Cyware Daily Threat Intelligence, July 15, 2019

See All
The past 24 hours witnessed multiple security issues associated with popular messaging apps such as WhatsApp and Telegram. In one instance, both the apps were found to be vulnerable to a newly discovered flaw named ‘Media File Jacking’. In another incident, a threat actor had published unofficial versions of the apps named as ‘MobonoGram 2019’ and ‘Whatsgram’. While the ‘Media File Jacking’ flaw could allow attackers to manipulate and expose private video and images of users, the malicious apps were used to load malicious sites.

A flaw in Instagram that allowed a remote attacker to take complete control of any accounts was also patched in the past 24 hours. The vulnerability resided in the ‘password recovery’ feature of the mobile version of Instagram.

With ransomware attacks making it difficult for counties to recover their encrypted files, paying the ransom appears as a last resort for these entities. Lately, LaPorte County, Indiana, has paid $130,000 to recover its data from a ransomware attack that occurred on July 6, 2019. The decision of paying the ransom was taken after the FBI could not restore the encrypted files. 

Top Breaches Reported in the Last 24 Hours

PCHC affected in AMCA data breach
Penobscot Community Health Center is also one of the victims of AMCA data breach. The incident has affected around 13,000 patients. The personal information compromised in the data breach includes patients’ names, birth dates, and other medical information. For some, credit card information may also have been contained in AMCA’s systems. PCHC has begun notifying the affected patients from July 12, 2019.

LaPorte County pays ransom
LaPorte County, Indiana, has paid $130,000 to recover its data from a ransomware attack that occurred on July 6, 2019. The decision of paying the ransom was taken after the FBI could not restore the encrypted files. It is speculated that Ryuk ransomware was used in the attack.  

Gila County hit by ransomware
Gila County’s email and phone systems were apparently infected by ransomware on July 2, 2019. This had impacted the county’s government operations. However, the officials took the matter seriously and have restored most of its online services in a week. 

Top Malware Reported in the Last 24 Hours

Decryptor for Ims00rry ransomware
Emsisoft has released a free new decryptor to decrypt files encrypted by Ims00rry ransomware. The ransomware uses AES-128 algorithm to encrypt files on victims’ machines. However, it does not append any extensions to filenames of the encrypted files. Instead, it adds the text ‘—shlangan AES-256—’ in the files’ content. The malware authors ask the victim to contact them through the Telegram account @Ims00rybot. 

MobonoGram 2019 and Whatsgram apps
Security researchers have uncovered two malicious apps ‘MobonoGram 2019’ and ‘WhatsGram’ that were being distributed via Google Play Store. Both malicious apps were created to load malicious sites secretly and exhibited similar characteristics. The MobonoGram 2019 app had about 100,000 downloads and was used to deliver a malware named ‘Android.Fakeyouwon’.   

Malicious PureScript npm installer
A PureScript npm installer was found with malicious code inside its packages. The code would sabotage the installer from running successfully in the system. It was present in two npm packages. 

16Shop phishing kit
A phishing kit named 16Shop is being used in the wild to target Amazon account holders. Cybercriminals have created more than 200 fake URLs of Amazon with an aim to collect login information from customers. The kit includes a local blacklist, which blocks certain IP addresses from accessing the website. 

Top Vulnerabilities Reported in the Last 24 Hours

Instagram flaw
Instagram was found vulnerable to a critical security flaw which could allow attackers to reset passwords for any Instagram account and take complete control of it. The vulnerability resided in the ‘password recovery’ feature of the mobile version of Instagram. A proof-of-concept has been released by a security researcher.

WhatsApp and Telegram flaw
WhatsApp and Telegram are vulnerable to a newly discovered flaw named ‘Media File Jacking’. The flaw stems from how media files are stored on these messaging apps. The misuse of the flaw can even allow an attacker to manipulate sensitive information such as personal photos, videos, corporate documents, invoices and voice memos.   

Top Scams Reported in the Last 24 Hours

Online bank fraud
Saudi banks are warning customers about a new fraud that tricks users into sharing their personal information. The scammers are sending phishing emails that appear to come from banks. The email bears the bank logos and asks users to update their bank accounts. Users have been urged not to update bank accounts in response to such fraudulent email messages. Telecom providers have also urged customers to ignore any calls that ask them to share their personal details.   




  • Share this blog:
Previous
Cyware Daily Threat Intelligence, July 16, 2019
Next
Cyware Daily Threat Intelligence, July 12, 2019
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.