Threat Reports

Silobreaker Daily Cyber Digest – 15 March 2016

Surprise(!) ransomware
A new ransomware variant is making the rounds. Based on the EDA2 open-source ransomware kit, Surprise is named after its use of the .surprise file extension.

Surprise is currently uncrackable without the decryption key and its C&C servers appear to be non-responsive. Also interesting is that several reported infections of Surprise seem to have stemmed from unattended TeamViewer accounts.

TeamViewer is a free (for personal use) remote access tool that’s used for desktop sharing, diagnostics and testing. The software uses RSA-2048 for key exchange and AES-256 for sessions, but like all remote access tools, TeamViewer is a major (potential) security threat.

Users at Bleeping Computer have reached out to TeamViewer for comments, but have received no response as of yet.

$100,000 for a broken Chromebook
Google have doubled their bounty for a successful Chromebook exploitation from $50,000 to $100,000.

The reward is available to anyone who can compromise a Chromebook set to Guest mode via a web page. Downloads are allowed but apps cannot be installed and the compromise must persist through a reboot back into Guest mode.

Plan on quitting the day job? Check out Google’s Chrome rewards page.

Google has removed SmeshApp from its store after learning that Pakistan’s intelligence service (ISI) was using the app to spy on Indian military personnel.

The CNN-IBN investigation that broke the story found that spyware included in the app stole call logs, GPS data, text messages and images, storing them on a server based in Germany. The use of SmeshApp appears to go hand in hand with the ISI’s use of Facebook honeypots.

Leader of GhostShell reveals himself
Razvan Eugen Gheorghe, a native of Bucharest, has revealed himself as the leader of Team GhostShell.

GhostShell is a hacking collective noted for leaking accounts, emails and logins from organisations including the FBI, NASA and Interpol. Razvan claims that the majority of these hacks were instigated and performed by him alone.

Given a litany of breached servers and compromised credentials, why would Razvan disclose his identity so brazenly? It seems that what he really wants is a job. A legitimate one, that is.

Of course, he might be sending a few CVs out from jail; in a curious twist, Razvan lives just 10 minutes away from the headquarters of Romania’s Directorate for Investigating Organised Crime and Terrorism (DIICOT), the group who recently arrested Guccifer, the hacker known for releasing Hilary Clinton’s poorly secured emails.

It was only a matter of time. Donald Trump’s antics have finally caught up with him and have resulted in an Anonymous approved hacker operation against his online presence.

OpTrump is now being used as an umbrella term for any online activity designed to disrupt, deny and degrade Trump’s online presence. Prominent Anonymous members called upon internet users to use the OpTrump hashtag when targeting his websites, Twitter feed and political activities. They blamed his ‘appalling actions and hateful campaign’ for their decision. 

GM Bot V2
Last month the source code for popular banking trojans such as MazarBot and Bankosy was leaked on underground forums. GM Bot was designed to trick users into revealing sensitive banking details by utilising a number of phishing techniques. A second version of the malware has since been released under the moniker GM Bot V2, and has come from the author behind the original source code.

It is believed that GM Bot V2 has had its code ‘written from scratch’ and promises to pose a whole new set of problems for online users. The author claims to have incorporated three separate Android OS exploits into the malware as well as giving it the capacity to gain root admin control.

Access to GM Bot V2 does not come cheap: initial prices being touted online start at $15000, which is a 300% mark up on the original copy.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 14 June 2019

      Ongoing Campaigns Trend Micro discover new campaign using NSA leaked tools to deliver cryptominers Trend Micro researchers discovered an ongoing cryptojacking campaign infecting...
  • Silobreaker Daily Cyber Digest – 13 June 2019

    Malware Palo Alto’s Unit 42 report on evolving Hide ‘N Seek botnet Unit 42 have discovered a variant of the Hide ‘N Seek botnet...
  • Silobreaker Daily Cyber Digest – 11 June 2019

      Ongoing Campaigns MuddyWater uses multi-stage backdoor POWERSTATS V3 and new post-exploitation tools Trend Micro researchers detected new campaigns that appear to be operated...
View all News

Request a demo

Get in touch