Cyware Daily Threat Intelligence April 17, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours
Smoke Loader malware
The authors of Smoke Loader have revamped its infection technique and introduced 64bit payload. Significant changes have been made to the malware in order to bypass Windows Defender and other Antivirus software after Microsoft came out with its countermeasures. The current version injects itself into a running instance of Windows Explorer instead of creating a hallow process.

PlugX malware
The PlugX remote access trojan (RAT) has been found spreading via campaigns targeting pharmaceutical organizations in Vietnam, in order to steal drug formulas and business information. Once infecting a system, the malware allows hackers to modify files, log keystrokes, steal passwords and capture screenshots of user activity.

VBScript Downloader
A new VBScript downloader, dubbed ARS VBS Loader, has been found affecting computers running the Microsoft Windows operating system that supports Windows 10. It is a spin-off of a downloader called SafeLoader VBS. The downloader uses fake email attachments to trick users into clicking on them.

Top Breaches Reported in the Last 24 Hours
Instagram accounts hacked
Reports have been released that several Instagram accounts have been hacked, leading to assumptions that the Instagram servers have been compromised. Researchers are suspecting a group called the Saudi Electronic Army behind the breach. However, Instagram says that the problem is a result of a system bug.

Patient data exposed
An unauthorized third party might have gained access to Texas Health Resources last October. The event was part of a larger incident affecting multiple entities across the country. Exposed patient information included names, medical record numbers, birth dates, addresses, insurance information, and clinical information of around 4000 patients.


 Tags

Posted on: April 17, 2018



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.