Go to listing page

Cyware Daily Threat Intelligence, April 29, 2021

Cyware Daily Threat Intelligence, April 29, 2021

Share Blog Post

Banking institutions are indeed becoming a lucrative target of impersonation attacks. Now Lloyds Bank customers are being targeted in a smishing campaign designed to steal passwords and other sensitive information.

Looks like Megacart has a new competitor as researchers unearthed details about a new cyberespionage campaign targeting e-commerce sites. Active since 2019, the campaign dubbed ‘Water Pamola’ is spread across Japan, Australia, and European countries.

Meanwhile, new malware named RotaJakiro backdoor is giving a tough time to researchers with its enhanced anti-analysis capabilities.

Top Breaches Reported in the Last 24 Hours

Contact-tracing apps leak data
Hundreds of third-party contact-tracing apps for Android devices have been found leaking sensitive data due to the API developed by Apple and Google. These apps can enable anyone to view users’ medical data.

Misconfigured AWS bucket
A misconfigured AWS S3 bucket belonging to Los Angeles-based Paleohacks has exposed the data belonging to roughly 70,000 users. The bucket included data from 2015 to 2020 and contained personally identifiable information, such as full names, email addresses, IP addresses, login timestamps, locations, dates of birth, and profile pictures of users.

WDH accidentally exposes data
The Wyoming Department of Health (WDH) has accidentally disclosed COVID-19, flu, and breath alcohol test results of 164,000 individuals on the internet. The exposed data includes individuals’ names, IDs, postal addresses, dates of birth, test results, and dates of service.

DigitalOcean data breach
Cloud hosting provider DigitalOcean has disclosed a data breach after a flaw exposed customers’ billing information. The flaw allowed an unauthorized user to access the billing details of customers between April 9 and April 22.

Water Pamola campaign
A cyberespionage campaign dubbed Water Pamola has been active since 2019. The campaign was initially focused on e-commerce online shops in Japan, Australia, and European countries. However, after 2020, researchers found that victims are now mainly located in Japan. Additionally, threat actors are leveraging malicious scripts instead of malicious attachments to target the online stores.

DopplePaymer leaks data
The operators of the DopplePaymer ransomware have leaked a large collection of files from the Illinois Office of the Attorney General after a failed negotiation. The leaked files include information from court cases orchestrated by the Illinois OAG, including some private documents.
Top Malware Reported in the Last 24 Hours

RotaJakiro backdoor
A new backdoor malware named RotaJakiro, which is believed to have links to the Torii botnet, is targeting Linux 64-bit systems. The malware uses a double encryption algorithm (a combination of AES and XOR) to stay under the radar.

RedLine Stealer spotted
A new campaign detected by researchers found the RedLine Stealer disguised as an installer of the popular secure messaging app Telegram. The malware is one such stealer that is commonly used by attackers to harvest credentials from users.

New WeSteal cryptocurrency stealer
A new commodity cryptocurrency stealer, WeSteal, has been advertised on an underground forum since February 2021. The malware comes with several anti-evasion techniques to enable its operators to silently mine cryptocurrencies, steal passwords, or disable webcam lights.

Moserpass malware attack
Click Studios is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware. The notification comes after the attackers successfully compromised the password manager’s update mechanism in Click Studios to deliver the malware between April 20 and April 22.

Top Vulnerabilities Reported in the Last 24 Hours

Cisco patches multiple flaws
Cisco has patched multiple vulnerabilities found in Firepower Threat Defense (FTD) software. The high-severity flaws can be exploited for arbitrary command execution or denial of service attacks. While the company claims that there is no evidence of exploitation of these vulnerabilities, it recommends users to apply the available patches.

Top Scams Reported in the Last 24 Hours

Lloyds Bank targeted
Lloyds Bank customers are being targeted in a smishing campaign that tricks users into thinking that there is a security issue with their bank accounts. The message includes a link that leads recipients to a scam website, which can be used to easily harvest personal information from unsuspecting individuals.

TrustWallet Bitcoin scam
TrustWallet cryptocurrency exchange is warning users about a Bitcoin scam that originates through Twitter. The ultimate goal of the scam is to phish wallet recovery codes from users.


aws bucket
water pamola
lloyds bank
rotajakiro backdoor

Posted on: April 29, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.