Two malicious apps available on Google Play store
> One of the apps is infected with BankBot, a mobile banking trojan, whilst the second contains a dropper that abuses Google’s accessibility features to install additional payloads from a C2 server.
> The apps, “Earn Real Money Gift Cards” and “Bubble Shooter Wild Life”, have a low install count but are still available on the store, report Zscaler.

New miner trojan Linux.BtcMine.26 mentions krebsonsecurity[.]com in its source code
> Linux.BtcMine.26 is designed to mine the Monero cryptocurrency, and its distribution is similar to that of Linux.Mirai, connecting to a device using the Telnet protocol.
Source –

Aeria Games online role-playing games compromised with new ‘Joao’ downloader
> ESET discovered that the compromised MMORPGs are distributed via unofficial websites.
> Joao is modular malware that sends information about the infected computer to the attacker’s server, which in turn informs its decision on what malicious components to run.


Ongoing Campaigns

Malvertising campaign abuses legitimate popup ad service to redirect to Neptune EK
> The campaign uses fake hiking club domains to redirect victims to Neptune landing pages, hosted on IP addresses located in Amsterdam.
> Neptune EK currently leverages three Internet Explorer and two Flash exploits, and drops cryptocurrency mining payloads.

New ROPEMAKER attack changes email content via remote CSS file
> ROPEMAKER – Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky – is carried by sending an email in HTML using a CSS file loaded on an attacker’s server. This allows attackers to send benign emails that are not flagged by security protocols, before changing the content remotely.
> Mimecast shows two versions of the attack: the ‘Switch Exploit’, relying on attackers switching the CSS ”display” function, and ‘Matrix Exploit’, embedding matrices of ASCII characters for each letter inside the email.


Leaks & Breaches

AccuWeather iOS app sends location information to data monetisation firm Reveal Mobile
> The app collects information such as precise GPS coordinates, name and BSSID of the Wi-Fi network used, and status of the device’s Bluetooth connection.
> Researcher Will Strafach believes that Reveal Mobil use the data to map individuals travel, and use this to deliver targeted ads.

Groupize database reportedly discovered on unsecured AWS storage bucket
> The database contains hotel documents including service agreements and card numbers.

FC Barcelona Twitter and Facebook accounts compromised
> The hacker group OurMine claimed responsibility for the breach, and reportedly tried to get the hashtag #FCBHack trending on Twitter.



$500 device hacks iPhone 7 lock screen passcodes via brute force
> The exploit is specific to iOS 10.3.3 and iOS 11 beta for iPhone 7 and 7 Plus, and leverages a flaw in the data recovery state that allows the use of infinite passcode attempts.
> Apple confirmed the flaw will be patched in iOS 11 final version.


General News

Data collected by ad trackers can be used to de-anonymize Bitcoin transactions
> Princeton University research analysed 130 e-commerce sites that allows Bitcoin transactions, discovering that information such as email and shipping addresses were leaked.
> E-commerce sites store cookies to allow the delivery of targeted ads, and by aggregating data it is possible to create accurate profiles linking suspicious Bitcoin transactions to users.


The Silobreaker Team

Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

This website uses cookies.
See our privacy policy at