Cyware Daily Threat Intelligence September 28, 2018

A new banking malware was found disguised as the QRecorder app on the Google Play Store. The malware has already been installed over 10,000 times and is capable of stealing banking credentials and can bypass SMS-based two-factor authentication. 

The new Phorpiex/Trik botnet has been distributing the GandCrab ransomware, as well as the Pushdo, Pony malware variants. The botnet has also been distributing a cryptominer across the globe, including countries such as the US, Canada, Australia, and Japan. 

A new botnet named Torii has been discovered that uses advanced techniques. Unlike other IoT botnets like Mirai and Hide and Seek that conduct DDoS and cryptomining attacks, Torii's motivation is yet to be discovered. Instead, the botnet leverages multiple levels of encrypted communication along with anti-analysis features to evade detection while exfiltrating data from the compromised machine.

Aspire Health, a healthcare company offers in-home treatment in 25 US states, was hit by a data breach. An employee of the organization fell victim to a phishing attack that resulted in the attackers stealing the patients' protected health information (PHI). The hackers stole around 124 emails that contained confidential data. It is still unclear as to how many users were affected by the attack.

Companies in Conway, Arkansas suffered a ransomware attack that cost the organizations thousands of dollars. The FBI is investigating the chain of attacks. The cybercriminals behind the attack have demanded a ransom from the organizations. The identity of the hackers is still unknown. A large company in Conway suffered a ransomware attack. Its in-house IT department tried to recover the document haul through the company's four backups but still lost a lot.