Cyware Daily Threat Intelligence October 13, 2017

Top Malware Reported in the Last 24 Hours
DoubleLocker ransomware
The infamous ransomware DoubleLocker is distributed as a fake Adobe Flash Player through compromised websites. As soon as it is launched, the app requests activation of the malware’s accessibility service, named “Google Play Service”. After the malware obtains the accessibility permissions, it uses them to activate device administrator rights and set itself as the default Home application, without the user’s consent.

ATMii malware
Backdoor.Win32.ATMii, a new malware, has been discovered to be targeting ATMs running on Windows 7 and Windows Vista. Although, ATMii won't run on most ATMs in use today as most ATMs today use a streamlined version of Windows XP. The attacker copy dll and exe files on the ATM's storage drive and run exe.exe and injects the malicious code.

Locky variant
Locky ransomware’s ykcol code has got a new facelift from its original authors. This Locky variant was part of a September spam blast, sent through notorious Necrus botnet, targeting 3 million inboxes within a three-hour period. The Locky ransomware is amending the .ykcol extension to all encrypted files.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.