Cyware Daily Threat Intelligence October 10, 2017

Top Malware Reported in the Last 24 Hours
Backdoor.Win32.ATMii
Cybercriminals have loaded the backdoor in a USB stick to steal money from ATM machines. All it takes is a simple code written in Visual C to steal money from an ATM. The malware is consists of two modules, an injector and a deployable malware. ATM service providers should set default-deny policies that will prevent external parties from running their code.

Crypto-Loot Monero miner
Crypto-Loot, a competitor of Coinhive, claims that running the miner on the website will go unnoticed by users if the threads are set between 2-4. The web miner runs in the background to mine Monero digital coins. Just like Coinhive, it provides a simple JavaScript file that website owners can load on their sites to mine Monero using their site visitors' CPU power.

Brazilian banking Trojan
A Brazilian banking Trojan campaign is abusing a legitimate VMware binary to trick security products into allowing malicious binaries to load. The campaign is also using multiple methods of re-direction when infecting the victims’ machines. Users are advised to cautiously open links and attachments, and not download files from unfamiliar websites.

Top Breaches Reported in the Last 24 Hours
Bots manipulated net neutrality debate
The public had been invited by the Federal Communications Commission chairman to submit comments for or against net neutrality over summer 2017. More than 80% of the comments submitted to a US regulator on the future of net neutrality were posted by bots. Only 17.4% of the comments were unique.

PornHub infected
A fake browser and Flash update alert are being used by a malvertising group nicknamed KovCoreG to trick users into installing the Kovter malware. Hackers used malvertising on adult video website Pornhub and abused the Traffic Junky advertising network. Safe browsing and sticking to reputable sites remains a good idea for all surfers.

US-South Korea war plans stolen
A treasure of classified military documents, including the joint South Korea-US wartime operational plans for conflict with Pyongyang, have reportedly been stolen by North Korean hackers. The stolen documents also include Operational Plan 5015 and 3100.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.