Cyware Daily Threat Intelligence September 29, 2017

EITest campaign
In a recent discovery, the EITest campaign was found delivering a JavaScript (JS) cryptocurrency miner. The malicious script redirects users to compromised websites and asks money for phony tech-support services provided for a fake malware infection. Users should be advised to deploy sophisticated antimalware to protect against this phishing campaign.

CMSTAR malware
Recently, a group of researchers has found that a series of phishing emails containing updated versions of CMSTAR malware family are targeting Belarus government institutions. Most of these malicious emails contain the subject line: Zapad 2017 (translated into English). Users should be careful when clicking on unknown email links.

Linux.ProxyM
The mass spam sending capabilities of the Linux-based Trojan Linux.ProxM has significantly improved over the time. The Linux.ProxyM Trojan runs a SOCKS proxy server on an infected IoT device and is capable of detecting honeypots to stay hidden from malware researchers. You should use a reliable security solution to stay protected from the Trojan. Smart home systems flaw
The popular smart home systems Wink’s Hub 2 and Insteon’s Hub are plagued with a number of critical vulnerabilities. Hackers could exploit these flaws to gain control over the system and steal sensitive information and credentials from the users. Users should ensure they use full-disk encryption of mobile devices as these issues are yet to be addressed by the vendors.

IE bug
The vulnerability where it allows malicious apps to view what users type in their address bar of their Internet Explorer browser. It could include search keywords, website URLs etc. It can leak potentially sensitive information that a user didn't intend to reveal. In addition, it can also expose search queries and web addresses to malicious websites, the user has presumed private. Whole Foods Market breach
In a startling revelation, Whole Foods Market is suspected of suffering a data breach involving leakage of payment information of customers who dined and drank in its full-service restaurants and taprooms. Whole Foods Market becomes the latest major US retailer to be targeted by hackers seeking consumer credit card information.

Healthcare center attacked
A ransomware attack has been launched against Arkansas Oral & Facial Surgery Center. The healthcare center notified 128,000 patients whose personal information may have been compromised. The exposed information includes patients’ name, address, contact number, email address, Social Security Numbers and medical insurance data. Imaging files like X-rays and other documents were impacted too. Taboola scam
One of the leading content discovery platforms, Taboola, is found to be laced with clickbait links at the end of the sponsored stories. Usually, after a story is read by scrolling down, there are several suggestions with the caption “You may like”. However, about 26 percent of those links are found to be clickbait.

Information theft
The metadata of the photos that you post publicly on the social media might reveal excessive personal information than you intended to. By simply sifting through public images, cybercriminals can build a pretty accurate dossier on a target, complete with key personal dates, information about friends and colleagues, pets’ names, computer model, and more. To be safe, you need to disable permissions of the apps to access the metadata.