Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2023

New Mobile Banking Malware Impersonating Messaging Apps

Following our research regarding the abuse of Malvertising using Malicious Ads, Cyberint has uncovered a new strain of mobile banking malware. This malware is being distributed on third-party APK sites and is disguised as advertisements for popular messaging applications like KIK and Viber. Our Cyberint team has conducted an analysis of the malware’s source code. Based on our findings, it appears that the campaign is primarily targeting Asia.

Long Live The New King - Is Breached.co the New RaidForums Domain?

For the past five years the notorious RaidForums had been one, if not the main pillar of the cybercriminals industry, serving many purposes, but the main activity of this forum was exclusively leaked databases. Towards the end of February, RaidForums was seized by the authorities and officially closed on April 12 by the FBI and its main owner was arrested.

The Cybersecurity Risks & Implications of .ZIP Domains

Google’s recent introduction of ZIP top-level domain (TLD) addresses, although well intentioned has ignited a heated debate surrounding the potential cybersecurity risks associated with these domains. On the one hand, the move could make it easier for users to share and download files. For example, a website with the domain name “myfiles.zip” would be easier to remember than a long, complex string of numbers and letters.

Venom Control-RAT With a Sting

As the cybercrime industry continues to provide us with new Malware as a Service (MaaS) products, we have become used to seeing the operators advertising and developing the panels underground. Over the past year, an allegedly legitimate software company named Venom Control Software emerged, offering a Remote-Access-Tool (RAT) for “hackers and pen-testers”.

MOVEit Supply Chain Attack Campaign Update

In the past two weeks, three new vulnerabilities in the the MOVEit file transfer software have been discovered, including one over the weekend. The MOVEit file transfer software is used by around 1700 organizations worldwide. As in most cases when supply chain modules are being compromised, the impact is lethal as big companies such as the BBC and Zellis have been targeted.

Level Up Strategic, Tactical, Technical & Operational Threat Intelligence

As threat intelligence evolves, mature organizations view it as a complex, multi-layer process. The standard Threat Intelligence cycle famously includes five stages: Planning, Collection, Analysis, Production (AKA reporting), and Dissemination. But this cycle can be viewed and conducted with different approaches in mind. As we understand the difference between strategic, tactical, technical, and operational Threat Intelligence, we’ll see what that means.

How Threat Intelligence Drives Efficiency in an Economic Downturn

Once upon a time, organizations saw cybersecurity as a technical challenge that affected just technical stakeholders. Those days are over. Security has become a business problem. Aware of the danger that cyberattacks pose to business revenue and reputation, executives and boards are focusing more extensively on ensuring that their IT organizations are handling security risks, which means CISOs face more pressure than ever.

The Potential Surfacing of Cardpool's Gift Cards

Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.