Threat Reports

Silobreaker Daily Cyber Digest – 15 February 2017


New version of Cerber avoids encrypting security software
A new Cerber variant uses the Windows Management Interface (WMI) to query infected computers for three classes of security software: FirewallProduct, AntiVirusProduct, and AntiSpywareProduct. These are then added to its whitelist, meaning the ransomware will not encrypt these files and as a result the programs are left operational even after a Cerber infection. The purpose of this new feature is not clear. More information.

Malware used by APT28 can now target MAC OS devices
A new version of X-Agent designed to compromise MAC OS systems has been discovered. X-Agent – deployed by Russian hacker group APT28 – is a modular backdoor that has been observed targeting devices running on Windows, Linux and Android operating systems. The MAC OS version, discovered by researchers at BitDefender, is capable of stealing passwords, taking screenshots and stealing iPhone backups. A detailed analysis of the malware will be published shortly. More information.

Malicious app imitates Adobe Flash to target Android users
A malicious app is targeting Android users by imitating Adobe Flash Player. The application was detected by ESET security software as Android/TrojanDownloader.Agent.JI, and it is being distributed via compromised websites and social media. It attempts to trick users into granting it special permissions in the Android accessibility menu, by urging them to download a fake Adobe Flash Player update and later enabling a fake “Saving Battery” mode. If successful, the attacker can use this to download and execute additional malware. More information.



Windows 10 Mobile Bug allows access to personal pictures on Locked Devices
A bug in Windows 10 Mobile OS allows anyone with physical access to a victim’s phone to bypass the lock screen passcode and access a device’s image gallery. Discovered by a Brazilian researcher, the bug requires no technical skill and can be reproduced in around 30 seconds. It exploits the function which allows users to access a phone’s camera even while locked, through an icon on the lockscreen. Microsoft has been informed of the issue and a fix is expected next month. More information.


Leaks and Breaches

20,000 Tribal Members have their personal details exposed
Over 20,000 members of two Montana American Indian tribes have been notified of a potential data breach which compromised their personal information. According to the Bureau of Indian Affairs, an external hard drive belonging to the organisation was accessed and copied last month. It contained unencrypted information on tribal members of the Crow and Northern Cheyenne Tribes, including names, addresses, birthdates and tribal enrolment details. More information.


Ongoing Campaigns

Sophisticated phishing campaign targets Qatari activists
Activists, labour unions, and journalists championing for the rights of migrant workers in Qatar have been targeted in a year-long phishing campaign. Discovered by Amnesty International, the campaign used fake Facebook, Google, LinkedIn, and Twitter profiles impersonating a young  woman called “Safeena Malik”. To appear credible, the campaign operators used the picture of a real woman with this name, along with a professional biography stolen from yet another person.  Targets would then receive social media messages from “Malik”, attempting to lure victims into viewing documents online regarding Qatari Human Rights Issues. However, the messages would actually redirect targets to a phishing site crafted to steal their Google credentials. More information.

Kurdish hacker defaces more website
Student newspaper Nose has become the latest victim in an ongoing defacement campaign orchestrated by Kurdish hacker MuhmadEmad. Emad exploited a vulnerability in WordPress, which hosts the site, to replace articles with various anti-IS and pro-Peshmerga messages. Other hacked websites include the Duke of Edinburgh’s Award and the blog of US conservative commentator Glenn Beck. More information.


The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.


More News

  • Silobreaker Daily Cyber Digest – 21 September 2017

    Malware CryptoMix ransomware variant appends .shark extension to encrypted files > The SHARK variant uses one of three domains for victim contact payment information....
  • Silobreaker Daily Cyber Digest – 20 September 2017

    Malware aIR-Jumper Malware uses security cameras with infrared capabilities to steal data > aIR-Jumper takes collected data, breaking it down into binary and leveraging...
  • Silobreaker Daily Cyber Digest – 19 September 2017

    Malware New Locky ransomware variant switches to .ykcol extension > Stormshield reports that the variant is distributed via spam emails containing a VBS file...
View all News

Request a demo

Get in touch