Cookie Settings

This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.

Cyware Daily Threat Intelligence

Cyware Daily Threat Intelligence - Featured Image

Daily Threat Briefing Sep 7, 2018

Top Malware Reported in the Last 24 Hours

Chainshot

A new malware called Chainshot was discovered by security researchers by cracking the 512-bit RSA key. The malware is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. Using Factory as a Service (FaaS), researchers were able to calculate the decryption key and access the Chainshot malware. Chainshot is capable of collecting system information and sending it to the attacker-controlled C2 server.

Necurs drops FlawedAmmyy RAT

The recent Necurs botnet spam campaign is leveraging weaponized IQY files and distributing the FlawedAmmyy RAT. Five difference Necurs campaigns have distributed over 780,000 spam emails that contained malicious URLs. These malicious URLs, in turn, led to the FlawedAmmyy RAT being downloaded onto the victims' PC. The 780,000 spam emails distributed by the Necurs botnet operators were sent over a period of a month and a half. Some of these emails were designed to look like unpaid invoices. This is a common trick to lure victims into accessing the URL inside the malicious IQY files.

Top Breaches Reported in the Last 24 Hours

British Airways hacked

British Airways confirmed that it suffered a massive breach that involved cybercriminals stealing the payment card details of 380,000 customers. The breach occurred on its website and mobile booking app between August 21 and September 5 this year. The Airlines stated that passport information and travel details have not been compromised.

?West Africa fraud cartel

The Irish police are investigating a West African fraud cartel that allegedly stole 15 million Euros and is controlling 300 bank accounts. Police conducted raids across five counties, recovering numerous laptops and financial documents. The criminals set up fake online identities as employees of a legitimate trading company. Most of the money is laundered internationally across several bank accounts to make it untraceable.

mSpy data leak

mSpy, a major mobile spyware-as-a-service provider, exposed the personal and sensitive data of millions of its customers online. The compromised data include passwords, call logs, text messages, contact, notes, location data, and Apple iCloud usernames and authentication tokens. The data leak was caused by a database that was left publicly open on the internet.

Related Threat Briefings