Cyware Daily Threat Intelligence September 25, 2018

A new malware dubbed iTranslator has been discovered by security experts. The malware can remotely control Windows systems and monitor victims' Internet activities. Experts believe this malware serves as a man-in-the-middle attack (MiTM) on the victim’s system. Experts have found one way to delete the malware. Users should restart their systems in safe mode and delete a number of files and folders. This includes ‘%WINDR%\iTranslator’ folders and other similar ones. 

A new phishing campaign has been discovered, which has compromised an unnamed university’s emails to target other companies. The hackers could bypass the third-party filters as they had used legitimate email ids. The spam emails can contain links to malware such as ransomware, Trojans, cryptocurrency miners, or other malware.  

A new spam campaign is pushing the Adwind RAT 3.0 and targeting Turkey. The malware can trick antivirus software to infect Windows, Linux and Mac OSX systems. Attackers were found using forged MS Office documents. Some targets are also located in Germany. 

A denial of service (DoS) attack hit Minnesota-based Infinite Campus - a third-party online services provider. Multiple school districts are reportedly suffering the impact of the DoS attack. District residents may be unable to reliably use services such as the Parent Portal. This is the portal through which teachers, parents, and students can access information such as grades, class schedules and school notifications. The Homeland Security is investigating the cyber attack.

Chinese police arrested 21 suspects in connection to the data theft at Alibaba’s delivery arm. The data theft saw hackers steal over 10 million users data from Cainiao Network, the delivery arm of Alibaba’s Taobao e-commerce platform. The compromised data includes usernames, phone numbers, and parcel tracking numbers. The Chinese police was told a few months earlier that barcode scanners used in its distribution stations had been infected with malware. This malware transferred the collected data to remote cloud servers.