Cyware Daily Threat Intelligence September 27, 2017

Top Malware Reported in the Last 24 Hours
Retefe Trojan again
The malicious author behind the Retefe banking Trojan has added a new component to their malware that uses the NSA exploit the EternalBlue vulnerability (CVE-2017-0144), adopting SMBv1 attack. It spreads through spam emails containing malicious Microsoft Office documents.

BankBot strikes back
The infamous malicious Android banking Trojan, BankBot, is in a new avatar. It has now appeared in a form of the game “Jewels Star Classic” on Google Play store. When an Android user downloads the “Jewels Star Classic” app, they do get a fully functional Android game. But behind the scene, a malicious code is initiated after a pre-set delay, which flashes a fake alert to enable "Google Service".

SMS-sending Trojan
In Android phones, cybercriminals can overtake the phones and the SMS sending and receiving operations can be remotely managed. The SMS messages are typically sent without the user’s knowledge and have a fee associated with them. Users should refrain from downloading and installing applications from third-party marketplaces.

Top Vulnerabilities Reported in the Last 24 Hours
Dirty COW vulnerability
Recently, an Android malware was discovered which exploited the Dirty COW vulnerability found in Linux. There have been nearly 40 attacks mainly in India and China. This vulnerability is tracked as CVE-2016-5195 and is found affecting Android devices. The way Linux’s kernel memory subsystem handles Copy-on-Write breakage of private read-only memory mappings.

Trading apps bugged
Some of the popular trading apps published in the iOS and Android app stores are found to contain several security issues. Using these flaws, hackers can sneak into user’s stock, steal their funds and spy on their net worth and investment strategies. The apps didn’t have valid encryption protection and exposed user password in clear text.

ATM vulnerability
In the recent few days, the number of attacks on ATMs has risen significantly. The attacks are attributed to the systemic vulnerability present in the insecure corporate networks. To mitigate the situation, the system admins need to keep the OS, software stack and security configuration up to date, by applying timely patches.

Top Breaches Reported in the Last 24 Hours
Sonic breach
The fast-food chain operator has detected an unusual activity regarding credit cards used at its outlets. The suspicions of the breach were first noticed at Oklahoma City-based Sonic outlet a week back. It is currently spread across 3,600 locations in the US and the potential breach could affect a significant number of its customers.

Greek Central Bank
The Greek Central Bank came into an attack from the notorious hacker group, Anonymous, which claimed that the data of the bank was hacked. Surprisingly, the bank refuted their claims and suggested that the data was already on the public domain. Around 1,217 files were supposed to have leaked which contain administrative decisions, presentations from conferences and other data.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.