Threat Reports

Silobreaker Daily Cyber Digest – 1 March 2016

ATMZombie
The first banking malware to target Israeli banks, ATMZombie was discovered by Kaspersky in November 2015 and reported on in detail today.

Once a machine is infected, ATMZombie places its own certificate into browsers’ certificate authority (CA) lists, and modifies proxy settings to act as a Man-in-the-Middle. The next time a victim logs into their bank account, the malware will collect their details.

In the second stage of the attack, the malware’s controller will manually log in to compromised accounts and wire money via SMS to ‘mules’ who have been tricked into cooperating for a small share of the total haul. The money mules will, in turn, forward the bulk of the take onwards via mail.

Acecard Trojan
Acecard or Acekard is a widespread banking trojan that has technically existed for several years, but has only displayed overt malicious activity recently – most notably in Australia.

Made to steal banking information, Acecard can intercept SMS messages and  recognise around 50 financial phone apps, which the malware will overlay with phishing windows that ask for card details. On the 28th of December 2015, an Acecard downloader trojan was spotted disguised as a game in the Google Play store.

The group that created Acecard has also been tied to the Torec and Pletor (Android) malware families, and are most likely Russian-speaking.

Snapchat phished
In a classic PEBKAC blunder, Snapchat have revealed that employee payroll information was given to an outsider who impersonated the company’s CEO via email.

While company systems and app users were not compromised by the spear phishing attack, it’s likely that leaked details include addresses, bank account information and social security numbers of employees both present and past.

Anyone who needs a reminder of the risks posed by social engineering should take a look at the legendary email exchange that compromised HBGary Federal’s website, starting with this gem:

From: Greg

To: Jussi

Subject: need to ssh into rootkit

im in europe and need to ssh into the server. can you drop open up

firewall and allow ssh through port 59022 or something vague?

and is our root password still 88j4bb3rw0cky88 or did we change to

88Scr3am3r88 ?

thanks

[…]

Turkey blocks twitter pages
In response to the huge leak of information stored on the servers of the Turkish National Police, the Turkish government has made the decision to block twitter accounts @CthulhuSec, @YourAnonNews and @CryptOnymous.

The alleged grounds for this ruling, made by the Security Affairs General Directorate, are that content from the above sources “…threatens public order or national security by applauding terrorism or provoking violence or crime.”

Hacking Team returns(?)
Researchers have recently noticed Mac malware that uses an updated version of Hacking Team’s Remote Code Systems (RCS) software. The malware isn’t particularly dangerous by itself, but the version of RCS dates from October, three months after the very public dissolution of Hacking Team.

The Silobreaker Team

More News

  • Silobreaker Daily Cyber Digest – 22 March 2019

      Ongoing Campaigns Dr Web reports Flexnet banking trojan targeting users of Android devices Flexnet banking trojan is reportedly based on GM bot trojan...
  • Silobreaker Daily Cyber Digest – 21 March 2019

      Malware New Carbanak Gang tools discovered by Flashpoint Flashpoint researchers reported on newly discovered tools used by the Carbanak Gang in a campaign...
  • Silobreaker Daily Cyber Digest – 20 March 2019

      Malware Malicious Office document analysed by ZLAB Researchers at Cybaze-Yoroi ZLAB discovered a malicious Office document with a payload capable of bypassing AppLocker...
View all News

Request a demo

Get in touch