Cyware Daily Threat Intelligence December 3, 2018

Top Malware Reported in the Last 24 Hours

BackSwap trojan evolves
The BackSwap trojan has evolved since its discovery in March 2018. The malware was initially to target banks in Poland. However, in August, the malware shifted its target to banks in Spain. The variants of BackSwap that have evolved from September through November do not show any major change except for few modifications in the PIC payload, encryption layers and JavaScript web-injection mode.

CARROTBAT dropper
Security researchers have discovered a phishing campaign named 'Fractured Block' targeting the Korean peninsula. The attack campaign uses a malicious dropper named CARROTBAT to deliver decoy documents and additional payloads such as remote access trojans. The decoy document file formats supported by the malware are .docx, .eml, .hwp, .jpg, .pdf, .png, .ppt, .pptx, .xls, and .xlsx. 

Pied Piper campaign
A new phishing campaign named as 'Pied Piper' has been found hitting multiple targets. The campaign is used to deliver various RAT payloads on to the targeted machines, across the globe. One such RAT used in the campaign is the FlawedAmmyy RAT. It enables the attackers to take complete control over a victim's system and steal confidential data and files.

Top Vulnerabilities Reported in the Last 24 Hours

A flaw in IBM WebSphere Application Server
IBM WebSphere Application Server has been detected with a critical privilege escalation vulnerability. The flaw is dubbed as CVE-2018-1840 and affects both 9.0 and 8.5 versions of the WebSphere Application Server. The flaw can allow a remote attacker to gain elevated privileges on the system when a security domain is configured to use a federated repository other than the global federated repository. Users are advised to apply fix pack v9.0.0.10 or later if they are using the version 9.0.0.0 to 9.0.0.9. While in the case of version 8.5.0.0 to 8.5.5.14, users must apply v8.5.5.15 or later.

Top Breaches Reported in the Last 24 Hours

Commonwealth bank brandjacked 
Brandjackers are incorporating the logo and branding of Australia's best known Commonwealth bank to trick users into giving their confidential details. The scam involves sending phishing emails to victims, notifying that there are some errors in their account details. The email comes attached with a malicious link which when clicked, takes the victims to a bogus sign-in page. 

EternalBlue spotted in the wild
Leaked NSA exploit kit, EternalBlue, has been found compromising more than 45,000 internet routers in a recent attack campaign. The campaign leverages the vulnerable Universal Plug and Play (UPnP) and exposes the devices that are connected to routers through open ports 139 and 445. The attack has exposed nearly two million computers, phones, smart speakers, robot vacuum cleaners, tablets, and other devices.

Top Scams Reported in the Last 24 Hours

Gift card scam
With Christmas and New Year around, hackers are being observed using a new scam to trick employees into buying gift cards. The scammers pose as CEOs to trick office managers, executive assistants and receptionists into sending them gift cards. Unlike other scam campaigns, the emails sent in this campaign do not have malicious links or files. Additionally, the attackers capitalize on the urgency of holidays and pose the request as a company surprise, thus discouraging the victim from confirming the legitimacy of the request. Using the simple social engineering technique of CEO impersonation, attackers are easily exploiting people's holiday mood. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.