Threat Reports

Silobreaker Daily Cyber Digest – 09 January 2019

 

Ongoing Campaign

85 adware apps on Google Play installed 9 million times

  • Trend Micro observed malicious apps disguised as car simulator games, television streaming channels, and remote controllers for TV sets.
  • The adware, AndroidOS_HidenAd, is capable of hiding and running in the background once it is downloaded.
  • The apps belong to the same adware family and share code, though Trend Micro noted the manufacturers and APK cert public keys differ.

Source

 

Zazdi botnet using Firebase Cloud Messaging to communicate with infected devices

  • SonicWall Capture Labs Threat Research team observed a botnet campaign, dubbed Zazdi, using Firebase Cloud Messaging to communicate with its infected bots.
  • Multiple Facebook pages were identified that contain links to websites hosting a malicious Android app belonging to the botnet’s campaign.  
  • The campaign includes up to 50 commands that can execute on infected devices to make the apps seems legitimate.

Source (Includes IOCs)

 

Phone fraudsters use IRSF scheme to steal revenue from premium phone number services

  • ZDNet reported that attackers are using a scheme dubbed International Revenue Share Fraud (IRSF) to earn money via phone fraud. The scheme involves the abuse of premium phone numbers to profit from the fees charged for premium phone calls.
  • Some firms that offer the necessary infrastructure for premium phone numbers, known as International Premium Rate Number (IPRN) providers, have partnered with spammers and criminals to abuse their phone networks and split profits from providing the service to telecommunications companies and their customers.

Source

 

Leaks and Breaches

WelderSupply[.]com suffers data breach

  • The breach may have affected customers’ information entered through the WelderSupply[.]com website between November 14th and December 6th, 2018. The type of information collected and the amount of customers potentially affected remains unknown.

Source

 

Discounted copies of Microsoft products pose security risk

  • Brian Krebs has reported on the dangers of buying Windows software at a discount from an online seller. In his example, a reader purchased Microsoft Office 2016 Professional Plus for $4 via eBay. The purchase came in the form of a subscription-enabled account, rather than a product key. The buyer must log-in using these assigned credentials, which appear to belong to someone else, from another organisation.
  • Whilst the software itself does appear to work, it is unclear what account is being used, and synchronisation features such as OneDrive appear to sync personal documents and files created using Office, posing a data leakage risk to anyone who uses these discounted accounts.

Source

 

Vulnerabilities

Microsoft fixes multiple vulnerabilities in Patch Tuesday

  • Patch Tuesday fixed 49 vulnerabilities, with seven of them rated critical. These include fixes for CVE-2019-0539, CVE-2019-0567 and CVE-2019-0568, which are memory corruption vulnerabilities in Microsoft Edge, due to the way the Chakra Scripting Engine handles objects in memory.
  • Other fixes include CVE-2019-0555, an escalation of privilege vulnerability that could allow an attacker to escape an AppContainer sandbox, and CVE-2019-0547, a memory corruption vulnerability in the Windows DHCP client.

Source

 

Adobe fixes critical vulnerabilities

  • The two vulnerabilities are CVE-2018-19718, a session token exposure issue in Adobe Connect version 9.8.1 and earlier, and CVE-2018-12817, an out-of-bounds read bug that affects the Digital Editions software versions 4.5.9 and earlier.
  • The security updates were released by Adobe alongside patches for Acrobat DC and Acrobat Reader DC.

Source

 

General News

Shipping industry targeted by BEC attacks

  • Pen Test Partners reported that attackers are imitating high-level executives and using a wide range of social engineering techniques in business email compromise (BEC) attacks against shipping firms.
  • Prior to the actual attacks, the threat actors collect a wide range of information on targets from publicly-available sources, such as social media, to implement a variety of social engineering techniques and lure victims into disclosing sensitive information such as bank details. According to Pen Test Partners, the main motivation behind the attacks seems to be financial gain.

Source

 

Microsoft forced to pay $1,258 after Windows 10 upgrade damages computer

  • A Finnish man demanded compensation from the firm after an unauthorized Windows 10 upgrade resulted in his PC breaking.

Source

 

German hacker arrested over leak of hundreds of politicians’ data

  • German authorities arrested the 20-year-old who reportedly committed the crime in annoyance over a number of German politicians’ statements.
  • The hacker published the leaks on his Twitter account @_0rbit.

Source

 

Zerodium announces $2 million payout for remote iOS jailbreaks

  • The zero-day broker announced a number of payouts, including $2 million for remote iOS jailbreaks, and $1 million for chat app exploits.
  • Other payouts for Chrome on Android and Safari on iOS exploits increased to $500,000.

Source

 

New tool automates phishing attacks and bypasses 2FA

  • Researcher Piotr Duszynski developed a penetration testing tool, dubbed ‘Modlishka’, that automates phishing attacks and can bypass two-factor authentication (2FA).
  • Modlishka is a reverse proxy modified for handling traffic meant for login pages and phishing campaigns. It is capable of retrieving content from legitimate sites in real time, meaning it does not use any ‘templates’.
  • Moreover, the tool was described as requiring little maintenance and a low level of technical skill in comparison to other phishing tools.

Source

 

The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein. 

More News

  • Silobreaker Daily Cyber Digest – 23 January 2019

      Malware New ransomware family Anatova discovered on private peer-to-peer network McAfee researchers discovered ransomware, dubbed Anatova, that ciphers files before requesting a ransom...
  • Silobreaker Daily Cyber Digest – 22 January 2019

      Malware New STOP ransomware variant distributed through software cracks and adware bundles A new STOP ransomware variant is being bundled with adware and...
  • Silobreaker Daily Cyber Digest – 21 January 2019

      Malware Check Point release an update on GandCrab variant Check Point have published an update to their previous report on GandCrab, reviewing how...
View all News

Request a demo

Get in touch