Cyware Daily Threat Intelligence, December 02, 2019

See All
In a major achievement, law enforcement agencies have managed to bring down the infrastructure of the Imminent Monitor Remote Access trojan (IM-RAT), a hacking tool that has been on sale for the past six years. The operation was carried out in two stages. The first stage was executed in June 2019, when police forces searched the homes of the IM-RAT author and one of his employees. The second stage took place last week, causing the shut down of the IM-RAT website, its backend servers, and arrest of 13 of its most prolific users.  

Despite a major setback for cybercriminals, the cyber threat landscape continues to witness the emergence of new malware such as CStealer. This newly discovered Windows trojan has been found stealing passwords stored in the Google Chrome browser. The interesting aspect of the malware is that it connects to a remote MongoDB database to store the stolen credentials.

In a major data breach incident, the digital streaming platform Mixcloud has exposed over 20 million user accounts following a cyberattack. The stolen records have been put up for sale on a dark web marketplace. The data is offered for 0.27 bitcoin ( around $2000).

Top Breaches Reported in the Last 24 Hours

TrueDialog leaks data
TrueDialog, an SMS provider for businesses and higher education, had leaked tens of millions of SMS messages following a leaky database. The unprotected database included 1 billion entries belonging to over 100 million US citizens. The sensitive data contained in these leaked SMS messages included full names of recipients, TrueDialog account holders, TrueDialog users, the content of messages, email addresses, phone numbers and dates & times of messages.

Data of Mixcloud users on sale
The online music streaming service Mixcloud was recently breached by a cybercriminal with the purpose of selling the stolen data on a dark web marketplace. The data is offered for sale for 0.27 bitcoin (around $2000). The hacker’s access to users’ data includes usernames, email addresses, SHA-2 hashed passwords, account sign-up dates & country, the last login date, and links to profile photos.

Buyback website breached
A data breach on the Buyback website has revealed full contact details, firearm license numbers and bank address details of more than 37,000 gun owners. The breach was revealed by the Council of Licenced Firearms Owners (COLFO) after it learned that the information of 70,000 firearm hand-in notifications was accessible to users on the website.

Top Malware Reported in the Last 24 Hours

CStealer malware
A new Windows trojan called CStealer has been uncovered stealing passwords stored in the Google Chrome browser. Additionally, the malware is also capable of using a remote MongoDB database to store the stolen passwords. For this, CStealer utilizes the MongoDB C Driver as a client library to connect to the database.

IM-RAT took down
In a week of coordinated action, the Australian Federal police along with other law enforcement agencies in several countries have taken down the Imminent Monitor malware. The police department has arrested thirteen of its most prolific users apart from seizing the site. Police forces have recovered a number of items including 436 laptops, phones, and servers, that are expected to yield further evidence.

Top Vulnerabilities Reported in the Last 24 Hours

RCS Hacking attacks
Security researchers have uncovered the improper implementation of RCS functionality in many networks could let hackers gain complete control over the user accounts. This is possible by stealing RCS configuration files that include SIP and HTTPS credentials. The flaw can also be abused to launch a MITM attack to intercept and manipulate user communications. The issue arises when the RCS message for Android device does not implement sufficient domain and certification validation. For the uninitiated, RCS or Rich Communication Services allows advertisers to send interactive & personalized messages with full interactive functions without any additional apps.

Top Scams Reported in the Last 24 Hours

Fake Steam skin giveaway scam
A fake Steam skin giveaway site has been created with a purpose to steal login credentials. The fake site claims to offer new skins every day but instead tricks users into sharing their username and password. The scam is promoted as comments made to Steam profiles. If a user goes to the site, they will be shown a pop-up that says ‘$30,000 giveaway’ which contains 26 days of free skin giveaway for Counter-Strike: Global Offensive (CSGO). To make it look less suspicious, the phishing site has a fake chat screen running on the left-hand side of the page.


See Our Products In Action




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, December 03, 2019
Next
Cyware Daily Threat Intelligence, November 29, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.