Cyware Daily Threat Intelligence, August 02, 2019

See All
Malicious actors are increasingly impersonating legitimate entities to carry out phishing attacks against organizations. Such an incident has been experienced by three US companies in the utility sector. These companies were targeted through spoofed emails that appeared to come from a US-based engineering licensing board. The purpose of the attacks was to deliver a malware named LookBack. The malware includes a RAT module and a proxy mechanism used for command and control communication. 

Security researchers have uncovered a flaw in the AirDrop feature which is used to send photos, videos, links and many more between iPhone, iPad and Mac devices. The flaw can be abused to obtain unsuspecting users’ phone numbers and works when Bluetooth is enabled on the device. 

Scammers have been found stealing user funds in a new QR code scam. They are replacing the original QR code with a fraudulent one to steal money from victims. Besides this, there have been reports of QR codes being used to install malware onto the victims’ devices.   

Top Breaches Reported in the Last 24 Hours

Breach alert issued in South Korea
A breach alert has been issued in South Korea after security researchers discovered that more one million payment card details were put for sale on a hacking forum. The source of these payment card details has not been identified. However, it is believed that hackers may have obtained the card records by using PoS malware or card skimmer devices. 

Two Deer Valley Resort restaurants attacked
Mariposa and Royal Street Cafe located at Deer Valley Resort are notifying their guests about a payment card security incident. On May 17, 2019, a malware was detected on the PoS used by the restaurants. However, the incident had occurred from January 10 to 28, 2019. During this period, cardholders’ names, payment card numbers, expiry dates, and other internal verification codes were read from the cards’ magnetic strips. 

Voter records of Chileans exposed
The voter information of over 14.3 million Chileans was left exposed due to an unprotected Elasticsearch database. The database contained names, home addresses, gender, age and tax ID numbers of individuals. The leaked information corresponds to the data of 2017. 

Bank of Cardiff leaks audio data
An Amazon S3 bucket that stored data relating to Bank of Cardiff was found exposed online. The incident caused the leak of more than one million audio recordings made by employees. Many of the recordings were from 2015 to 2017. The S3 bucket was secured immediately after the bank became aware of it.  

Top Malware Reported in the Last 24 Hours

LookBack malware
Three US companies in the utility sector were targeted in several spear-phishing emails between July 19 and July 25, 2019. The phishing emails appeared to come from a US-based engineering licensing board. These emails contained a malicious Word document which when opened, resulted in the download of macros. These macros were used to download the LookBack malware. 

SystemBC malware
A new malware named SystemBC has been found to be delivered via exploit kits like Fallout and RIG. The malware is written in C++ and primarily sets up SOCKS5 proxies on victims’ computers that are used by threat actors to hide their C2 server traffic. 

DealPly adware variant
Security researchers have discovered a new variant of DealPly adware that abuses reputed services provided by Microsoft’s SmartScreen and McAfee’s WebAdvisor to avoid detection. The malware variant is distributed via legitimate software installers through websites that offer free software downloads.  

Amavaldo banking trojan
The new Amavaldo banking trojan has been found to be used in a pair of malicious campaigns that targeted Brazilians and Mexicans. Apart from its banking trojan functionality, the malware is capable of taking screenshots, capturing photos, keylogging, downloading additional programs and restricting access to legitimate banking websites. The campaigns relied on malicious MSI installers for the propagation of the malware.

Clop ransomware
Clop is a ransomware which primarily aims to encrypt all files in an enterprise and request a payment to decrypt the affected files. The ransomware has impacted regions such as Switzerland, Great Britain, Belgium, United States, The Netherlands, Croatia, Porto Rico, Germany, and Turkey among others. The characteristics of the malware show that its intended targets are enterprises, and not end consumers.    

Top Vulnerabilities Reported in the Last 24 Hours 

AirDrop vulnerability
A newly discovered AirDrop security flaw can let malicious third parties access critical information like phone numbers from iPhones. The flaw exists in the wireless sharing feature AirDrop, that is built into the device. The flaw can be exploited if the Bluetooth is enabled on the device. 

Vulnerable Bluetooth enabled Deadbolt
Six vulnerabilities have been uncovered in the Hickory Smart Bluetooth Enabled Deadbolt. The flaws can enable users to remotely lock their homes via a mobile app on their iPhone handsets. These flaws range from insecure storage to improper API access control and cleartext credential transmission.  
   
Top Scams Reported in the Last 24 Hours

QR code scam
Scammers are using social engineering techniques to trick users in a new QR code scam. Once victims scan the fake QR code on their phones, the payments are sent to accounts belonging to scammers. Criminals are replacing public and unguarded QR codes with their own in order to redirect the payments to their accounts. Besides the fake banking environment scam, there have been reports of QR codes being used to install malware onto the victims’ devices.




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, August 05, 2019
Next
Cyware Daily Threat Intelligence, August 01, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.