Cyware Daily Threat Intelligence, November 26, 2019

Share Blog post

In a world that's growing increasingly digital, card-skimming attacks, also known as Magecart attacks, poses a big threat to online retailers. As these attacks continue to grow day-by-day, researchers have disclosed the modus operandi of a new threat group called ‘Fullz House’. The group has been found using both phishing and web skimming attacks in order to maximize their profits. As a part of its operation process, the group sells the stolen ‘Fullz’ information on its store ‘BlueMagicStore’. The ‘Fullz’ here indicates an individual’s personally identifiable information and banking data.

The past 24 hours also saw major details emerging related to a new strain of mobile banking trojan called Ginp. The malware which was first observed in early June has undergone several modifications over the past five months. To date, researchers have uncovered three different iterations of the malware. The third, which is the latest version of Ginp, borrows its source code from Anubis banking trojan.

Top Breaches Reported in the Last 24 Hours

Church’s Chicken restaurant breached
At least 160 Church’s Chicken restaurants across 11 U.S states have been impacted in a breach that involved unauthorized access to payment processing systems. The attackers behind the breach may have stolen payment card numbers, cardholder names, and expiration dates. The company has notified payment card networks and credit monitoring agencies.

NYPD fingerprint database attacked
The New York City Police Department’s fingerprint database was hit with ransomware in October 2018. The incident had affected initially affected 23 police computers linked to the LiveScan fingerprint tracking system. The attack was brought to notice by a third-party vendor who was installing video equipment at the NYPD’s police academy.

Vistaprint security breach
An unprotected database belonging to online printing giant Vistaprint had exposed calls, chats, and emails of over 51,000 customers. The exposed data also included personally identifiable information such as names and contact information of customers. Upon being notified, Vistaprint took the leaky database offline.

Top Malware Reported in the Last 24 Hours

Fullz House operation decoded
A new report related to the modus operandi of Fullz House has come to notice. The group has been found operating an underground trading post called ‘BlueMagicStore’ which sells full packages of information including both Personally Identifiable Information (PII) and stolen banking data. The attackers usually mimic the PayPal payment transactions on fraudulent domains to launch card skimming attacks.

Ginp trojan
A new strain of mobile banking trojan called Ginp has been found collecting login credentials and credit card details. The malware was first detected in June, disguised as Adobe Flash Player. It was used to target users in Spain and the U.K. Until now, researchers have uncovered three versions of the malware. The third iteration of Ginp includes code from Anubis banking trojan.

Dropbox phishing scam
The Dropbox phishing scam has been doing the rounds on the internet. It all starts with recipients receiving a phishing email that claims to include an important document. The email looks a lot like an official Dropbox email and has a link to access the document. Once the victims click on the link, it redirects them to a phishing page that looks almost exactly like an actual Dropbox login page.

Top Vulnerabilities Reported in the Last 24 Hours

Y2K bug
Documentation for Splunk Enterprise has warned that a patch needs to be applied before January 1, 2020, for the platform to recognize timestamps for events with a two-digit year. The issue is that the unpatched version of the file can extract two-digit years up to 2019, thereby treating 2020 as an invalid timestamp year.

Vulnerable Fortinet products
A security issue has been uncovered in several security products from Fortinet that use a weak encryption cipher and cryptographic keys for communication. The issue tracked as CVE-2018-9195 affects FortiOS versions of before 6.0.7 or 6.2.0, FortiClient for Windows versions before 6.2.0, and FortiClient for Mac versions before 6.2.2. An attacker can exploit the flaw to eavesdrop on user traffic and manipulate it.

Top Scams Reported in the Last 24 Hours

Romance scam explained
Social catfish, an online dating investigation service, has shared an actual playbook provided by a Nigerian dating scam ring. This playbook which provides an actual insight into how these scammers operate, reveals that most of the romance scams originate on dating sites like, although it can also pop up from social networks like Facebook and Instagram. They create profiles of attractive people, typically stolen from other online profiles. Once these scammers manage to find their target, they pursue them to share their contact details to communicate on WhatsApp or Google Hangout. Ultimately, such scams are aimed at luring victims into making a fraudulent wire transfer.


fullz house
romance scam
new york city police
ginp trojan

Posted on: November 26, 2019

Get the Daily Threat Briefing delivered to your email!

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!