Cyware Daily Threat Intelligence August 28, 2018

Top Breaches Reported in the Last 24 Hours

Russian hackers target Orthodox Christians
Russia-backed hackers, Fancy Bear, spent years trying to steal the private correspondence of some of the world's most senior Orthodox Christian figures. The targets included top aides to Ecumenical Patriarch Bartholomew I. The campaign is reportedly the Kremlin's effort to help Moscow’s Patriarch Kirill remain as the head of the Ukrainian Orthodox Church.

Atlas Quantum breach
Cryptocurrency investment platform Atlas Quantum suffered a data breach which exposed the personal details of over 260,000 users.  The exposed data included names, telephone numbers, email addresses and account statements. Atlas Quantum said the hackers did not steal any funds from users' accounts. Some features of the platform have been temporarily disabled, as a precaution to ensure security.

ABBYY breach
ABBYY, the maker of optical character recognition software, suffered a breach due to an unprotected MongoDB database. Over 200,000 sensitive documents were exposed due to the breach. The data exposed includes details such as corporate emails and encrypted passwords, contracts, memos, letters, and other documentation.

Top Malware Reported in the Last 24 Hours

Android.Banker.L
Android.Banker.L is a newly discovered Android trojan that is considered to be an all-in-one malware. It combines the functionality of banking Trojans, keyloggers, and ransomware to compromise victim devices and steal data.  Android.Banker.L can forward calls, record sound, conduct keylogging and deploy ransomware. The trojan is also able to launch device browsers with a URL received from its C&C server, which is contacted via Twitter.

RtPoS malware
A new family of PoS malware has been discovered dubbed RtPoS. The malware has basic obfuscation and purports to be the Windows Logon Service. After compromising the machine, the RtPoS obtains a process list and begins its iteration. The malware is capable of stealing payment card data and can remain undetected for longer than other malware variants since it saves stolen data locally instead of sending it to the C2 server. RtPoS is suspected to be a post-compromise tool and could be a part of a larger set of tools, which are yet to be identified.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.