Cyware Daily Threat Intelligence October 24, 2018

Top Malware Reported in the Last 24 Hours

SearchAwesome
A newly discovered Mac malware dubbed OSX.SearchAwesome is capable of injecting malicious scripts, keylogging and cryptomining. The malware, which comes loaded in a fake app called spinstall, can also intercept encrypted web traffic to serve up ads. It can also install tools that allow attackers to conduct man-in-the-middle attacks. The Mac adware can also connect to a malicious website and download additional malware, siphon off sensitive data, and capture browsing data.

Chalubo
Chalubo is a recently discovered Linux malware that has been targeting attacks against Internet-facing SSH servers on Linux-based systems alongside IoT systems. The IoT malware contains obfuscation features and also borrows code from the Mirai and Xor.DDoS botnets. 

Malware campaign
A new malware campaign has been spotted targeting victims in Brazil. The phishing campaign drops a banking malware on targeted victims that only activates when it detects Portuguese as the language. The malware abuses two legitimate Windows files that manage certificates for the Windows operating system.

Top Breaches Reported in the Last 24 Hours

Cathay Pacific
Hong Kong-based airline Cathay Pacific suffered a massive data breach. Around 9.4 million customers' data was compromised by the breach. The firm discovered that the data was stolen by hackers. The data stolen by the hackers include passengers' names, nationality, dates of birth, phone numbers, email, addresses, passport numbers, identity card numbers, frequent flyer program membership numbers, customer service remarks, and travel histories. 

US Democratic Party data leaked
Rice Consulting, a consulting firm handling political fundraisers for the Democratic Party accidentally exposed corporate and customer data. The leaked data included databases storing voter records, which was stored on an unsecured network attached storage (NAS) device. The misconfigured NAS server contained detailed information on Rice Consulting clients, including in-depth details on thousands of past fundraisers. Exposed information included names, phones, emails, addresses, contracts, meeting notes, and more.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.