Go to listing page

Cyware Daily Threat Intelligence, August 30, 2019

Cyware Daily Threat Intelligence, August 30, 2019

Share Blog Post

Another day, another Android security alert! Security researchers uncovered two apps on the Google Play Store that used new forms of ad clicking techniques. The apps in the question were Idea Note and Beauty Fitness. The purpose of these apps was to generate revenue through ads for their developers while draining battery power, slowing performance, and increasing data usage of infected phones.

That’s not all! The past 24 hours also saw a new Android RAT called BRATA. The malware, which has over 20 variants since its inception in January 2019, is primarily distributed as updates for WhatsApp app. The malware includes spying and keylogging capabilities. 

Google Project Zero researchers have detailed new exploit chains that could affect iPhone users. They have detected a set of five separate and complete iPhone exploit chains affecting iOS 10 through all versions of iOS 12.

Top Breaches Reported in the Last 24 Hours

41 online gamblers affected
Unprotected databases associated with different gambling sites have exposed personal data of over 41 million online gamblers. The exposed information includes names, phone numbers, birthdays, ID card numbers, and bank account numbers of individuals.  

Over 400 dental offices attacked
Over 400 dental offices located in the US have been affected after the data and patient records were encrypted by Sodinokibi ransomware. The attack occurred on August 26, 2019, after the malware infected DDS Safe, an online backup product from Digital Dental Record (DDS).

30 SORM devices leak data
Around 30 unprotected devices belonging to the System for Operative Investigative Activities (SORM) have leaked several log details. This includes IP addresses, IMEI and IMSI codes, MAC addresses, ICQ usernames, and email addresses spotted in POP3, SMTP or IMAP4 traffic.

TGI Fridays Australia affected
TGI Fridays Australia restaurant chain has disclosed a security breach that occurred due to an unprotected server. This has affected customers who are part of MyFridays membership rewards program. As a result, the company has urged its customers to change the password of their accounts. 

Top Malware Reported in the Last 24 Hours

Shady apps
Two apps - Idea Note and Beauty Fitness - have been found using new ad clicking tactics to trick users. These apps were in use for almost a year and had garnered over 1.5 million downloads on the Google Play Store before they were removed. Using the new ad clicking tactics, these apps were able to generate revenues for the developers.   

Trickbot trojan returns
A new phishing campaign has been found by security researchers that leverages the legitimate Google Docs application. It is used to distribute Trickbot trojan. The purpose of using Google Docs is to bypass the email gateway and lure users into clicking the link.

BRATA is a newly discovered Android RAT that infects users in Brazil. The malware is primarily distributed in the form of apps on the Google Play Store. The malware, once installed, deploys keylogging capabilities. It also allows its operators to unlock their victims’ devices, collect device information, turn off the device’s screen to surreptitiously run tasks in the background and uninstall itself.

‘Heatstroke’ phishing campaign
An advanced phishing campaign that uses multistage phishing attack approaches has been uncovered recently. Dubbed as ‘Heatstroke’, the purpose of the campaign is to steal PayPal and credit card information from users. The attack is initiated by sending a phishing email asking the user to verify his account.

Fake site distributes a trojan
Attackers have created a fake site to distribute Loki++ trojan that is capable of stealing passwords, cryptocurrency wallets, browser history and much more. The site impersonates the legitimate Smart Game Booster cgameboost.com site.  

Top Vulnerabilities Reported in the Last 24 Hours

Google fixes RCE flaw
Google has updated its Chrome 76.0.3809.132 for Windows, Mac, and Linux to fix a high-severity remote code execution (RCE) flaw. The flaw is tracked as CVE-2019-5869 and existed in the Blink browser engine that powers the Google Chrome. It poses a high risk to large and medium government and business entities.

iOS exploit chains
Google Project Zero researchers have discovered a collection of hacked websites that could be used to launch a watering hole attack against visitors using iPhones. The exploit affects iPhones using iOS versions 10 through 12. A total of 14 vulnerabilities found in these iOS versions of iPhones can be used to launch attacks.


heatstroke phishing
rce flaw
brata android rat
tgi fridays

Posted on: August 30, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.