Cyware Daily Threat Intelligence September 7, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

Chainshot
A new malware called Chainshot was discovered by security researchers by cracking the 512-bit RSA key. The malware is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. Using Factory as a Service (FaaS), researchers were able to calculate the decryption key and access the Chainshot malware. Chainshot is capable of collecting system information and sending it to the attacker-controlled C2 server.

Necurs drops FlawedAmmyy RAT
The recent Necurs botnet spam campaign is leveraging weaponized IQY files and distributing the FlawedAmmyy RAT. Five difference Necurs campaigns have distributed over 780,000 spam emails that contained malicious URLs. These malicious URLs, in turn, led to the FlawedAmmyy RAT being downloaded onto the victims' PC. The 780,000 spam emails distributed by the Necurs botnet operators were sent over a period of a month and a half. Some of these emails were designed to look like unpaid invoices. This is a common trick to lure victims into accessing the URL inside the malicious IQY files. 

Top Breaches Reported in the Last 24 Hours

British Airways hacked
British Airways confirmed that it suffered a massive breach that involved cybercriminals stealing the payment card details of 380,000 customers. The breach occurred on its website and mobile booking app between August 21 and September 5 this year. The Airlines stated that passport information and travel details have not been compromised.

?West Africa fraud cartel
The Irish police are investigating a West African fraud cartel that allegedly stole 15 million Euros and is controlling 300 bank accounts. Police conducted raids across five counties, recovering numerous laptops and financial documents. The criminals set up fake online identities as employees of a legitimate trading company. Most of the money is laundered internationally across several bank accounts to make it untraceable. 

mSpy data leak
mSpy, a major mobile spyware-as-a-service provider, exposed the personal and sensitive data of millions of its customers online. The compromised data include passwords, call logs, text messages, contact, notes, location data, and Apple iCloud usernames and authentication tokens. The data leak was caused by a database that was left publicly open on the internet.  


 Tags

chainshot malware
mspy
necurs
british airways hacked
flawedammyy rat

Posted on: September 07, 2018



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.