Go to listing page

Cyware Daily Threat Intelligence, April 17, 2019

Cyware Daily Threat Intelligence, April 17, 2019

Share Blog Post

Government agencies across the world have always been a lucrative target for cybercrooks as they possess massive amount of sensitive information. Recently, researchers have spotted a spear-phishing campaign which targeted several Ukrainian military agencies. The attackers behind the campaign are distributing QUASARRAT backdoor and RatVermin spyware with an aim to steal military secrets. The RatVermin spyware is delivered as a secondary payload in the campaign. It is capable of collecting system information, capturing screenshots, recording keystrokes and more.

In another incident, the FBI National Academy Associates (FBINAA) has suffered a major blow after a hacker group published personal details of 22,013 American Advertising Federation (AAF) members on the Internet. These AAF members are those who are on the FBI’s watchlist. The exposed data includes full names, companies, work area information and email addresses of AAF members.

The past 24 hours also witnessed the discovery of a new ransomware named NamPoHyu Virus. The ransomware is designed to target vulnerable Samba servers. The malware appends the encrypted files with the .NamPoHyu extension before leaving a ransom note.  

Top Breaches Reported in the Last 24 Hours

Personal data of AAF member leaked
After releasing the personal data of FBI agents, the hackers who go by the name of ‘PokemonGo Team’ have exposed the data of 22,013 AAF members. The records contain data of those people who are on the FBI’s watchlist. The exposed data includes full names, companies, work area information and email addresses of AAF members.

Twitter account of Sweden’s Social Democratic Party hacked
An investigation has been launched following the hack of the official Twitter account of Sweden’s Social Democratic Party. The operators changed the name of the account to ‘Bitcoin Democrats’ and added the logo of Bitcoin to the party’s logo image. It is believed that hackers had managed to pull off the hack by directly contacting the Twitter office. More than 20 unwanted tweets on a range of topics were shared before the party regained control of the account.

Stone Mountain Memorial Association targeted
The Stone Memorial Association’s (SIMMA) computers have been infected in a ransomware attack. This has impacted the internal networks. However, no sensitive information or public services are affected by the attack. The association is working with the Georgia Bureau of Investigation and Georgia Technology Authority to retrieve the encrypted files. 

Hackers steal $4 million worth Electrum Bitcoin
Hackers have stolen approximately $4 million worth Electrum Bitcoin in ongoing phishing attacks since late December 2018. They were able to steal this huge amount by exploiting a weakness in the Electrum Bitcoin wallet. This enabled the hackers to trick unsuspecting users into downloading a malicious version of the wallet.

JustDial data breach
A data breach at JustDial has exposed personal data of over 100 million users. Researchers discovered that the data was available in an unprotected, publicly accessible database belonging to the firm. The leaked data include names, emails, mobile numbers, addresses, genders, dates of birth, photos and company names of JustDial users.

Top Malware Reported in the Last 24 Hours

‘NamPoHyu Virus’ ransomware
Security researchers have uncovered a new ransomware named NamPoHyu Virus. The ransomware is used to target vulnerable Samba servers. Once it finds a vulnerable Samba server, it brute forces the password and then remotely encrypts the files and leaves a ransom note. It adds the .NamPoHyu extension to encrypted files.

RatVermin spyware
Researchers have uncovered an ongoing spear-phishing campaign targeting multiple Ukraine military agencies. The campaign is carried out to distribute QUASARRAT backdoor and RatVermin spyware. As part of the attack, the hackers are sending emails containing LNK files with a malicious PowerShell script. The attackers behind the campaign aim to steal sensitive information on the networks of the Ukranian military.

Malvertising campaign impacts 500 million iOS users
eGobbler threat actor group has been found launching multiple malvertising campaigns to steal
Sessions of over 500 million iOS users. The campaigns are launched in the US and European countries. For this, the attackers leveraged an unpatched bug in Google Chrome for iOS. The threat actors have used a total of 8 individual campaigns and over 30 fake creative ads to launch the attacks.

HawkEye keylogger evolves
A new version of HawkEye keylogger has been detected recently. It is being sold on hacking sites as an advanced monitoring solution. The new version can aid the attackers in stealing sensitive information and account details. Dubbed as HawkEye Reborn v9, it also has several anti-analysis features.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable TicTocTrack smartwatch
TicTocTrack, a popular smartwatch that allows parents to track their children’s whereabouts, has been discovered to be riddled with several security issues. The flaws can allow hackers to track and call children. The smartwatch’s API can be attacked by changing the FamilyIdentifier number. Once changed, this could allow a bad actor to gain complete access to the user’s data including the children’s location, parents’ full names, phone numbers, and other personally identifiable information. 

A flaw in Adblock, Adblock Plus, uBlock filters
A bug in the filter systems of Adblock, Adblock Plus, and uBlock extensions can allow attackers to inject arbitrary code into websites. As a result, attackers can perform malicious activities such as stealing cookies and login credentials, as well as initiate page redirects. In AdBlock, the issue exists in version 3.2. The version includes a new filter list option called $write that could be used by some ad blockers to block circumvention attempts, remove tracking data, and to prevent websites from forcing ads on visitors using blocking software. 


malvertising campaign
ratvermin spyware
hawkeye reborn v9
egobbler threat actor group
pokemongo team
nampohyu virus ransomware

Posted on: April 17, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.