Cyware Daily Threat Intelligence October 18, 2017

WaterMiner
Recently, researchers found that a Russian hacker--known for creating game mods--had implanted a stealth cryptominer in a mod of Grand Theft Auto (GTA). The hacker behind the WaterMiner variant of XMRig goes with the alias Martin Opc0d3r. Using this malware, the hackers are mining Monero from the victims’ computers.

Chinese Backdoor
Hacker’s Door, a sophisticated remote access trojan that was seen almost a decade ago was found again recently. The trojan is believed to be managed by Chinese APT hacker group known as Winnti. The malware comprises a backdoor and a rootkit which enables it to reach the operating system’s core to access to system information.

Renewed Necurs botnet
A slew of advanced features has been added to Necurs botnet by the hacker group behind its malspam operations. The developments suggest that Necurs attackers are trying to gain operational intelligence about the performance of their campaigns. The new programs added are capable of downloading Locky and Trickbot. Oracle flaws fixed
Oracle has fixed about 250 vulnerabilities across its various products. Most of the flaws identified were exploitable in all the versions of Oracle E-Business Suite (EBS) including 11i, 12.0, 12.1, and 12.2. Some of the flaws that were fixed included high-risk flaws such as SQL injection, XSS, XML eternity attacks and privilege escalation.

ROCA vulnerability
A major security loophole has been found in the RSA keys used in Infineon Technologies-produced hardware chips. These keys are used in government-issued identity documents, during software signings, and during secure browsing. This vulnerability allows hackers to compute private parts of an RSA key. Domino’s customer data breached
Presumably, a system issue of a former supplier has caused the leak of personal customer information which has swarmed customers’ inboxes with spam emails. Although, Domino’s Australia said there was no evidence to suggest there had been unauthorized access to its systems.

South African data breach
A massive data bank containing millions of South Africans' personal information has been found to be floating around online by a researcher who runs a popular site that tracks identity theft. He revealed this massive leak on Twitter and added that the data could have come from the deeds office as the file was titled, ‘masterdeeds’. Tricksters target Richard Branson
Recently, Sir Richard Branson--founder of Virgin Group--revealed that he has been a target of two elaborate confidence tricks. In the first trick, the trickster posed herself/himself as the defense secretary, Sir Michael Fallon, and tried to make Mr. Branson pay 5 million pounds. In the second one, a fraudster posed as Sir Richard Branson and swindled $2 million from his business associate.

FBI warns businesses
FBI Chicago has issued warnings for the area business owners who find themselves to be a target of the Business Email Compromise (BEC) scam. These scams have already cost $5 billion to the business community. Business owners are requested to immediately contact their banks should they be a victim of such a scam.