Go to listing page

Cyware Daily Threat Intelligence, April 24, 2019

Cyware Daily Threat Intelligence, April 24, 2019

Share Blog Post

The prolific Magecart threat actor group is back in headlines for stealing payment card details from an e-commerce store. The hacker group, which is primarily known for Formjacking attacks, has pilfered customers’ names, addresses and payment card details from an online merchandise store of basketball team Atlanta Hawks. Security researchers detected a malicious code injected by Magecart on the checkout page of this website. It is believed that those who placed orders on or after April 20, 2019, are affected by the attack.

The past 24 hours also saw the emergence of new details regarding a DNSpionage malware campaign that was carried out in November 2018. Researchers have found that the threat actors used a new .NET-based Karkoff malware to infect the targets in Lebanon and the United Arab Emirates. The malware was distributed via phishing emails that included a Microsoft Excel attachment.

In another phishing attack incident, North Korea-based hackers have been found disseminating malware by disguising it as press releases from the South Korean Unification Ministry. Security experts note that it is the work of APT 37 threat actor group.

Top Breaches Reported in the Last 24 Hours

Atlanta Hawks attacked
An online store of Atlanta Hawks has become the latest victim of Formjacking attack which was carried out by the MageCart group. The incident resulted in the compromise of customers’ names, addresses and payment card details. Customers who placed orders on the website on or after April 20, 2019 are believed to be affected by the breach. The incident was realized after security researchers identified suspicious code on the checkout page of the ‘Atlanta Hawks’ website. 

Aebi Schmidt hit by ransomware
Aebi Schmidt, a European manufacturing giant, has been hit by a ransomware attack. The attack has disrupted the operations of the firm and its subsidiaries. The systems necessary for manufacturing operations are also affected following the attack. The company’s email is not accessible due to the ransomware infection. The firm is assessing the situation and has started working on resolving the issues.  
Top Malware Reported in the Last 24 Hours

Karkoff malware
New evidence related to a DNSpionage attack from 2018 has surfaced recently. Security researchers have established that the threat actors behind the attack used a new .NET-based Karkoff malware to compromise victims’ systems. The malware was distributed through phishing emails that contained a Microsoft Excel attachment. Once launched on a victim’s machine, it renamed itself as ‘taskwin32.exe’ in order to avoid detection.

LoadPCBanker trojan
Cybercriminals have been found deploying LoadPCBanker trojan using the file cabinet template in Google Sites platform. The malware is used against users who speak Portuguese and/or English. The attackers are leveraging driver-by-download to achieve their ultimate goal. The malware, if successfully installed, is capable of capturing screenshots, clipboard data, and keystrokes.

Phishing attack
Hackers from North Korea are distributing malware in the form of press releases from the South Korean Unification Ministry. The malware is distributed via phishing emails purporting to come from the Unification Ministry department. The email claims to contain a response to a news report. However, the response letter actually contains a malware designed to infect users’ computers. 

50 malicious apps
A total of 50 malicious apps have been found on the Google Play Store. These apps act as legitimate software and are involved in the distribution of adware. They have been downloaded for a total of 30 million times. The malicious apps found by the researchers include Pro Piczoo, Photo Blur Studio, Mov-tracker, Magic Cut Out and Pro Photo Eraser. As of now, Pro Piczoo, Photo Blur Studio, and Mov-tracker apps have been removed from the Play Store.
Top Vulnerabilities Reported in the Last 24 Hours

A new version of Chrome released
Google has released a new version of Chrome for Windows, Mac, and Linux. The latest Chrome 74.03729.108 includes fixes for 39 security vulnerabilities that can allow an attacker to take control of an affected system. Along with the latest version Chrome 74, the firm has also released the Beta version of Chrome 75 and Canary version of Chrome 76 respectively.

A zero-day vulnerability in Belkin Wemo
An unpatched zero-day vulnerability in Belkin Wemo can put the Belkin Wemo Insight smart plug at risk. The vulnerability was discovered last year and could enable attackers to take control of IoT devices and steal users’ login credentials. The flaw is tracked as CVE-2018-6692. A patch for the flaw is expected by the end of April.


phishing emails
belkin wemo
zero day vulnerability
loadpcbanker trojan
karkoff malware
dnspionage attack

Posted on: April 24, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.