Go to listing page

Cyware Daily Threat Intelligence September 24, 2018

Cyware Daily Threat Intelligence September 24, 2018

Share Blog Post

Top Malware Reported in the Last 24 Hours

Virobot is a newly discovered multi-purpose malware that contains ransomware, botnet and keylogger capabilities. The malware has been targeting victims in the US. However, it is still under development. Virobot also enslaves systems into a massive spam botnet that pushed ransomware to more victims. 

Dharma variants
Security researchers have discovered three new variants of the Dharma ransomware - Gamma, Bkp, and Monro. All three variants were recently released and within a short period of time. Like Dharma, the three new ransomware variants are also installed via remote desktop services. 

Malware targets job seekers
A new malware campaign has been targeting job seekers via freelance job sites. The victims are sent job offers which contain malicious attachments, which when opened, deploy keyloggers like Agent Tesla or other remote access trojans (RATs). The malware authors have also been engaging with the victims to ensure successful infections.

Emotet banking trojan infections are on the rise again. The spam campaign pushing Emotet is also dropping the Trickbot banking malware. The campaign is leveraging the leaked NSA exploit EternalBlue for propagation.

Top Vulnerabilities Reported in the Last 24 Hours

Windows Jet RCE bug
Microsoft has failed to fix a zero-day remote code execution vulnerability in its JET Database Engine within its 120-day disclosure window. An attacker could leverage this vulnerability to execute code under the context of the current process, however, it does require user interaction since the target would need to open a malicious file.

Chrome bug
Chrome 69 has been automatically logging people in as they hit Google-owned sites. This issue could likely have been caused by a bug, but it is still unclear as to what caused the issue. It is not clear anymore to users when they are logged in or what button they should push to start syncing. In its current form, a user might be one wrong click away from giving all their browser data to Google by accident. Google has refuted claims that this could be a privacy breach. Google engineers claim that this auto-login operation does not start the process of synchronizing local data to Google's servers. 

Top Breaches Reported in the Last 24 Hours

Arran Brewery attack
A local brewery in the Scottish island of Arran was hit by a ransomware attack recently. A member of the brewery's staff was sent a phishing email containing the ransomware, which was deployed when the malicious attachment was opened. The threat actors behind this campaign held ransom around three months worth of sales data from one server and demanded 2 Bitcoins worth $13, 448 to restore the system. 

Port of Barcelona
The port of Barcelona suffered a cyberattack that affected some of its servers and systems. The organization deployed security measures to contain the attack, which appears to have worked since no maritime or land operations were impacted by the breach. The identity of the hackers and the nature of the attack is still unclear. 

Dark web sales
Various popular dark web markets like the Dream Market and Olympus have been selling a list of stolen frequent flyer miles for Bitcoin and Monero. Air miles are available for companies including Emirates, British Airways, Delta, and Alaska Air, etc. The list includes 100,000 British Airways air miles, 45,000 Delta SkyMiles, 100,000 Emirates Skywards miles, and 100,000 Virgin Atlantic Flying Club points.


emotet infostealer
dark web sale
remote code execution vulnerability
port of barcelona
virobot ransomware
dream market
arran brewery

Posted on: September 24, 2018

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite