Cyware Daily Threat Intelligence February 11, 2019

Share Blog Post

Top Breaches Reported in the Last 24 Hours

Instagram data compromised
Sensitive data of over 14 million Instagram users have been found in an unsecured database. The database in question is physically located in the UK. The data believed to be exposed includes users’ profile names, stored links to profile pictures and their Instagram ID. 

Malware-laden phishing campaign
Hackers are leveraging a malware-laden phishing campaign to target anti-laundering officers at the US Credit Unions. It is believed that scammers are using the campaign to steal non-public data of the officers working in the National Credit Union Administrators (NCUA). Specially crafted emails that claim to put the money transfer on hold for suspected money laundering, are used for the campaign. 

OkCupid accounts hacked
OkCupid, a popular dating site, has suffered an account takeover attack. This has affected the accounts of some users. The number of users affected in the attack is unknown. Meanwhile, the firm has denied experiencing any breach.

Top Malware Reported in the Last 24 Hours

Qealler malware
A new JAR-based info stealer malware called Qealler has been discovered by researchers. It is a highly obfuscated Java loader that deploys a Python credential harvester. The malware also has a directory named QaZaqne - which is a custom version of the open source project called LaZagne. LaZagne is used to capture lots of passwords stored on a local computer.

KORKERDS variant
Researchers have discovered a new cryptomining malware that removes a large number of known Linux coin miners to reserve all the host system resources for itself. The script uses code from KORKERDS and Xbash. The new malware uses crontabs commands to download and execute more malicious code.

Malicious bus navigation apps
Security researchers have discovered malicious codes in four Android bus apps used in South Korea. They are named as Daegu, Gwangju, Jeonju, and Changwon. The apps are available on the Google Play Store since 2013. It has been found that the malicious codes were planted during the regular updates in August, last year.

Top Vulnerabilities Reported in the Last 24 Hours

Security patch for Ubuntu 
Canonical has released a new kernel update for Ubuntu 18.10 (Cosmic Cuttlefish) and Ubuntu 18.04.1 LTS (Bionic Beaver) systems. This security update will address a regression introduced by the last kernel security patch released earlier this month. The last update had introduced a regression that could prevent systems with certain graphics chipsets from booting.

KeySteal Zero-Day
A PoC code for a zero-day called KeySteal has been published recently. The flaw in question can be exploited by attackers using a malicious app to steal passwords from Apple's Keychain password manager. The passwords under threat include those for bank websites, Amazon, Netflix, Slack, and other apps. If any user is using iCloud Keychain, password synced across iPhones and Macs may also be in trouble.

 Tags

kernel update
qealler malware
xbash malware
malware laden phishing campaign
korkerds

Posted on: February 11, 2019

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!