Cyware Daily Threat Intelligence

Daily Threat Briefing • May 7, 2018
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • May 7, 2018
Top Malware Reported in the Last 24 Hours
Chthonic trojan
Hailing from the family of ZeusVm, the Chthonic banking trojan uses phishing campaigns in the form of Word documents with malicious 'exe' code embedded in it. The malware is designed to mainly exploit the CVE-2014-1761 flaw. After infecting a system, the Chthonic banking trojan collects data stored in the local system.
SynAck ransomware
A new ransomware, named SynAck, has been spotted using the Doppelganging technique in order to escape antivirus detection. The ransomware uses the technique to leverage NTFS transactions to launch a malicious process from the transacted file. After infecting a system, the ransomware collects computer and user names, OS version info, unique infection ID, session private key and some random data.
Backdoor removed from npm
The npm registry unpublished a backdoor and three other packages. The said backdoor was masquerading as a cookie parsing library and was named getcookies. Package containing potential backdoor was found on the express-cookies and http-fetch-cookies modules, and on the popular mailparser package depending upon http-fetch-cookies.