Cyware Weekly Cyber Threat Intelligence August 27 - 31, 2018

The Good

• Instagram introduced three primary features this week, aimed at boosting its security and transparency. The features will allow users to better verify the authenticity of accounts that have a large following, use third-party apps such as Google Authenticator for two-factor authentication and apply to obtain the coveted blue tick for their accounts.
• The US government charged 20-year-old Kenneth Schuchman over his alleged involvement with the Satori botnet.  Schuchman has been charged with two counts of violating the U.S. Computer Fraud and Abuse Act and is believed to be the online persona Nexus Zeta who is believed to have operated Satori.
• Germany has announced the creation of a new DARPA-like federal agency that will be tasked with creating cutting-edge technologies. The new agency will be responsible for creating new tech that will advance the nation’s cyber defensive capabilities.
• A hacker that stole and leaked personal photos of Jennifer Lawrence and other Hollywood A-listers, has been sentenced to eight months in prison. George Garofano, 26, was accused of illegally hacking the private Apple iCloud accounts of 240 people.

The Bad

• Brazilian cryptocurrency investment platform Atlas Quantum was hit by hackers that affected 261,000 customers. The attackers stole information such as included customers names, phone numbers, email addresses, and account balances.
• Chinese hotel chain - Huazhu Hotels Group Ltd. - suffered a breach earlier this month. The breach resulted in the personal data of 130 million of its customers ending up on the dark web. The stolen data was found being peddled on a Chinese dark web forum for 8 bitcoins.
• ABBYY, the optical character recognition software provider, inadvertently exposed over 200,000 highly sensitive corporate documents. The breach was caused by an unprotected MongoDB database that contained over 142GB of sensitive data.
• Air Canada suffered a data breach that may have compromised the personal data of around 20,000 of the airline’s mobile app users. The exposed data likely included users’ names, email addresses and phone numbers. The airline said that it discovered the breach between August 22 to 24 after the company noticed unusual login behavior on its mobile app.

New Threats

• BusyGasper is a newly discovered Android spyware that comes with features such as the ability to detect motion, keylog and steal data. Although BusyGasper is not considered to be all that sophisticated, the spyware has around 100 commands. It is also capable of exfiltrating data from messaging apps like Facebook, WhatsApp and Viber.
• A new version of the CEIDPageLock rootkit was found being distributed via the Rig exploit kit. The latest version of the rootkit is capable of hijacking browser sessions as well as monitoring browsing activities, replacing websites with fraud pages and redirecting victims to these fake pages.
• A new triple threat malware called Android.Banker.L has been discovered. The malware contained keylogging, banking malware and ransomware capabilities. It can also forward calls and record audio.
• The Asacub malware, which first appeared in 2015, has been updated to include additional features. The malware has infected over 250,000 users in Russia. Asacab’s increasing infections helped it rise rapidly last year, even outperforming other banking malware variants such as Svpeng and Faketoken.