Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Jul 8, 2020

The last 24 hours witnessed a few ransomware happy ending cases. Security researchers have cracked the code for two recently discovered ransomware - EvilQuest and ArisLocker. While EvilQuest uses the RC2 algorithm, the ArisLocker uses the AES algorithm to encrypt victims’ files.

Talking about new malware developments, a new version of Lampion trojan that includes a VBS downloader file has been found targeting Portuguese and Brazilian users. The malware is distributed via spam emails.

Top Breaches Reported in the Last 24 Hours

Casino app leaks data

An unsecured Elasticsearch database was found leaking data of millions of Clubillion app users before it was secured. These records included personally identifiable information (PII), such as email addresses, private messages, and IP addresses of users.

New details about Magellan Health

The tally of Magellan Health data breach victims has reached 365,000 patients. The healthcare firm was affected by a ransomware attack in April 2020. The investigation determined that hackers had first installed the malware to steal employee credentials and later used them to gain access to the servers.

Top Malware Reported in the Last 24 Hours

Cerberus banking trojan

Cerberus banking trojan was found to be delivered via a malicious currency converter app - Calculadora de Moneda - that had over 10,000 downloads. The trojan targeted Android users in Spain. Once installed, it stole users’ login credentials.

Decryptor for EvilQuest ransomware

Researchers have created a decryptor for EvilQuest ransomware by cracking its encryption routine, which is based on the RC2 algorithm. The ransomware, which is distributed via torrent platforms and online forums, can install a keylogger and steal cryptocurrency wallet-related files from infected hosts.

Source code of ransomware found

Cyble’s researchers have discovered the source code of ArisLocker ransomware being distributed for free on the dark web. The ransomware uses the AES algorithm to encrypt the victim’s files.

A new variant of Lampion trojan

A new version of the Lampion trojan has been found targeting users from Portugal and Brazil. The trojan is distributed via spam emails and includes a VBS downloader file that is responsible for downloading two files from online clouds. These two files are meant for gaining persistence on the target machines.

Top Scams Reported in the Last 24 Hours

Cosmic Lynx’s BEC scams

Researchers have revealed that the Cosmic Lynx threat actor group is responsible for more than 200 BEC attacks since July 2019. The group typically impersonates the CEO of the target company and sends an email request to close an acquisition with an Asian company. The email further informs the target employee that an external legal counsel will help coordinate the payments for closing the deal. In the final stage of the attack, the threat actor group convinces the recipients to send payments to fake accounts in Hong Kong.

Coronavirus-related phishing

Cybercriminals have been found capitalizing on Brazil’s government assistance program related to the pandemic to trick citizens into sharing their personal details. In this attempt, the attackers have created over 693 malicious websites since March 2020.

Related Threat Briefings