Cyware Daily Threat Intelligence December 6, 2018

The popular online gaming subscription site Humble Bundle suffered a data breach that was caused a bug in the website. The bug allowed hackers access to users' data. The hackers(s) behind the attack combined the flaw with a credential stuffing attack to gain access to sensitive information. The breach did not expose names, passwords, billing data or payment information. However, attackers were able to access the Humble Monthly subscription status of users. Although the data stolen by the attackers was not related to customers' personal information, it could still be used by attackers to launch phishing attacks or scams. 

The Russian cyberespionage group Fancy Bear was spotted distributing the Zekapab (aka Zebrocy) malware, using Brexit themed lures, in a new phishing campaign. The malware was used against US think tanks, government agencies, universities, political organizations, and others. The lure was also used by the hackers in another campaign that targeted NATO members, Central Asian countries and Russia's neighboring nations. 

The Syrian Electronic Army was recently found targeting the Middle East in a new campaign. The hacker group was found delivering SilverHawk - an Android spyware that is designed to create fake updates for communication apps like WhatsApp and Telegram. The group also created MS Word and YouTube fakes filled with the SilverHawk spyware. 

Numerous malicious voice communication and messaging apps on Google Play have been discovered on Google Play. These messaging platforms leverage modular downloaders to contact C&C servers, obtain payloads, and serve up fake surveys designed to steal user data. The malware exfiltrates data such as names, phone numbers and home addresses.