Go to listing page

Cyware Daily Threat Intelligence, September 30, 2019

Cyware Daily Threat Intelligence, September 30, 2019

Share Blog Post

The cybersecurity landscape is full of surprises, especially when it comes to new malware and attack methods. Lately, security experts have identified two new attack methods that could be used to exfiltrate users’ data. The newly discovered attack methods are ‘PDFex’ and ‘WIBattack’. While the former leverages desktop and web PDF viewer apps, the latter makes use of Wireless Internet Browser (WIB) apps that are running on SIM cards.

The new malware that were discovered in the past 24 hours are Arcane Stealer V and Linux/AirDropBot. The Arcane Stealer V is a new information-stealing trojan that is capable of stealing a variety of user and system information. It can also capture instant-messaging sessions from Telegram, Discord, and Pidgin. On the other hand, Linux/AirDropBot is a variant of the infamous Mirai botnet that has been built to infect systems with embedded Linux OS platform.

Top Breaches Reported in the Last 24 Hours

Zynga Inc. suffers a data breach
The infamous Gnosticplayers hacker has hacked the popular mobile social game company Zynga Inc. to steal over a million ZyngaWords with Friends’ gamers’ data. The data breach has affected all Android and iOS game players who installed and signed up for the ‘Words with Friends’ game on and before September 2, 2019.

Tomo affected in a breach
Tomo Drug Testing (Tomo) has admitted to a data breach wherein an unknown third-party gained access to a database containing customer information. Tomo is providing notice of the breach to potentially impacted individuals and certain regulators. The incident occurred between April 23 and May 9, 2019, after an unauthorized actor gained remote access to Tomo’s system.

Cyberattacks on defense contractors
Defense contractors Rheinmetall AG and Defence Construction Canada (DCC) were hit this month by cyberattacks that impacted and disrupted their information technology systems. As a result of attacks, several production processes of Rheinmetall AG are currently experiencing significant disruption. On the other hand, the cyberattacks on DCC have affected its computing systems.

Top Malware Reported in the Last 24 Hours
PDFex attack
German academics have developed a new attack that can allow attackers to steal data from encrypted PDF files, sometimes without user interaction. Dubbed PDFex, the attack has two variants and has been successfully tested against 27 desktop and web PDF viewers. This also includes popular software such as Adobe Acrobat, Foxit Reader, Evince, Nitro, and Chrome and Firefox's built-in PDF viewers.

New SIM card attack
A new variant of SIM card attack method could expose millions of mobile phones to remote hacking. Named ‘WIBattack’, the attack method involves sending specially crafted SMS messages to targeted mobile phones. For this, the attackers have to leverage Wireless Internet Browser(WIB) apps that are running on SIM cards.

A new IoT botnet called Linux/AirDropBot has been uncovered by researchers. It is the latest variant of Mirai botnet. The botnet has been built to infect systems with embedded Linux OS platform.

Arcane Stealer V
A new sample information-stealing malware tracked as Arcane Stealer V is being sold for just $9 on the dark web. The malware is available as a graphical user interface (GUI) on the dark web. The malware’s abilities include collecting various data from victims including operating systems, browser information, and cryptocurrency wallets. It can also capture instant-messaging sessions from Telegram, Discord, and Pidgin.

Masad Stealer
A new piece of spyware called Masad Stealer has been found using Telegram to exfiltrate sensitive user information. The stolen data is up for sale on the black market. Once installed, the Masad Stealer is capable of collecting information stored on the system such as browser passwords, autofill browser field data and desktop files. The spyware also automatically replaces cryptocurrency wallets from the clipboard with its own.

Top Vulnerabilities Reported in the Last 24 Hours

Exim patches a critical flaw
Exim maintainers have released an urgent security update - Exim version 4.92.3 - to fix a critical vulnerability. The flaw, identified as CVE-2019-16928, affects all versions of email server software from 4.92 to 4.92.2. It could allow remote attackers to cause a denial of service condition or execute arbitrary code on a targeted Exim mail server using specially crafted line in the EHLO command with the rights of the targeted user. A PoC for the vulnerability has also been released to the public.


arcane stealer v
masad stealer
zynga inc

Posted on: September 30, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.