Cyware Daily Threat Intelligence

Daily Threat Briefing • Oct 13, 2017
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Oct 13, 2017
Top Malware Reported in the Last 24 Hours
DoubleLocker ransomware
The infamous ransomware DoubleLocker is distributed as a fake Adobe Flash Player through compromised websites. As soon as it is launched, the app requests activation of the malware's accessibility service, named "Google Play Service". After the malware obtains the accessibility permissions, it uses them to activate device administrator rights and set itself as the default Home application, without the user's consent.
ATMii malware
Backdoor.Win32.ATMii, a new malware, has been discovered to be targeting ATMs running on Windows 7 and Windows Vista. Although, ATMii won't run on most ATMs in use today as most ATMs today use a streamlined version of Windows XP. The attacker copy dll and exe files on the ATM's storage drive and run exe.exe and injects the malicious code.
Locky variant
Locky ransomware's ykcol code has got a new facelift from its original authors. This Locky variant was part of a September spam blast, sent through notorious Necrus botnet, targeting 3 million inboxes within a three-hour period. The Locky ransomware is amending the .ykcol extension to all encrypted files.