Silobreaker Daily Cyber Digest – 30 October 2018
CoinTicker app installs two backdoors onto macOS devices
- A Malwarebytes forum user with the handle 1vladimir, discovered that the CoinTicker macOS app is secretly installing two different backdoors onto Mac computers.
- The app, that allows users to monitor the prices of cryptocurrencies, was found to install EvilOSX and EggShell backdoors.
- According to Malwarebytes, it is likely the malware is used for the purpose of gaining access to users’ cryptocurrency wallets and stealing their funds. It remains unclear whether the app was intended for malicious activities or whether it has been compromised by attackers.
Source (Includes IOCs)
New GPlayed Banking trojan targets Sberbank customers
- Cisco Talos researchers have discovered a new Android banking trojan named GPlayed Banking. It was found to be the predecessor of GPlayed, a similar trojan discovered by Cisco Talos on October 11th, 2018. The malware was found to specifically target users of Sberbank’s AutoPay service.
- Similarly to GPlayed, GPlayed Banking was disguised as a fake Google app store, hidden in an app called ‘Play Google Market’ that was designed to look like the legitimate Google Play Store app.
Source (Includes IOCs)
ZeroFOX report on detection of thousands of Fortnite scams
- Between early September to early October 2018, ZeroFOX detected over 53,000 alerts related to Fortnite scams. 86% of these were generate from social media, whilst 11% came from web domains and 2% from YouTube.
- Threat actors have also created fake coupon sites and ‘V-Buck generators’ to lure innocent players into sharing personal information.
Anonymous reportedly hack 70 Gabon government websites
- 70 government and 30 institutional websites were rendered inaccessible on September 28th, 2018 when Gabon’s administration was targeted in a DDoS attack.
- Anonymous claimed responsibility for the attack as a protest against dictatorships.
Leaks and Breaches
Canadian cryptocurrency exchange loses almost $6 million
- MapleChange cryptocurrency exchange have suffered a hack in which they stated that ‘due to a bug, some people have managed to withdraw all the funds from our exchange.’ The exchange confirmed that they were unable to refund any Bitcoin or Litecoin funds, but they were trying to refund other cryptocurrencies.
- Approximately $5.8 million was stolen in the hack.
Remini app used by schools left personal data unsecured
- The Remini app is used by parents and educators to follow a child’s progress throughout school, by documenting milestones and letting parents share images of their children.
- The app exposed this data via the API by allowing anyone to use the API without authentication. Unprotected data included email addresses, phone numbers, photographs and other documents relating to the children.
Orange County Girl Scouts data breached
- Approximately 2,800 Girl Scout members’ data may have been breached in Orange County, Southern California, when an unauthorized party accessed an email account on September 30th, 2018.
- Data possibly stolen includes names, birth dates, home addresses, insurance policy numbers and health information.
Hackers breach Tomorrowland festival server and steal 64,000 former concert-goers’ data
- Hackers stole 2014 festival attendees’ data including names, addresses, ages, postcodes and genders from an old database. No payment details were stolen in the attack.
Pakistani BankIslami denies loss of $6 million to cyber attack
- The Karachi-based bank acknowledged that its payment card system had been breached, but denied reports released by international card processors that it had lost $6 million to hackers.
PakistaFlaw in Windows 10 gave UWP apps access to entire file system
- Researcher Sebastian Lachance discovered a bug in Windows 10 that permitted Universal Windows Platform (UWP) applications to have full file system access without user knowledge or consent.
- Lachance found that when apps were given a broadFileSystemAccess permission, users were not presented with a settings screen, through which they should have been required to grant this permission. The bug will be patched in Microsoft’s upcoming October 2018 Update.
Systemd flaw could be exploited to crash or execute code on Linux machines
- CVE-2018-15688 is a flaw in Systemd that can be triggered by using maliciously crafted DHCPv6 packets and modifying portions of memory of the vulnerable systems.
- The flaw resides in the DHCPv6 client of the open-source system management suite that is implemented in several Linux distros including Ubuntu, Red Hat, Linux Enterprise Server and more.
US government network infected with malware due to employee watching porn at work
- A US Geological Survey network at the EROS Center in South Dakota was infected with malware due to an employee visiting 9,000 compromised porn websites on his work computer.
- Two vulnerabilities in the network were identified, including web-site access and open USB ports.
US government bans exports to Chinese semiconductor firm Fujian Jinhua
- The US Department of Commerce announced it would restrict exports to Fujian Jinhua Integrated Circuit Company over national security concerns that it could threaten the US supply chain for military systems’ components.
Mirai botnet author receives new sentence for DDoS attacks
- Paras Jha, one of the three authors of the Mirai Botnet was ordered to serve six months of home incarceration and pay $8.6 million.
- Jha was sentenced for DDoS attacks that began in November 2014 and targeted the central authentication server of Rutgers University, which he attended.
Trend Micro report on new file types emerging in spam attachments
- Trend Micro have recently observed threats being packaged inside old and rarely used file types. In particular, they have seen a new spike in the use of .ARJ and .Z files, .PDF files, .IQY files and .PUB files.29th
- These files have recently been leveraged in spam campaigns, and to undertake DoS attacks, delivery of backdoor payloads, and more. Trend Micro state that cyber criminals are becoming more inventive in their campaigns, using rare and previously unseen file types to distribute malware to unsuspecting users.
Source (Includes IOCs)
The Silobreaker Team
Disclaimer: Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.