Cyware Daily Threat Intelligence September 28, 2018

Top Malware Reported in the Last 24 Hours

QRecorder
A new banking malware was found disguised as the QRecorder app on the Google Play Store. The malware has already been installed over 10,000 times and is capable of stealing banking credentials and can bypass SMS-based two-factor authentication. 

Phorpiex/Trik botnet 
The new Phorpiex/Trik botnet has been distributing the GandCrab ransomware, as well as the Pushdo, Pony malware variants. The botnet has also been distributing a cryptominer across the globe, including countries such as the US, Canada, Australia, and Japan. 

Torii botnet
A new botnet named Torii has been discovered that uses advanced techniques. Unlike other IoT botnets like Mirai and Hide and Seek that conduct DDoS and cryptomining attacks, Torii's motivation is yet to be discovered. Instead, the botnet leverages multiple levels of encrypted communication along with anti-analysis features to evade detection while exfiltrating data from the compromised machine.

Top Botnet Reported in the Last 24 Hours

Aspire Health breach
Aspire Health, a healthcare company offers in-home treatment in 25 US states, was hit by a data breach. An employee of the organization fell victim to a phishing attack that resulted in the attackers stealing the patients' protected health information (PHI). The hackers stole around 124 emails that contained confidential data. It is still unclear as to how many users were affected by the attack.

Arkansas businesses ransomware attack
Companies in Conway, Arkansas suffered a ransomware attack that cost the organizations thousands of dollars. The FBI is investigating the chain of attacks. The cybercriminals behind the attack have demanded a ransom from the organizations. The identity of the hackers is still unknown. A large company in Conway suffered a ransomware attack. Its in-house IT department tried to recover the document haul through the company's four backups but still lost a lot.






  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.