Cyware Daily Threat Intelligence October 26, 2017

Ursnif malware
The notorious malware uses malspam and exploit kits as its primary delivery method. Lately, it has been using malspam from financial services and payment card providers in Japan. The attachment contains a JavaScript downloader that downloads Ursnif from a remote site and executes it on the user’s machine.

Unindexed Wonder botnet
An unindexed malware, wonder botnet, that searches for specific virtualization software libraries, such as “vmGuestLib.dll” and “vmBusres.dll”. The infection starts with the execution of the “wonder.exe” file, which is the downloader of the effective payload. The downloader tries to connect to “pastebin.com” in order to retrieve the encoded payload. If there isn’t any internet connection, the file “wonder.exe” crashes.

AhMyth RAT code available
The malware that was discovered a few days ago is back in the news. The source code of a new Android Remote Administration Tool (RAT) known as AhMyth Android RAT is available on GitHub. The code appears to be work in progress and looks like the Beta version release. iOS privacy loophole
Security researchers have discovered a privacy loophole in Apple's mobile firmware. iOS only allows users to enable camera access on apps at one time, giving the apps free rein to access the camera without requiring a camera light or notification. Hackers can abuse this feature to take pictures, videos or live-stream users without their permission. Users are advised to grant camera access only to the apps that genuinely need it.

Vulnerable dating apps
The popular dating apps are reportedly disclosing sensitive data either intentionally or unintentionally. The information such as Facebook identity, location data, pictures and more. A person with a malicious intent could sniff out user data using multiple methods. To remain safe, users are suggested not list their profiles in dating apps.