Cyware Daily Threat Intelligence September 11, 2018

Top Malware Reported in the Last 24 Hours

PyLocky 
A new ransomware called PyLocky was found targeting businesses across Europe, primarily France. The ransom notes generated by the ransomware are written in English, French, Italian, and Korean. Although the malware purports to be a variant of the Locky ransomware, the two ransomware variants are not connected in any way.

New malware persistence method
A Norwegian security researcher recently discovered a new trick that can allow malware to achieve persistence leveraging Windows Universal Platform Apps (Appx/UWP). This method allows malware to persist in the infected systems even after reboots. This new process abuses the Windows Registry and tricks Windows users into running a malware’s process after a boot-up.

Big Bang malware campaign
The Big Bang threat group was spotted conducting a new surveillance campaign using a new modular malware. The malware is capable of taking screenshots of the system and sending it to the C2 server, steal files containing certain extensions, reboot systems and destroy executables. 

Top Breaches Reported in the Last 24 Hours

EOS betting app 
EOS betting app DEOSBet was hit by a hacker, which led to the app paying out 24 times to the same user. The hacker collected around 339 EOS at the start of the game and finished up with over 4,700 EOS, which is currently valued at around $24,000. The payouts were apparently automatic, happening just 30 seconds after the bets were placed. EOS eventually detected the hack and fixed the code to ensure that no more payouts were made.

Park by Phone breach
The Cork City council confirmed that its "Park by Phone" service suffered a data breach that affected over 5,000 people. The cybercriminals behind the attack likely accessed personal data such as car registration numbers, email addresses, and mobile phone numbers. However, there is no evidence of any personal bank account or credit or debit card details, account balances, and passwords have been compromised. 




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.