

Rewterz Threat Alert – InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information
September 16, 2019
Rewterz Threat Advisory – CVE-2016-1409 – Cisco Products IPv6 Neighbor Discovery Crafted Packet Vulnerability
September 17, 2019
Rewterz Threat Alert – InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information
September 16, 2019
Rewterz Threat Advisory – CVE-2016-1409 – Cisco Products IPv6 Neighbor Discovery Crafted Packet Vulnerability
September 17, 2019Severity
Medium
Analysis Summary
The Guardian’s SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique “codenames” for sources who submitted information using the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim’s device.

When a source wishes to submit confidential information to the media outlet’s journalists, they receive a codename that can then be used for further communication. This codename is meant to be private as anyone who knows it can see the source’s past communications with journalists.

Once the attackers gain access to a source’s codename, they can then login with it on The Guardian’s real SecureDrop site and impersonate the source and steal information and communications.
Impact
Exposure of sensitive information
Affected Vendors
The Guardian
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/attachments sent by unknown senders.