A lesser-known Gigabud RAT has reappeared in a new campaign targeting banking users across Thailand, Indonesia, Vietnam, the Philippines, and Peru by making use of the screen recording feature on the target’s phone. The threat landscape also witnessed the emergence of a new malware, dubbed QwixxRAT, that is being offered on Telegram and Discord platforms, with the capability to steal a wide range of sensitive information.

There’s also an update on an ongoing sophisticated scam that uses websites of well-known universities, U.S. government agencies, and private organizations as a channel to push fake offers and promotions to either download malware onto the victim’s systems or steal their personal information.

Top Breaches Reported in the Last 24 Hours

1.5 million ADSC customers affected

The personal information of 1.5 million individuals was compromised in a ransomware attack at Canada’s Alberta Dental Service Corporation (ADSC). The attack occurred last month and according to ADSC, the attackers had access to its network for more than two months before deploying the ransomware. The compromised systems contained the personal and banking information of individuals.

Discord.io database on sale

A threat actor named Akhirah has put a Discord[.]io database on sale on the new Breached hacking forum. The database contains personal information such as usernames, email addresses, billing addresses, and Discords IDs of 760,000 users. Meanwhile, the firm has confirmed the breach in a notice and has temporarily shut down its services in response.

Threat actors expose their login credentials

Around 100,000 computers belonging to threat actors inadvertently exposed over 140,000 credentials for cybercrime forums after being compromised by info-stealers. Other data collected includes personal details and system information, such as computer names and IP addresses. More than 57,000 compromised users had accounts on the Nulled[.]to community.

Top Malware Reported in the Last 24 Hours

Gigabud RAT targets banking users

Banking users across Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android malware called Gigabud RAT. The malware primarily uses screen recording feature on the target’s phone to gather sensitive information from Android phones. It comes under the guise of a loan application and lures users to fill out a bank card application form to obtain a low-interest loan.

New QwixxRAT malware spotted

A newly discovered QwixxRAT (aka TelegramRAT) is being advertised on Telegram and Discord platforms, boasting the ability to collect and exfiltrate a wide range of sensitive information. This includes data from browser histories, credit card details, FTP credentials, screenshots, and keystrokes. Written in C#, it includes a clipper code to capture cryptocurrency wallet information. To avoid detection by antivirus software, the RAT employs C2 functionality through a Telegram bot. This allows the attackers to remotely control the RAT and manage its operations.

Malicious npm packages spotted

A new round of supply chain attacks targeting developers via malicious npm packages has been discovered by Phylum researchers. As many as nine malicious packages— identified as ws-paso-jssdk, pingan-vue-floating, srm-front-util, cloud-room-video, progress-player, ynf-core-loader, ynf-core-renderer, ynf-dx-scripts, and ynf-dx-webpack-plugins—were uploaded to the npm registry between August 9 and August 12.

Top Scams Reported in the Last 24 Hours

Fake websites push scammy offers

Thousands of websites belonging to well-known universities, U.S. government agencies, and private organizations have been compromised in an ongoing scam campaign to push fake offers and promotions. Active for more than five years, the campaign primarily targets children by tricking them into downloading apps, malware, or sharing personal information in exchange for bogus rewards from Fortnite and Roblox.