Threat Reports

Silobreaker Daily Cyber Digest – 7 February 2017


Android Ransomware deploys dropper
The Android ransomware LockDroid is being used as the payload on rooted Android devices, utilising a dropper component to scan for rooted devices and achieve infection. Whilst the use of a dropper is a common feature among desktop malware, it is rarely observed in mobile ransomware families. The malware that is used to drop LockDroid is spread through third party apps, and has also been identified lurking on certain forums. More information.



76 Apple apps vulnerable to man-in-the-middle attacks
Researchers at Sudo Security Group have discovered that 76 iPhone apps are vulnerable to man-in-the-middle attacks, and the affected apps have been downloaded over 18 million times. 19 of the applications are deemed to be at high risk, which represents a ‘confirmed ability’ to have financial or medical data intercepted, and session authentication tokens logged. Several of the ‘low risk’ apps were named, including UConnect Access and Cheetah Browser, which leave partially sensitive data such as email addresses vulnerable. These vulnerabilities exist within the app development, meaning it is the app creators, not Apple, who must issue updates. More information.


Leaks and Breaches 

Polish Banks Infected with Malware from Financial Supervision Authority site
Polish banks have become infected with malware after visiting the site of the Polish Financial Supervision Authority (KNF). The KNF website was infected with a malicious JavaScript file, which led to malware infection on the workstations and servers of several Polish banks. The attacker, currently unidentified, used a malicious JavaScript file which opened a hidden iframe that forcibly downloaded a file on the victim’s machine. If executed, this file installed a RAT. The malware has a zero percent detection rate on VirusTotal and is thought to be a previously unseen strain. More information.

Kurdish hacker targets Irish organisations
A Kurdish hacker dubbed MuhmadEmad is believed to have carried out several cyber-attacks against the websites of Irish entities, including the National Treasury Management Agency. Emad exploited a vulnerability in the WordPress web publishing system, using it to display the message “Long Live Peshmerga”. It is also suspected that the same hacker targeted other European websites in the past few days, including that of tech website ZDnet. More information.

Ongoing Campaigns

Cellebrite data leaked online
The hacker believed to be behind last month’s breach of Cellebrite– an Israeli company specialising in extracting data from mobile phones for law enforcement agencies- has released what he claims is 900GB of data stolen from the company. The data reportedly includes files with phone hacking tools for Android and BlackBerry, as well as older Apple devices. The hacker claims to have obtained the data from a remote Cellebrite server, extracting the files from UFED images. More information.


General News

Austrian Parliament website taken down but no data is lost
On Sunday, the website of the Austrian Parliament was taken down for 20 mins via a DDoS attack. A similar attack was seen in November of last year targeted against the Foreign Affairs and Defence Ministry websites as well as the European Commission’s network. No one has yet claimed responsibility for the attack. More information.

Former contractor may have stolen 75 percent of TAOs hacker tools
New information has emerged regarding the charges against Harold T. Martin, a former NSA contractor accused of stealing 50 terabytes of data from the agency. According to the Washington Post, included in the theft was more than 75% of the hacking tools belonging to the Tailored Access Operations (TAO). More information.


The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • Silobreaker Daily Cyber Digest – 21 September 2017

    Malware CryptoMix ransomware variant appends .shark extension to encrypted files > The SHARK variant uses one of three domains for victim contact payment information....
  • Silobreaker Daily Cyber Digest – 20 September 2017

    Malware aIR-Jumper Malware uses security cameras with infrared capabilities to steal data > aIR-Jumper takes collected data, breaking it down into binary and leveraging...
  • Silobreaker Daily Cyber Digest – 19 September 2017

    Malware New Locky ransomware variant switches to .ykcol extension > Stormshield reports that the variant is distributed via spam emails containing a VBS file...
View all News

Request a demo

Get in touch