Go to listing page

Cyware Daily Threat Intelligence, April 13, 2021

Cyware Daily Threat Intelligence, April 13, 2021

Share Blog Post

From giving out freebies to selling stolen data at insanely high prices, the mood and spirit of the dark web are always changing. Lately, a dark web seller has been selling information of 21 million ParkMobile customers for $125,000. In another incident, a ransomware attack on a logistics company, Bakker Logistiek, resulted in a cheese shortage across Dutch supermarkets.

Malware operators are becoming braver and more sophisticated, which is evident in the newly developed malware. Researchers spotted a new malware downloader, Saint Bot,  that can drop information stealers and other malware downloaders. Another set of new variants of the Android malware family BRATA was found posing as app security scanners on Google Play Store. Some vulnerabilities also came to the limelight such as NAME:WRECK DNS bug, RCE bug in the Source 3D game engine, and zero-day RCE vulnerability affecting Microsoft Edge, Google Chrome, and other Chromium-based browsers

Top Breaches Reported in the Last 24 Hours

Parking platform suffers a breach
A dark web seller has been found selling the account information of 21 million customers of a North American mobile parking app called ParkMobile on a Russian-speaking crime forum. The stolen data, priced at $125,000, includes customers’ dates of birth, email addresses, phone numbers, hashed passwords, license plate numbers of all registered vehicles, and mailing addresses.

ShinyHunters hits a brokerage firm
Lately, an Indian online trading and discount brokerage platform, Upstox, underwent a data breach that revealed the sensitive information of about 2.5 million users on the dark web. Leaked by ShinyHunters, the exposed information includes names, dates of birth, email addresses, bank account information, and about 56 million KYC documents stolen from the company’s server.

A cheesy ransomware attack
A ransomware attack on Bakker Logistiek, a conditioned warehousing and transportation provider, led to a cheese shortage in Dutch supermarkets. The attack encrypted devices on the logistics company’s network and disrupted its food transportation and fulfillment operations.

Top Malware Reported in the Last 24 Hours

New malware downloader spotted
Researchers recently spotted attackers using the Saint Bot malware to drop information stealers and other malware downloaders in targeted campaigns against Georgian government institutions. One of the information stealers that Saint Bot has been observed installing is Taurus, a malware tool designed to steal passwords, cookies, browser history, and data in auto-fill forms. 

BRATA sneaks into Google Play Store
Several new variants of the Android malware family BRATA have been posing as app security scanners on Google Play Store to disseminate a backdoor capable of collecting sensitive information. After urging users to update WhatsApp, Chrome, or a PDF reader, this new set of malicious Android apps take full control of the device by abusing accessibility services.

Top Vulnerabilities Reported in the Last 24 Hours

Newly disclosed DNS bugs
Nine newly disclosed DNS vulnerabilities, collectively dubbed NAME:WRECK, put more than 100 million consumers, enterprises, and industrial IoT devices at risk. These vulnerabilities can affect four well-known TCP/IP stacks, IPnet, FreeBSD, Nucleus NET, and NetX, which are present in renowned IT software and IoT/OT firmware. 

Vulnerability in game engine
Security researchers reported an RCE bug in the Source 3D game engine built by Valve that could be used for building games with tens of millions of unique players. imagSeveral game titles built with Source are compromised and require a patch. Some of the games that use Valve’s Source engine include Counter Strike: Global Offensive, Half-Life, Half-Life 2, Team Fortress, Garry’s Mod, Portal, and Left 4 Dead.

Zero-day vulnerability shared on Twitter
A security researcher has published a zero-day RCE vulnerability on Twitter for a recently discovered vulnerability affecting Microsoft Edge, Google Chrome, and other Chromium-based browsers, such as Opera and Brave. While Chromium developers patched the V8 bug last week, it is not yet integrated into official releases of downstream Chromium-based browsers that are still vulnerable to cyberattacks.

 Tags

bakker logistiek
rce vulnerability
clubhouse
parkmobile
shinyhunters
dutch supermarkets

Posted on: April 13, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite