Cyware Daily Threat Intelligence October 10, 2017

Backdoor.Win32.ATMii
Cybercriminals have loaded the backdoor in a USB stick to steal money from ATM machines. All it takes is a simple code written in Visual C to steal money from an ATM. The malware is consists of two modules, an injector and a deployable malware. ATM service providers should set default-deny policies that will prevent external parties from running their code.

Crypto-Loot Monero miner
Crypto-Loot, a competitor of Coinhive, claims that running the miner on the website will go unnoticed by users if the threads are set between 2-4. The web miner runs in the background to mine Monero digital coins. Just like Coinhive, it provides a simple JavaScript file that website owners can load on their sites to mine Monero using their site visitors' CPU power.

Brazilian banking Trojan
A Brazilian banking Trojan campaign is abusing a legitimate VMware binary to trick security products into allowing malicious binaries to load. The campaign is also using multiple methods of re-direction when infecting the victims’ machines. Users are advised to cautiously open links and attachments, and not download files from unfamiliar websites. Bots manipulated net neutrality debate
The public had been invited by the Federal Communications Commission chairman to submit comments for or against net neutrality over summer 2017. More than 80% of the comments submitted to a US regulator on the future of net neutrality were posted by bots. Only 17.4% of the comments were unique.

PornHub infected
A fake browser and Flash update alert are being used by a malvertising group nicknamed KovCoreG to trick users into installing the Kovter malware. Hackers used malvertising on adult video website Pornhub and abused the Traffic Junky advertising network. Safe browsing and sticking to reputable sites remains a good idea for all surfers.

US-South Korea war plans stolen
A treasure of classified military documents, including the joint South Korea-US wartime operational plans for conflict with Pyongyang, have reportedly been stolen by North Korean hackers. The stolen documents also include Operational Plan 5015 and 3100.