Cyware Daily Threat Intelligence August 28, 2018

Russia-backed hackers, Fancy Bear, spent years trying to steal the private correspondence of some of the world's most senior Orthodox Christian figures. The targets included top aides to Ecumenical Patriarch Bartholomew I. The campaign is reportedly the Kremlin's effort to help Moscow’s Patriarch Kirill remain as the head of the Ukrainian Orthodox Church.

Cryptocurrency investment platform Atlas Quantum suffered a data breach which exposed the personal details of over 260,000 users.  The exposed data included names, telephone numbers, email addresses and account statements. Atlas Quantum said the hackers did not steal any funds from users' accounts. Some features of the platform have been temporarily disabled, as a precaution to ensure security.

ABBYY, the maker of optical character recognition software, suffered a breach due to an unprotected MongoDB database. Over 200,000 sensitive documents were exposed due to the breach. The data exposed includes details such as corporate emails and encrypted passwords, contracts, memos, letters, and other documentation.

Android.Banker.L is a newly discovered Android trojan that is considered to be an all-in-one malware. It combines the functionality of banking Trojans, keyloggers, and ransomware to compromise victim devices and steal data.  Android.Banker.L can forward calls, record sound, conduct keylogging and deploy ransomware. The trojan is also able to launch device browsers with a URL received from its C&C server, which is contacted via Twitter.

A new family of PoS malware has been discovered dubbed RtPoS. The malware has basic obfuscation and purports to be the Windows Logon Service. After compromising the machine, the RtPoS obtains a process list and begins its iteration. The malware is capable of stealing payment card data and can remain undetected for longer than other malware variants since it saves stolen data locally instead of sending it to the C2 server. RtPoS is suspected to be a post-compromise tool and could be a part of a larger set of tools, which are yet to be identified.