Cyware Daily Threat Intelligence June 27, 2018

PLAINTEE and DDKONG Malware
Unit 42 researchers have reported a series of highly targeted attacks focused in South East Asia. These attacks are launched by a hacker group, dubbed RANCOR. The RANCOR group is extensively using previously unknown malware families, DDKONG and PLAINTEE in their attacks. These malware leverage spear phishing attacks focused primarily on political news and events in order to propagate themselves.

Windows 10 settings shortcuts abused
Researchers have discovered that the file type ‘.SettingContent-ms’ can be abused to run malicious software in systems. The file type was recently introduced in Windows 10 to create shortcuts to settings pages. These shortcuts are made up of an XML file which is easily editable and used to point users towards a malicious program. Patients' personal information compromised
A healthcare appointment booking company, HealthEngine has been sharing patients' personal information with law firms for targeted advertising. The startup reportedly gave law firms details of around of 200 clients per month between March and August 2017. Leaked information included name, date of birth, address, email address, phone number, gender, GPS location, marital status, occupation, cultural background, allergies and more.

Breach at hotel booking software
FastBooking, a hotel booking software recently revealed that it fell victim to a data breach that resulted in the loss of personally identifiable information of customers of about 1000 hotels, worldwide. The company installed new security measures and hired a third-party security company to investigate the matter.

Midland City residents lost data
A breach affected users of the online utility billing payment platform run by the City of Midland. All users who made payments between December 2017 and June 2018 are believed to be breached. Customers are advised to check their credit card account for any suspicious charges. Fortnite users targeted
Scammers are targeting Fortnite users by offering free in-game currency, V-Bucks. Between April 1, 2017 and March 31, 2018, authorities received around 35 reports of Fortnite-related fraud. Scammers are leveraging social media platforms to spread malicious links with claims to offer free in-game money. Victims of this scam get their accounts hijacked and lose sensitive information.

Homograph attacks
Hackers are using homograph attacks in order to get people to visit fake sites. In these type of attacks, hackers use multilingual character sets to trick people into thinking a particular site is genuine. Around 8,000 characters have been found by researchers that can be misused to deceive people.