Cyware Daily Threat Intelligence October 23, 2018

Top Malware Reported in the Last 24 Hours

Godzilla Loader
Godzilla Loader is a newly discovered malware downloader that is currently being sold on the dark web for $500. The malware's authors have been continually adding new features to make it stand out among its competitions. Godzilla Loader does not contain any payloads. Instead, it downloads payloads from a remote server. Godzilla loader comes with a built-in UAC bypass, which allows attackers to specify whichever executable they want, and run that executable with administrator privileges. The latest major version of Godzilla includes a full plugin Ecosystem including a propagation module, keylogger module, and password-stealing module.

Kraken Cryptor 2.0.6
The cybercriminals behind Kraken Cryptor ransomware just released version 2.0.6. The ransomware is being distributed via the Rig exploit kit and via malvertising campaigns. In this version, new features allow the ransomware operator to better monitor the infection rate and its success. The ransomware developer can use the IPlogger[.]com site to check the stats on the number of victims who connected to the shortened URL. So far, the ransomware has been able to infect 217 victims across the world.

Top Breaches Reported in the Last 24 Hours

Davos in the Desert
Cybercriminals reportedly defaced the website of the Future Investment Initiative (FII) - the annual Saudi investment forum, also known as the "Davos in the desert". The FII's website was shut down after some users were redirected to a protest statement that included an image of Saudi crown prince Mohammed bin Salman allegedly executing Washington Post columnist Jamal Khashoggi. So far, no hacktivist group or individual hacker has claimed responsibility for the attack. 

Ransomware attack
California-based National Ambulatory Hernia Institute suffered a ransomware attack that compromised 15,974 patients' records. The compromised data includes patients' names, addresses, dates of birth, Social Security Numbers, diagnosis details, and appointment dates and times. It is still unclear as to the scale of the attack. The attack was related to the email address Glynnaddey@aol[.]com. Experts believe this email is associated with the Gamma ransomware. The healthcare organization is currently investigating the attack and has also moved all their data to an off-site server.






  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.