Cyware Daily Threat Intelligence October 26, 2017

See All
Top Malware Reported in the Last 24 Hours
Ursnif malware
The notorious malware uses malspam and exploit kits as its primary delivery method. Lately, it has been using malspam from financial services and payment card providers in Japan. The attachment contains a JavaScript downloader that downloads Ursnif from a remote site and executes it on the user’s machine.

Unindexed Wonder botnet
An unindexed malware, wonder botnet, that searches for specific virtualization software libraries, such as “vmGuestLib.dll” and “vmBusres.dll”. The infection starts with the execution of the “wonder.exe” file, which is the downloader of the effective payload. The downloader tries to connect to “” in order to retrieve the encoded payload. If there isn’t any internet connection, the file “wonder.exe” crashes.

AhMyth RAT code available
The malware that was discovered a few days ago is back in the news. The source code of a new Android Remote Administration Tool (RAT) known as AhMyth Android RAT is available on GitHub. The code appears to be work in progress and looks like the Beta version release.

Top Vulnerabilities Reported in the Last 24 Hours
iOS privacy loophole
Security researchers have discovered a privacy loophole in Apple's mobile firmware. iOS only allows users to enable camera access on apps at one time, giving the apps free rein to access the camera without requiring a camera light or notification. Hackers can abuse this feature to take pictures, videos or live-stream users without their permission. Users are advised to grant camera access only to the apps that genuinely need it.

Vulnerable dating apps
The popular dating apps are reportedly disclosing sensitive data either intentionally or unintentionally. The information such as Facebook identity, location data, pictures and more. A person with a malicious intent could sniff out user data using multiple methods. To remain safe, users are suggested not list their profiles in dating apps.

See Our Products In Action


    • Share this blog:
    Cyware Daily Threat Intelligence October 27, 2017
    Cyware Daily Threat Intelligence October 25, 2017
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.