Threat Reports

Silobreaker Daily Cyber Digest – 1 March 2016

ATMZombie
The first banking malware to target Israeli banks, ATMZombie was discovered by Kaspersky in November 2015 and reported on in detail today.

Once a machine is infected, ATMZombie places its own certificate into browsers’ certificate authority (CA) lists, and modifies proxy settings to act as a Man-in-the-Middle. The next time a victim logs into their bank account, the malware will collect their details.

In the second stage of the attack, the malware’s controller will manually log in to compromised accounts and wire money via SMS to ‘mules’ who have been tricked into cooperating for a small share of the total haul. The money mules will, in turn, forward the bulk of the take onwards via mail.

Acecard Trojan
Acecard or Acekard is a widespread banking trojan that has technically existed for several years, but has only displayed overt malicious activity recently – most notably in Australia.

Made to steal banking information, Acecard can intercept SMS messages and  recognise around 50 financial phone apps, which the malware will overlay with phishing windows that ask for card details. On the 28th of December 2015, an Acecard downloader trojan was spotted disguised as a game in the Google Play store.

The group that created Acecard has also been tied to the Torec and Pletor (Android) malware families, and are most likely Russian-speaking.

Snapchat phished
In a classic PEBKAC blunder, Snapchat have revealed that employee payroll information was given to an outsider who impersonated the company’s CEO via email.

While company systems and app users were not compromised by the spear phishing attack, it’s likely that leaked details include addresses, bank account information and social security numbers of employees both present and past.

Anyone who needs a reminder of the risks posed by social engineering should take a look at the legendary email exchange that compromised HBGary Federal’s website, starting with this gem:

From: Greg

To: Jussi

Subject: need to ssh into rootkit

im in europe and need to ssh into the server. can you drop open up

firewall and allow ssh through port 59022 or something vague?

and is our root password still 88j4bb3rw0cky88 or did we change to

88Scr3am3r88 ?

thanks

[…]

Turkey blocks twitter pages
In response to the huge leak of information stored on the servers of the Turkish National Police, the Turkish government has made the decision to block twitter accounts @CthulhuSec, @YourAnonNews and @CryptOnymous.

The alleged grounds for this ruling, made by the Security Affairs General Directorate, are that content from the above sources “…threatens public order or national security by applauding terrorism or provoking violence or crime.”

Hacking Team returns(?)
Researchers have recently noticed Mac malware that uses an updated version of Hacking Team’s Remote Code Systems (RCS) software. The malware isn’t particularly dangerous by itself, but the version of RCS dates from October, three months after the very public dissolution of Hacking Team.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 23 January 2019

      Malware New ransomware family Anatova discovered on private peer-to-peer network McAfee researchers discovered ransomware, dubbed Anatova, that ciphers files before requesting a ransom...
  • Silobreaker Daily Cyber Digest – 22 January 2019

      Malware New STOP ransomware variant distributed through software cracks and adware bundles A new STOP ransomware variant is being bundled with adware and...
  • Silobreaker Daily Cyber Digest – 21 January 2019

      Malware Check Point release an update on GandCrab variant Check Point have published an update to their previous report on GandCrab, reviewing how...
View all News

Request a demo

Get in touch