Cyware Daily Threat Intelligence November 22, 2017

qkG file-encoding ransomware
Several users have encountered a few samples of file-coding ransomware variant written entirely in VBA macros called qkG. This stands out as the first ransomware to scramble one file (and file type), and one of the few file-encrypting malware written entirely in Visual Basic for Applications (VBA) macros.

Terdot trojan
The banking trojan — Terdot — which appeared on the scene as late as 2016, has since grown into a full-fledged hacking tool. It also works as a backdoor and info stealer. One of the features of Terdot is its use of legitimate services in order to read HTTPS traffic. HP enterprise printer vulnerability
Security researchers have detected a few potentially serious flaws that include path traversal flaw and code execution flaw. It allows an attacker to access the content of any print job, including PIN-protected jobs.

Excel vulnerability
A vulnerability is found in the xls_mergedCells function of libxls 1.4. It is a C library supported on Windows, Mac, and Linux which can read Microsoft Excel file format (XLS) files. An attacker can send malicious XLS file through spam email to trigger this vulnerability.

Google Tag plagued with Monero miners
CoinHive is using crypto-jackers and distributing it via Google Tag Manager. These threat actors are using this process to secretly smuggle Monero via computing power. In most of the cases, victims are not aware that certain tags are serving malware from their containers making it hard to detect and deter. Uber data breach
Hackers made away with the data of about 57 million customers and drivers from Uber Technologies Inc. This breach had been concealed by Uber for over a year. Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world.

SacRT cyberattack
Sacramento Regional Transit (SacRT) suffered a cyberattack over the weekend which wiped off millions of files from its computers and ceased the operations within California’s capital city. Companies need to increase cybersecurity training for their employees and use two-factor authentication for all sensitive products.

Saudi Arabia attacked
The authorities of the kingdom claimed that an advanced cyberattack has been attempted to disrupted government computers. The government's National Cyber Security Centre (NCSC) said the attack involved the use of "Powershell" malware. Man lost bitcoin by fake Wi-Fi
An Austrian citizen, who logged into a restaurant’s public Wi-Fi network in the city of Innsbruck, Austria, lost Bitcoins worth more than €100,000. It is believed that the network was set up by the cybercriminals who logged into his Bitcoin wallet and siphoned off the coins.

Reward points stolen
Russian cybercriminals are enjoying five-star holidays at knockdown prices using the reward points stolen from unwitting Britons. The fraudsters enjoy cheap flights, hotels, and car-hire at a discount of up to 75% from crooked travel agents on the dark web.

Telstra invoice scam
Scammers are using fake Telstra invoices for a large-scale phishing email in Australia. The cybercriminals used sophisticated HTML designs to make the email look authentic in terms of graphical elements and layout.