Internal Threats












        If you have any of these 24 Android apps installed, delete them now! Security researchers are sounding the
        alarm over 24 Android apps laced with a stealthy trojan that signs you up for a costly subscription without your
        permission. If you’ve downloaded any of the 24 apps, delete them now and check your bank statements for
        any suspicious activity! Hiding within the advertisement frameworks and not exposing too much of its
        malicious code out in the open, the Joker is a stealthy piece of malware that made its way onto Google Play as
        early as June. The malware leeches money out of its victims by signing them up for premium subscription
        services through automated clicks behind ad banners, security researcher Aleksejs Kuprins warns. The Joker
        even copies the authorization code sent to the user via SMS and steals the user’s entire address book.
                Source:  https://hotforsecurity.bitdefender.com/blog/if-you-have-any-of-these-24-android-apps-
                installed-delete-them-now-21514.html



        Toyota Parts Supplier Loses $37 Million in Email Scam. Toyota Boshoku, a seating and interiors supplier for
        Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account
        controlled by scammers. In a statement published on its global website, Toyota Boshoku Corporation said that
        its European subsidiary was duped into transferring approximately four billion yen (over US $37 million) out of
        the business and into a bank account controlled by criminals on 14 August. The company says it became aware
        of the fraud shortly after it occurred and put together a team to try and recover the lost funds. “Recognising
        the high possibility of criminal activity, we promptly established a team comprising legal professionals, then
        reported the loss to local investigating authorities,” the news release explained. “While cooperating in all
        aspects of the investigation, we are devoting our utmost efforts to procedures for securing/recovering the
        leaked funds.” If Toyota Boshoku does not manage to recover any of the stolen funds, the company warns it
        may have to amend its March 2020 earnings forecast.

                Source:  https://www.tripwire.com/state-of-security/featured/toyota-parts-supplier-loses-37-million-
                email-scam



        Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions.
        We recently caught a malvertising attack distributing the malware Glupteba. This is an older malware that was
        previously connected to a campaign named Operation Windigo and distributed through exploit kits to
        Windows users. In 2018, a security company reported that the Glupteba botnet may have been independent
        from Operation Windigo and had moved to a pay-per-install adware service to distribute it in the wild. The
        activities of the actors behind Glupteba have been varied: they were suspected of providing proxy services in
        the underground and were identified as using the EternalBlue exploit to move into local networks and run
        Monero (XMR) cryptocurrency miners.

                Source: https://blog.trendmicro.com/trendlabs-security-intelligence/glupteba-campaign-hits-network-
                routers-and-updates-cc-servers-with-data-from-bitcoin-transactions








                                                    www.accumepartners.com
                                                                                                                    11