Share Blog post
The malicious author behind the Retefe banking Trojan has added a new component to their malware that uses the NSA exploit the EternalBlue vulnerability (CVE-2017-0144), adopting SMBv1 attack. It spreads through spam emails containing malicious Microsoft Office documents.
BankBot strikes back
The infamous malicious Android banking Trojan, BankBot, is in a new avatar. It has now appeared in a form of the game “Jewels Star Classic” on Google Play store. When an Android user downloads the “Jewels Star Classic” app, they do get a fully functional Android game. But behind the scene, a malicious code is initiated after a pre-set delay, which flashes a fake alert to enable "Google Service".
In Android phones, cybercriminals can overtake the phones and the SMS sending and receiving operations can be remotely managed. The SMS messages are typically sent without the user’s knowledge and have a fee associated with them. Users should refrain from downloading and installing applications from third-party marketplaces.
Recently, an Android malware was discovered which exploited the Dirty COW vulnerability found in Linux. There have been nearly 40 attacks mainly in India and China. This vulnerability is tracked as CVE-2016-5195 and is found affecting Android devices. The way Linux’s kernel memory subsystem handles Copy-on-Write breakage of private read-only memory mappings.
Trading apps bugged
Some of the popular trading apps published in the iOS and Android app stores are found to contain several security issues. Using these flaws, hackers can sneak into user’s stock, steal their funds and spy on their net worth and investment strategies. The apps didn’t have valid encryption protection and exposed user password in clear text.
In the recent few days, the number of attacks on ATMs has risen significantly. The attacks are attributed to the systemic vulnerability present in the insecure corporate networks. To mitigate the situation, the system admins need to keep the OS, software stack and security configuration up to date, by applying timely patches.
The fast-food chain operator has detected an unusual activity regarding credit cards used at its outlets. The suspicions of the breach were first noticed at Oklahoma City-based Sonic outlet a week back. It is currently spread across 3,600 locations in the US and the potential breach could affect a significant number of its customers.
Greek Central Bank
The Greek Central Bank came into an attack from the notorious hacker group, Anonymous, which claimed that the data of the bank was hacked. Surprisingly, the bank refuted their claims and suggested that the data was already on the public domain. Around 1,217 files were supposed to have leaked which contain administrative decisions, presentations from conferences and other data.
Posted on: September 27, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...