Cyware Daily Threat Intelligence September 20, 2018

Top Malware Reported in the Last 24 Hours

New Gafgyt variant spotted
Security researchers have discovered a new version of Gafgyt bot that implements the 'Non Un-Packable'(NUP) technique. The new variant was found on a system resolving the IP address owned by the Italian ISP Aruba. Once installed, the malware connects with C2 (Command and Communication) server of hackers. The communication to the server is performed using the TCP protocol through the port 1629. The server then responds back by sending a series of malicious commands. 

JPG malware campaign
Spam emails with malicious attachment disguised as a .JPG file are back to scare users. The email contains a subject that is centered on Windows 11 and contains an attachment that is named with a series of random letters and numbers. This kind of spam emails can be either from a free webmail or a forged sender.

Top Vulnerabilities Reported in the Last 24 Hours

Bitcoin code flaw
A critical flaw has been discovered in the Bitcoin core versions 0.14.0 up to 0.16.2. The flaw is dubbed as CVE-2018-1744 and can crash unpatched Bitcoin network nodes. It may also affect many Bitcoin-based cryptocurrency offshoots. In order to stay safe, users are recommended to upgrade the Bitcoin code to the latest version 0.16.3.

Faulty Handwriting recognition feature
Researchers fear that handwriting recognition feature available on the touchscreen-enabled Windows systems can pose a risk for the users. It is discovered that this feature collects and stores all the plain text and email information in a file named WaitList.dat. This file can become one-stop-shop for attackers to steal the sensitive information. An attacker can search for passwords within the WaitList.dat file by using simple Powershell commands. 

EE's Wi-Fi modem flaw patched
An update to address a local privilege escalation vulnerability in Telco EE's Mini Wi-Fi modem has been released. The bug could be used to deploy malware or steal information from Windows computers that use the kit for internet connectivity. The Kit's software needs to be updated to "EE40_00_02.00_45".

Top Breaches Reported in the Last 24 Hours

Zaif hacked
Japan-based cryptocurrency exchange, Zaif, has lost $60 million in a cryptocurrency hack that took place last week. This includes $37 million worth of 5966 bitcoins. The attack was accomplished by gaining unauthorized access to the server that managed hot wallets. After this, the hackers were able to steal three different coins-Bitcoin, Bitcoin Cash and Monacoin.

Newdex hacked
Around $58,000 worth of cryptocurrencies was stolen by hackers from Newdex, a decentralized cryptocurrency exchange. To initiate the attack, the scammers flooded the exchange with $1 billion worth of fake EOS tokens. These fake EOS were used for the illegitimate purchase of BLACK, IQ and ADD tokens from exchange service Newdex. The scammers traded this fake EOS for real EOS, gaining around 4,028 EOS coins.

Newegg data breach
Online electronics retailer Newegg is the latest victim of the Magecart threat actor group. Security researchers stated that the group had begun the attack campaign on August 14. They had created new and lookalike domain of the online store in order to avoid detection and continue the work of stealing credit data details of users.
   
Top Scams Reported in the Last 24 Hours

Netflix scam
Netflix subscribers are being warned of an email phishing scam that urges users to share their personal information. The email tells Netflix customers that their account has been deactivated because of an issue during the billing process. The scammers ask the users to update their account details by clicking on a link in order to fix the problem. Once a user clicks on the link, then he is prompted to enter his personal and financial information. The phishing link steals username, password and payment details. Netflix customers are advised to cautious about such emails that ask them to update their account details.

Scammers busted
14 people have been arrested in a fake online scam that was used to obtain $1.73 million worth of money in Hong Kong. The group has been operating since July and is responsible for at least 13 online shopping scams. The scammers pretended to be a buyer and approached the sellers for the trading of expensive items on shopping websites. They paid their victims with fake cashier's orders and used false identities for creating documents. 





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.