Malware

MacOS cheating tool for ‘Counter-Strike: Global Offensive’ game infected with trojan
> The fake tool is distributing the Monero cryptocurrency miner OSX.Pwnet.A trojan, and is based on the original vHook app developed and adapted to macOS.
> The app is promoted on YouTube and can be downloaded from a non-malicious portal.
Source

Kaspersky reports on new WAP-billing trojan-clicker families
WAP-billing is a form of mobile payment that charges costs directly to a user’s phone bill. Malware generally redirects victims to WAP-billing pages, authorising payments without consent.
The Ubsod trojan is capable of downloading and installing apps, Xafekopy (Xafecopy) is distributed through apps masquerading as battery optimisers, Autosus steals money by clickjacking, and Podec subscribes users to WAP services.
Source 

Fortinet releases detailed analysis of new Poison Ivy variant
The Poison Ivy variant is spread through a compromised PowerPoint file masquerading as payment advice and affects 64bit Windows versions.
Fortinet discovered that the malware obtains the C2 server’s IP address from four pastes on Pastebin, and communicates with the C2 server in an infinite loop.
– Source 

 

Ongoing Campaigns

Phishing campaign targets Austrian Raiffeisen Bank customers with MazarBot
MazarBot is spreading via spam emails with a link to a Raiffeisen bank phishing site, attempting to trick users into providing their login credentials.
The ultimate goal of the campaign is to trick users into downloading a fake security app containing MazarBot, which will attempt to steal a target’s credit card details.
Source –

Ukrainian accounting software company Crystal Finance Millennium used to distribute malware
Attackers breached the company’s web server and have been using it to distribute phishing emails since at least the 18th of August. The emails deliver the Purge ransomware, a variant of Globe ransomware.
The attacks are reportedly part of a wider campaign targeting Ukraine, in which compromised web servers of additional companies were leveraged to spread the Zbot and Chthonic banking trojans.
Source –

Business Email Compromise (BEC) campaign targets universities, tech companies and others
Active between March and August of this year, Flashpoint observed phishing emails distributing 73 malicious PDFs, which would redirect targets to a phishing page attempting to steal email credentials.
The attackers, likely based in Western Africa, used compromised email accounts to distribute phishing emails to victims’ contacts.
Source

New adware campaign is spreading via Facebook Messenger
According to Kaspersky, the messages contain a link redirecting to a Google doc with a fake playable movie that users are enticed to click on.
The adware will redirect victims to a variety of sites, tailored to the target’s browser, operating system and more.
Source

 

Vulnerabilities

Industrial collaborative robots from six vendors vulnerable to remote hacking
IOActive discovered that nearly 50 flaws affecting ‘cobots’ – robots that usually perform unsafe operations. Flaws including bugs in the authentication and authorisation mechanisms of these robots.
Several vulnerabilities could allow attackers to spy and steal data, as well as causing physical harm to human operators.
Source

 

General News

US Navy is considering whether the collision of a US destroyer was the result of a cyberattack
Speculation that the incident, which saw the US destroyer collide with an oil tanker on Monday, could have been caused by cyber sabotage arose after it was revealed that the warship suffered a steering failure.
There is as yet no evidence behind these accusations, and the Chief of Naval Operations has stated that there is the “possibility of cyber intrusion or sabotage, … [and the] review will consider all possibilities.”
Source –

 

The Silobreaker Team


Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

Silobreaker
This website uses cookies.
See our privacy policy at www.silobreaker.com/legal