Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence September 28, 2018 - Featured Image

Daily Threat Briefing Sep 28, 2018

Top Malware Reported in the Last 24 Hours

QRecorder

A new banking malware was found disguised as the QRecorder app on the Google Play Store. The malware has already been installed over 10,000 times and is capable of stealing banking credentials and can bypass SMS-based two-factor authentication.

**Phorpiex/Trik botnet **

The new Phorpiex/Trik botnet has been distributing the GandCrab ransomware, as well as the Pushdo, Pony malware variants. The botnet has also been distributing a cryptominer across the globe, including countries such as the US, Canada, Australia, and Japan.

Torii botnet

A new botnet named Torii has been discovered that uses advanced techniques. Unlike other IoT botnets like Mirai and Hide and Seek that conduct DDoS and cryptomining attacks, Torii's motivation is yet to be discovered. Instead, the botnet leverages multiple levels of encrypted communication along with anti-analysis features to evade detection while exfiltrating data from the compromised machine.

Top Botnet Reported in the Last 24 Hours

Aspire Health breach

Aspire Health, a healthcare company offers in-home treatment in 25 US states, was hit by a data breach. An employee of the organization fell victim to a phishing attack that resulted in the attackers stealing the patients' protected health information (PHI). The hackers stole around 124 emails that contained confidential data. It is still unclear as to how many users were affected by the attack.

Arkansas businesses ransomware attack

Companies in Conway, Arkansas suffered a ransomware attack that cost the organizations thousands of dollars. The FBI is investigating the chain of attacks. The cybercriminals behind the attack have demanded a ransom from the organizations. The identity of the hackers is still unknown. A large company in Conway suffered a ransomware attack. Its in-house IT department tried to recover the document haul through the company's four backups but still lost a lot.

Related Threat Briefings