Cyware Daily Threat Intelligence, November 02, 2020

Share Blog Post

Investigation on a recent cyberespionage campaign associated with the North Korea-based Kimsuky threat actor group has led to the discovery of a new malware suite called ‘KGH.’ The malware, which spreads via a weaponized Word document, includes spyware modules and is being used to target COVID-19 vaccine makers.

Talking about the abuse of legitimate services, phishers have been found exploiting a feature in Google Drive to create a push notification in an attempt to redirect users to malicious scam websites. Most of these websites include fake prizes, deals, and cash prizes.

Top Breaches Reported in the Last 24 Hours

JM Bullion hacked
Precious metals online retailer JM Bullion has disclosed a data breach that occurred between February 18 and July 17. The site was hacked to insert malicious scripts that stole customers’ credit card information. The attack type is classified as a Magecart attack as the malicious script stole payment card details of customers. data breach 
Personal data of 2.8 million eatigo account holders were accessed by unauthorized attackers in a data breach. According to the notification, eatigo revealed that the compromised information dated back to 2019 and included names, email addresses, and phone numbers of customers.

GPI hacked
The REvil ransomware gang has claimed its attack on Gaming Partners International (GPI). The attackers have stolen information from the firm’s systems before encrypting it. The gang also published some screenshots that include directories and files from the systems.

Top Malware Reported in the Last 24 Hours

Wroba trojan
Researchers have uncovered a new wave of Wroba trojan attacks that target smartphone users in the United States. The attack, which affects both iOS and Android devices, involves attracting users by notifying them of a parcel arrival through a text message. It includes a link that redirects victims to a malicious site that shows an alert saying the user’s browser is out of date and needs an update. Once the victim clicks the ‘OK’ button, it causes the download of a malicious app.

New KGH malware
KGH is a new malware associated with the Kimsuky group. The malware spreads via weaponized Word documents in phishing emails. It is designed to drive information-stealing attacks against COVID-19 vaccine makers and other targets.

Top Vulnerabilities Reported in the Last 24 Hours

WordPress patches RCE bug
WordPress has released an update to patch 10 security bugs, including a high-severity RCE flaw. It can allow a remote attacker to take over a targeted website via a narrowly tailored DoS attack. Four of these flaws are rated as medium risk.

Top Scams Reported in the Last 24 Hours

Google Drive abused
In a new scam observed by researchers, phishers are abusing a feature in Google Drive to create a push notification in an attempt to trick users into visiting malicious websites. The notification is sent in Russian and English language and includes documents that contain links to scam websites. Most of these websites include fake prizes, deals, and cash prizes.


wordpress site
jm bullion
google drives
gaming partners international gpi

Posted on: November 02, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!