exposed individuals and businesses are likely to be targeted in phishing, social engineering, and impersonation attacks.

Global Scam Impersonates News Sites

Source: https://thehackernews.com/2025/07/baittrap-over-17000-fake-news-websites.html

What we know: An ongoing global scam campaign has been using fake news websites disguised as trusted media brands to lure potential online investors into fraudulent investment platforms.

Context: At the time of writing, there have been 17,000 fraudulent sites across 50 countries, involving brand impersonation, clickbait advertisements, and other phishing tactics to maximize victim exploitation.

Analyst note: These scams are likely to become more sophisticated, using AI-generated content and deepfakes of public figures promoting easy-to-execute investment strategies to lure individuals actively seeking online investment opportunities.

DEEP AND DARK WEB INTELLIGENCE

Hacktivists partner with DDoS‑as‑a‑service platform: Hacktivist groups, like Mr Hamza, Keymous, Inteid, and Tunisian Maskers Cyber Force, have announced a partnership with EliteStress, an online platform offering “IP Stresser and Booter” services, to help carry out simulated distributed denial-of-service (DDoS) attacks. Threat actors are very likely to target government and other organizational websites in the United States and allied countries, resulting in temporary disruptions.

VULNERABILITY AND EXPLOIT INTELLIGENCE

Microsoft Patch Tuesday July 2025: This month’s Patch Tuesday includes security fixes for at least 130 vulnerabilities, including a publicly disclosed zero-day, CVE-2025-49719, affecting Microsoft SQL Server. The update also addresses 14 flaws rated as “Critical,” including ten remote code execution flaws, one information disclosure bug, and two AMD side-channel vulnerabilities.

Affected products: The affected products are listed in this advisory.

Adobe Patches 58 Vulnerabilities: Adobe has released security updates for 58 vulnerabilities across 13 products, including critical flaws in AEM Forms, ColdFusion, and Adobe Connect that could enable threat actors to execute arbitrary code. If these vulnerabilities are left unpatched, they could enable attackers to gain control over affected systems, bypass security features, and escalate privileges.

Affected products: The affected products are listed in this advisory.