Buckle's Credit Card Breach and Ztorg Trojan Hits Google Play

This week, the Alert Logic team highlights Credit Card Breach at Buckle Stores and Google Play Hit by Ztorg Trojan. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Breach

Credit Card Breach at Buckle Stores

The Buckle Inc., a clothier that operates more than 450 stores in 44 states in North America, disclosed Friday that its retail locations were hit by malicious software designed to steal customer credit card data. In a notice to customers published on The Buckle website Friday, the company writes, "A criminal entity accessed some guest credit card information following purchases at some of our retail stores."

The Buckle’s statement says the breach went undetected from Oct. 28, 2016 to April 14. The company recommends customers look through their account statements and credit reports closely and report any fraudulent activity to their bank or credit card company.

References: POS Data Breach Hits Buckle Inc. Stores | Hackers Stole Credit Card Data from Buckle Stores' Cash Registers | Buckle Inc. Confirmed Credit Card Breach at its Stores

Mitigation Strategies:

  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Log management could detect any suspicious user account activity.

Malware

Google Play Hit by Ztorg Trojan

For the second time this month, Google has removed Android apps from its Google Play marketplace. Google did so after a security researcher found the apps contained code that laid the groundwork for attackers to take administrative "root" control of infected devices.

Ztorg malware bypassed Google's malware checks almost 100 times since September last year, and the malware family is best known for gaining 'root' privileges of infected devices to completely control them. Ztorg apps like Privacy Lock and a false Pokemon Go guide raked in huge download numbers before they were recognized as malicious and deleted from Google Play.

References: The Ztorg Trojan Malware | Attackers try to sneak a Ztorg Trojan onto Google Play | More Android Apps from Dangerous Ztorg Family Sneak into Google Play 

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition.
  • Intrusion detection system (IDS) signatures would detect intrusion and network anomalies.
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection.
  • Web filtration to prevent users from clicking on malicious websites.
  • Solid patch management program to quickly mitigate the risk of a vulnerability.

This Week's Suspicious IP Addresses

213.32.7.73 212.83.151.223
103.207.37.34 103.207.37.36
211.193.130.235 195.154.183.111

*IP addresses provided by Recorded Future.