Cyware Daily Threat Intelligence, April 23, 2020

Share Blog post

Skimmer code and botnet continue to thrive with their malicious activities amid the COVID-19 crisis. In the past 24 hours, an online shopping site, powered by PinnacleCart software, has been found to be infected by a skimmer code that steals payment card information from customers. The malicious code scans for payment-related keywords on the checkout page before intercepting the data.

On the other hand, a new variant of Hoaxcalls botnet is actively exploiting an unpatched vulnerability in Zyxel Cloud CNM SecuManager to launch DDoS attacks. The new botnet variants include a total of 19 exploits.

Talking about vulnerabilities, Apple has patched two zero-day vulnerabilities affecting the Mail app in iOS. The flaws can be triggered by sending a specially-crafted email to a victim’s mailbox.

Top Breaches Reported in the Last 24 Hours

Paay exposes transaction records
A massive database belonging to Paay was left open to the public for three weeks before it was secured. The database contained about 2.5 million transaction records of merchants, online stores, and businesses. However, the data did not include cardholder names or card verification values.

UniCredit’s employees’ data on sale
Data of around 3000 employees working with UniCredit S.p.A went on sale on the dark web on April 19. The attacker who sold the data claimed to have compromised UniCredit’s systems and exfiltrated the data. The compromised information included names, email addresses, phone numbers, and encrypted passwords.

Top Malware Reported in the Last 24 Hours

Bazaloader malware
A new phishing campaign is underway that targets a company’s employees with fake customer complaints. The purpose of this campaign is to install a new backdoor, dubbed ‘Bazaloader’, to compromise a network. The malware utilizes the Blockchain-DNS resolver and its associated ‘bazar’ domain for the command and control (C2) servers.

Skimmer malware attack
An e-commerce website powered by PinnacleCart software was targeted with a skimmer malware designed to steal payment information from the checkout page. The malicious code checked for payment-related keywords like  billing_address, cc_number, billingForm, paymentMethodsForm, and ccs_password. Upon finding, it intercepted and encoded the data in a file on the website’s server.

New variant of Hoaxcalls botnet
A new variant of Hoaxcalls botnet has been spotted spreading via an unpatched vulnerability in the Zyxel Cloud CNM SecuManager. The new botnet variant is capable of launching DDoS attacks. The first iteration was discovered on April 3 and since then, the researchers have detected two more variants of the botnet.

Top Vulnerabilities Reported in the Last 24 Hours

Apple patches zero-days
Apple has patched two zero-day vulnerabilities associated with the Mail app in iOS. These flaws could allow an attacker to execute arbitrary code in the Mail app or in the ‘maild process’ that assists the Mail app behind the scenes. The flaws impact iOS version 6 and 13.4.1.

Zoom updates its security measures
Zoom has added extra encryption modules as a part of security measures in the new version of its software. The update comes after a report from the University of Toronto’s Citizen Lab which found that Zoom routed some meeting encryption keys through China.

 Tags

hoaxcalls botnet
unicredit
paay
zoom
mail app
bazaloader malware
pinnaclecart software

Posted on: April 23, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!