Cyware Daily Threat Intelligence July 27, 2018

Top Malware Reported in the Last 24 Hours
Aurora and Kardon malware loaders
Two new malware loaders have been detected - Kardon and Aurora. While Aurora can allow cybercriminals to create botnets, Kardon comes equipped with a complete botshop. These new loaders have been advertised on lower-tier Russian-language forums since March and May respectively. Researchers believe that both loaders may follow SmokeLoader's path, ending up being sold on high-end Russian cybercrime forums. 

Underminer
A new exploit kit has been discovered, name Underminer, which distributes a cryptocurrency miner called Hidden Mellifera. The exploit kit is believed to be developed by the same cybercriminals behind the 2017 browser-hijacking malware Hidden Soul. Underminer transfer a malware to infected systems via TCP tunnels. 

GZipDe malware
A new encrypted malware called GZipDe has been detected. The malware uses old macros to subvert system processes and enable backdoor device access. Users are urged to disable macros by default to protect devices from such malware.

Top Scams Reported in the Last 24 Hours
SIM swap scam
Sim swap scams, which were widespread in the US and Europe, have now become increasingly common in India. In the current cases in India, victims are asked to share their Aadhaar number and forward a text message. Most of the recipients fall for the trick and fail to realize that the scammers already have their banking details. The attackers only need access to their OTPs to gain access to victims' banking credentials. 
Users are advised to be cautious about calls on verification of any sort. 


Colorado phishing scam
A phishing campaign was discovered targeting home improvement tradespeople in Boulder County, Colorado. The phishing email purports as coming from the Boulder County Government and contains a malicious attachment that contains link leads to a compromised site containing the phishing page. The campaign is designed to harvest victims' email credentials. The site hosting the phishing page has not been taken down, so it’s possible that people could still become victims.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.