5G Modem Flaws Impact Hundreds of Smartphones! ๐Ÿ“ฑ๐Ÿ”’ย 

Dec 12 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s your (cybersecurity) Bible, Quran, Torah, Gita, Guru Granth Sahib, and Tripitaka all wrapped into one straight-talking daily newsletter ๐Ÿค“ย 

Todayโ€™s hottest cybersecurity news stories:ย 

  • ๐Ÿ“ฑ iOS, Android users beware of flaws dubbed โ€˜5Ghoulโ€™ ๐ŸŽƒย 

  • ๐Ÿ’ฐ Ransomware-as-a-Service (RaaS) is getting worse ๐Ÿ’ธย 

  • ๐Ÿ‘พ GuLoader malware ups its game to avoid detection ๐ŸŽญย 

Oh great, another 5G conspiracy theory ๐Ÿ™„๐Ÿ˜๐Ÿ˜‚ How 5ghouling ๐Ÿ’€ย 

๐Ÿšจ Security Alert: 5G Modem Flaws Impact Hundreds of Smartphones! ๐Ÿ“ฑ๐Ÿ”’ย 

Researchers at Singapore University of Technology and Design unveil "5Ghoul," exposing firmware flaws in 5G modems from major vendors.ย 

๐Ÿคฏ High Risks for 5G Modems ๐Ÿ˜จ๐Ÿ”“ย 

Out of 14 flaws, 10 impact MediaTek and Qualcomm 5G modems, with three classified as high-severity vulnerabilities.ย 

๐Ÿ“‰ Connection Drops and Downgrades ๐Ÿšซ๐Ÿ”—ย 

Exploiting 5Ghoul allows continuous attacks, connection freezes, and downgrades from 5G to 4G, posing serious risks.ย 

๐Ÿ“ฑ Hundreds of Smartphone Models Affected ๐Ÿ“ฒ๐ŸŒย 

714 smartphones from 24 brands, including Vivo, Xiaomi, Apple, and Samsung, are vulnerable to these security flaws.ย 

๐Ÿ›ก๏ธ Patches Released โš™๏ธโœจย 

MediaTek and Qualcomm have released patches for 12 out of 14 flaws, addressing the vulnerabilities promptly.ย 

๐Ÿ•ต๏ธโ€โ™‚๏ธ Unrevealed Vulnerabilities ๐Ÿค๐Ÿ”ย 

Details of two remaining vulnerabilities are withheld due to confidentiality, expected to be disclosed in the future.ย 

โš ๏ธ Impact on End-User Security ๐Ÿ•ฐ๏ธ๐Ÿ“ฒย 

Researchers caution that the dependency on vendors can delay patch distribution, affecting end-users' security.ย 

Stay vigilant and update your devices promptly to ensure your 5G security! ๐Ÿ”๐Ÿ“ฒ

Itโ€™s a growing problem, if you RaaS us ๐Ÿ˜ฌ๐Ÿคฃ๐Ÿคฃ

๐Ÿ”’ Defending Against Ransomware: The Rise of Ransomware-as-a-Service (RaaS) ๐ŸŒย 

Ransomware, especially Ransomware-as-a-Service (RaaS), is transforming the cybersecurity landscape, empowering even those with limited tech skills to launch devastating attacks.ย 

๐Ÿ”„ Traditional vs. Double Extortion Attacks ๐Ÿ›ก๏ธย 

While traditional ransomware encrypts files, modern attackers leverage double extortion, threatening to expose sensitive data, adding complexity and harm to victims.ย 

๐Ÿ’ผ RaaS Business Model: On-Demand Threats ๐Ÿ’ป๐Ÿ’ฐย 

RaaS provides an on-demand model for hackers, offering tools and services for a fee. This model reduces time and costs, making it easier for inexperienced attackers to launch ransomware attacks.ย 

๐ŸŒ Marketing Ransomware Tools ๐Ÿ“ˆ๐Ÿ’ปย 

RaaS fosters economies of scale, with service providers developing new strains and using a customer base to market their tools effectively.ย 

๐Ÿ“ˆ Dark Web Feedback ๐ŸŒ๐Ÿ—ฃ๏ธย 

RaaS operates like a competitive market with affiliates giving feedback on the dark web. This competition drives up the quality of services, making it challenging for victims.ย 

๐Ÿ›ก๏ธ Defending Against RaaS: Proactive Measures ๐Ÿ› ๏ธ๐Ÿค–ย 

To defend against RaaS, focus on proactive measures, including penetration testing, red teaming, and partnering with a pen testing as a service (PTaaS) provider.ย 

Remember cyber squad, donโ€™t scrimp when it comes to cybersecurity. Even today, may businesses and organisations who fall victim to ransomware attacks end up paying the ransom because itโ€™s the best of two evils ๐Ÿ˜ฌ Yikes!ย ย 

Stay safe out there โœŠย 

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Get a Loader this ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿ” Unmasking GuLoader's Latest Tricks: A Malware Evolution ๐Ÿฆ ๐Ÿ•ต๏ธโ€โ™‚๏ธย 

GuLoader, a persistent malware strain, has been unmasked by threat hunters for adopting new tricks, complicating analysis. Elastic Security Labs researcher Daniel Stepanic notes that while the core functionality remains, constant updates in obfuscation techniques make analysis resource-intensive.ย 

๐Ÿ“… Timeline of GuLoader ๐Ÿ•ฐ๏ธ๐ŸŒย 

First detected in late 2019, GuLoader, also known as CloudEyE, is an advanced shellcode-based malware downloader. It employs sophisticated anti-analysis techniques and is used to distribute various payloads, including information stealers.ย 

๐ŸŽฃ GuLoader's Preferred Spread ๐Ÿ“ง๐Ÿ”—ย 

GuLoader typically spreads through phishing campaigns, tricking victims into downloading malware via emails with ZIP archives or links containing Visual Basic Script (VBScript) files.ย 

๐Ÿ”„ GuLoader's Anti-Analysis Improvement ๐Ÿ› ๏ธ๐Ÿ•ต๏ธโ€โ™‚๏ธย 

Recent updates include an enhanced anti-analysis technique related to Vectored Exception Handling (VEH), initially disclosed in December 2022. The method involves deliberately disrupting the code execution flow to hinder analysis.ย 

๐Ÿ”„ DarkGate's Evolution ๐Ÿฆ ๐Ÿ’ปย 

DarkGate, a malware-as-a-service (MaaS) sold by "RastaFarEye," undergoes constant updates. The latest version introduces DLL side-loading and enhanced shellcodes, showcasing its adaptability and evasion methods.ย 

๐ŸŒ Modern Malware Sophistication ๐ŸŒ๐Ÿ›ก๏ธย 

Security researchers emphasise the adaptability, speed of iteration, and depth of evasion methods in modern malware threats, including GuLoader and DarkGate.ย 

๐Ÿ“ˆ Novel Propagation Methods ๐Ÿ“ง๐Ÿ”„ย 

Remote access trojans like Agent Tesla and AsyncRAT use novel email-based infection chains with steganography and uncommon file types to bypass antivirus detection.ย 

๐ŸŒ Evolving Malware Obfuscation Engine ๐Ÿฆ ๐Ÿ› ๏ธย 

The ScrubCrypt malware obfuscation engine, sold on dark web marketplaces, is observed delivering the RedLine stealer malware, showcasing the continuous evolution of cyber threats.ย 

Stay vigilant against evolving malware threats! ๐Ÿ”’๐ŸŒย 

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles