Cyware Daily Threat Intelligence September 4, 2018

Top Breaches Reported in the Last 24 Hours

Mortal Online
The credentials of nearly 570,000 players of the online role-playing game Mortal Online was stolen by cybercriminals and is being sold online. Mortal Online's server was accessed by hackers in June 2018. The stolen credentials were also used in a credential stuffing attack against League Of Legends players.

C&A breach
The Brazilian international fashion retail clothing chain C&A confirmed that it suffered a breach that exposed around 36,000 customers' data. Data from customers who purchased gift cards online on the website Pastebin was compromised in the breach. Exposed data includes ID numbers and email addresses, in addition to information including the amount loaded into the cards, order number, and date of purchase.

South African Labor department hack
A notorious hacker known as Paladin is back in action. He claims to have hacked into the websites of the Department of Labour and SA Express. However, the attacks against the websites only for several seconds. Both the sites are currently up and running.

Top Malware Reported in the Last 24 Hours

GlobeImposter
A new variant of the GlobeImposter ransomware has been detected and uses a high-intensity algorithm to encrypt data. The new GlobeImposter variant was found rapidly spreading across the globe. There are now around 20 variants of the GlobeImposter ransomware - all of which have popped up since June 2018. A Chinese children's hospital was among the ransomware's victims. The ransomware operators are demanding a bitcoin ransom ranging between 1 and10 bitcoins.

Hakai botnet
A new IoT botnet called Hakai has been discovered targeting D-Link, Huawei and Realtek routers, as well as IoT devices with no or weak passwords. The botnet is based on QBot (aka Bashlite, LizardStresser, and Gafgyt). Cybercriminals have already found Hakai' leaked code and created two new variants called Kenjiro and Izuku - both of which are rapidly spreading online.

WMIC
A new attack chain leveraging the Windows Management Instrumentation Command-line (WMIC) has been discovered. The multi-stage infection chain aims to steal information from Windows machines. The primary payload is capable of stealing email and browser credentials and acts as a keylogger and a backdoor.






  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.