Cyware Daily Threat Intelligence March 09, 2018

Memcached kill switch
A kill switch has been released by security researchers to counteract the Memcached vulnerability. It works by sending a ‘flush_all’ counter-measure back to an attacking server to suppress the DDoS exploitation, making potentially malicious payload, useless.

Dark Caracal campaign
A global malware campaign, called Dark Caracal, has been found infecting mobile devices in more than 20 countries. The campaign spread itself using fake apps that imitate legitimate ones and ask users for permissions to access sensitive data.

Fake virus alert
A week ago, a report has been released that more than 40 Android phones manufactured by companies based in China has malware pre-installed into the firmware. However, the Chinese company LEAGOO, has come forward with an explanation that the alerts were false detections caused by certain APKs. There's no need for panic. Campaign hacked
The leading Democratic candidate for Senate in Tennessee, Gov. Phil Bredesen's campaign was hacked. Emails asking for money from an address that was almost identical to the address of the campaign's media buyer were sent to the campaign. It's unclear who may be behind the hack.

NRA websites among top targeted
A recent report released by Qihoo 360's Network Security Research Laboratory (Netlab), three official US National Rifle Association (NRA) domains--nra.org, nrafoundation.org, and nracarryguard.com--were found to be most targeted by the memcached-based DDoS attacks.
Top targets also include Chinese portals QQ.com and 360.com and US tech giants, Google and Amazon.