Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Dec 26, 2023

As software platforms evolve, malware developers are coming up with new additions to their arsenal. Lately, a new Android backdoor was seen using the Xamarin open-source framework. Meanwhile, the notorious Carbanak banking malware saw a new iteration impersonating popular business software providers, such as HubSpot, Veeam, and Xero.

In a continuing wave of high-profile breaches in the holiday season, LockBit targeted an accountancy firm to allegedly steal 1.5TB of customer data. Financial information, such as account balances and customer financials, may be at risk. Similarly, the video game publisher, Ubisoft, and the mobile network provider, Mint Mobile, both disclosed data breaches affecting sensitive information about their users.

Top Breaches Reported in the Last 24 Hours

LockBit Targets Xeinadin

The LockBit ransomware group targeted the Xeinadin accountancy firm and claims to have stolen 1.5TB of customer data, including all internal databases, customer financials, passports, account balances, client legal information, and more. The ransomware group had given Xeinadin a deadline of December 25 to make contact and prevent the publication of the stolen data.

Ubisoft allegedly breached

Ubisoft is investigating a potential data breach after researchers uncovered evidence of unauthorized access to their infrastructure. The threat actor claimed to have accessed Microsoft Teams, Confluence, and SharePoint installs, and plans to exfiltrate around 900GB of data stolen from Ubisoft. The breach occurred on December 20, and lasted for about 48 hours.

Mint Mobile discloses breach

Mint Mobile, a budget mobile service provider, experienced a data breach that exposed customer information, including data that can be used for SIM swap attacks. The breach compromised personal details such as names, telephone numbers, email addresses, SIM serial numbers, and service plan information. However, credit card numbers and passwords are reportedly secure.

GTA 5 source code leaked

The source code for Grand Theft Auto 5 has reportedly been leaked. This comes more than a year after the Lapsus$ hacking group breached Rockstar Games and stole corporate data. The source code was shared on various platforms, including Discord, a dark web website, and a Telegram channel previously used by the hackers.

?

Top Malware Reported in the Last 24 Hours

Banking malware Carbanak evolves

The banking malware Carbanak has been observed in ransomware attacks with updated tactics. It has adapted to incorporate new attack vendors and techniques, impersonating popular business-related software such as HubSpot, Veeam, and Xero.

Nepalese government targeted with Nim-based malware

Netskope Threat Labs analyzed a targeted threat that uses a Word document to deliver a malicious backdoor written in the programming language Nim. The document is sent as an email attachment, claiming to be from a Nepali government official. The malware uses various techniques to evade detection, including password protection, obfuscation, and splitting and concatenating strings.

Operation RusticWeb strikes India

Indian government entities and the defense sector have been targeted by a phishing campaign called Operation RusticWeb. The campaign uses Rust-based malware to gather intelligence. The activity, linked to Pakistan, overlaps with the Transparent Tribe and SideCopy groups. The attacks start with a phishing email that tricks victims into interacting with malicious PDF files.

Android backdoor Xamalicious spotted

Security researchers from McAfee have discovered a new Android backdoor called Android/Xamalicious, which is implemented using the Xamarin open-source framework. The malware tries to gain accessibility privileges through social engineering and then communicates with a command-and-control server to download a second-stage payload. This payload can take full control of the infected device and perform fraudulent actions such as clicking on ads and installing apps without the user's consent.

Related Threat Briefings