Cyware Daily Threat Intelligence September 7, 2018

Top Malware Reported in the Last 24 Hours

Chainshot
A new malware called Chainshot was discovered by security researchers by cracking the 512-bit RSA key. The malware is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. Using Factory as a Service (FaaS), researchers were able to calculate the decryption key and access the Chainshot malware. Chainshot is capable of collecting system information and sending it to the attacker-controlled C2 server.

Necurs drops FlawedAmmyy RAT
The recent Necurs botnet spam campaign is leveraging weaponized IQY files and distributing the FlawedAmmyy RAT. Five difference Necurs campaigns have distributed over 780,000 spam emails that contained malicious URLs. These malicious URLs, in turn, led to the FlawedAmmyy RAT being downloaded onto the victims' PC. The 780,000 spam emails distributed by the Necurs botnet operators were sent over a period of a month and a half. Some of these emails were designed to look like unpaid invoices. This is a common trick to lure victims into accessing the URL inside the malicious IQY files. 

Top Breaches Reported in the Last 24 Hours

British Airways hacked
British Airways confirmed that it suffered a massive breach that involved cybercriminals stealing the payment card details of 380,000 customers. The breach occurred on its website and mobile booking app between August 21 and September 5 this year. The Airlines stated that passport information and travel details have not been compromised.

?West Africa fraud cartel
The Irish police are investigating a West African fraud cartel that allegedly stole 15 million Euros and is controlling 300 bank accounts. Police conducted raids across five counties, recovering numerous laptops and financial documents. The criminals set up fake online identities as employees of a legitimate trading company. Most of the money is laundered internationally across several bank accounts to make it untraceable. 

mSpy data leak
mSpy, a major mobile spyware-as-a-service provider, exposed the personal and sensitive data of millions of its customers online. The compromised data include passwords, call logs, text messages, contact, notes, location data, and Apple iCloud usernames and authentication tokens. The data leak was caused by a database that was left publicly open on the internet.  




  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.