Go to listing page

Cyware Daily Threat Intelligence August 30, 2018

Cyware Daily Threat Intelligence August 30, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Asacub malware
Asacub is one of the world's most prolific banking malware. It was developed in 2015 when it contained more spyware capabilities. The Trojan has infected over 225,000 users, almost all of whom are from Russia. By setting itself as the default messaging app, Asacub can withdraw funds from phones running an application used by one of Russia's largest banks. 

A new version of the CEIDPageLock rootkit has been discovered. It is being distributed via the Rig exploit kit. The malware can monitor victims' browser activities and tricks victims into visiting fake websites. The rootkit has infected over 10,000 victims in China and around 40 in the US. The rootkit allows threat actors to obtain account credentials, deliver malicious payloads, and collect data without consent.

BusyGasper spyware
The BusyGasper Android spyware has recently been discovered by security experts. The malware is not being distributed via traditional means. Attackers require physical access to a targeted device to install the spyware. BusyGasper has infect 10 victims in Russia. The spyware can detect motions, steal data and keylog.

Top Vulnerabilities Reported in the Last 24 Hours

TPM chips bug
A grey area vulnerability has been discovered in TPM chips. The bug works against computers which use a TPM chip that uses a static root of trust for measurement (SRTM) system for the boot-up routine. Two new attacks on TPM chips have been disclosed. The attacks can allow an attacker to tamper with the boot-up process. While an attacker abuses power interrupts, the TPM state restores to obtain valid hashes for components involved in the boot-up process. The second attack affects TPM chips that use a dynamic root of trust for measurement (DRTM) system for the boot-up routine.

Schneider Electric flaw
Multiple vulnerabilities have been discovered affecting Schneider Electric firmware. The cross-site scripting enables attackers to manipulate user input and launch remote code execution attacks. Together, successful exploitation of the vulnerabilities allows unauthorized users to replay authentication sequences, overwrite passwords, or decode passwords. Schneider has issued patches for the bugs.

Top Breaches Reported in the Last 24 Hours

Huazhu Hotels breach
Chinese hotel chain Huazhu Hotels suffered a data breach that resulted in over 130 million of its guests' data being put up for sale on the dark web. The stolen data is being sold in a Chinese dark web forum for 8 bitcoins. The Chinese hotel chain operates 13 hotel brands across 5,162 hotels in 1,119 Chinese cities. The compromised data includes official website registration information such as ID card numbers, mobile phone numbers, email addresses, home addresses, and more.

TheTruthSpy hack
TheTruthSpy, a company that sells spyware to domestic abusers, was hacked. Attackers breached TheTruthSpy's servers and stole login credentials, photos, audio recordings intercepted from victim’s phones, text messages, location information, and social media chats and more.

Air Canada breach
Air Canada's mobile app users may have been affected by a data breach. The personal information of around 20,000 users may have been compromised by the breach. Users' names, email addresses, and phone numbers may have been stolen. Following the breach, the airline has locked down all 1.7 million user accounts until their passwords are changed. 


huazhu hotels
air canada
schneider electric

Posted on: August 30, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.