Apr 03 2024
Sponsored by
Welcome to Gone Phishing, your daily cybersecurity newsletter thatβs wishes western governments put as much effort into catching cyber criminals as they do to catching people who say mean things on the internet ππ¬π
Todayβs hottest cybersecurity news stories:
π± Android users beware! Vultur banking trojan is back π
β οΈ Bad news day for Android! Phones are being enslaved π§ββοΈ
β Google forced to delete billions of incognito browsing records ποΈ
The infamous Android banking trojan, Vultur, has reemerged with a vengeance, equipped with advanced features and sophisticated evasion techniques, posing a significant threat to unsuspecting users, as revealed by NCC Group researcher Joshua Kamp.
π Evolution of Threat
Originally uncovered in 2021, Vultur has undergone a significant transformation, leveraging Android's accessibility services APIs to execute its malicious deeds. Now, it employs encryption and masquerades as legitimate applications, enhancing its stealth and efficacy.
π Deceptive Distribution Tactics
Vultur spreads through trojanized dropper apps on the Google Play Store, cunningly disguised as authenticator and productivity tools. Additionally, telephone-oriented attack delivery (TOAD) techniques lure victims via SMS messages and phone calls, leading them to download the malware.
π§ββοΈ Infiltration and Control
Once installed, Vultur deploys multiple payloads to establish a connection with its command-and-control (C2) server, granting remote access and control over the infected device. Its arsenal includes capabilities like remote interactions, file management, and app manipulation.
π― Aiming for Total Control
The trojan's recent enhancements underscore its focus on maximising control over compromised devices. From intercepting SMS messages to blocking specific apps and bypassing lock screen security measures, Vultur aims to infiltrate every aspect of users' digital lives.
π Rising Threat Landscape
The emergence of malware-as-a-service operations like Octo highlights the growing sophistication of cyber threats targeting Android users. With campaigns spanning thousands of compromised devices, the impact of these attacks is widespread and severe.
π‘οΈ Protecting Android Users
While Google Play Protect offers some defence against known versions of Vultur, users must remain vigilant and exercise caution when downloading apps from unofficial sources. Regular security updates and robust antivirus solutions are critical to safeguarding against evolving threats.
Stay informed, stay protected. Together, we can defend against the relentless onslaught of cyber adversaries and secure our digital futures.
As the movement towards cloud-first continues, how can teams ensure their cloud security and compliance programs are optimized? On April 10, join leaders from Vanta, CrowdStrike, and AWS as they discuss ways to leverage continuous compliance and security to proactively monitor cloud infrastructure.
A troubling discovery by HUMAN's Satori Threat Intelligence team unveils a cluster of Android VPN apps on the Google Play Store, secretly transforming users' devices into residential proxies (RESIPs) for nefarious purposes.
π Unveiling Operation PROXYLIB
Codename PROXYLIB reveals the insidious intent behind 29 VPN apps, now removed by Google, equipped with a Golang library to covertly enlist devices into a proxy network, unbeknownst to users.
π‘οΈ The RESIP Menace
Residential proxies, sourced from real IP addresses provided by ISPs, offer anonymity but are a playground for threat actors. These proxies conceal malicious activities by masking the true origin of attacks, making detection and attribution challenging.
π Exploiting User Trust
Malware operators deploy deceptive tactics, tricking users into installing seemingly innocuous apps that, unbeknownst to them, hijack their devices into a botnet. The infected devices are then monetized by selling access to the proxy network.
π Ingenious Integration of Malware
The Android VPN apps seamlessly integrate with remote servers, enrolling infected devices into the proxy network and executing malicious requests. Some apps even incorporate SDKs from LumiApps, expanding the botnet's reach with unsuspecting users.
π‘οΈ LumiApps' Dubious Role
LumiApps' SDK, disguised as a benign service, enables the embedding of proxyware into legitimate apps, blurring the line between utility and exploitation. This insidious tactic fuels the expansion of the proxy network and enriches threat actors at users' expense.
π The Nexus of Criminality
Evidence suggests that threat actors behind PROXYLIB are profiting from LumiApps and Asocks by selling access to the proxy network. LumiApps incentivizes developers with cash rewards based on the traffic routed through infected devices, amplifying the botnet's scale.
π‘οΈ Protecting Against Proxyware Threats
Users must exercise caution when downloading apps, especially VPNs, from unverified sources. Regular security updates and awareness of deceptive tactics are crucial defences against proxyware and botnet infiltration.
Stay vigilant, stay informed. Together, we can disrupt the operations of cybercriminals and safeguard our digital ecosystem.
πΒ The Motley Fool: βFool me once, shame on β shame on you. Fool me β you can't get fooled again.β Good olβ George Dubya π Let us tell whoβs not fooling around though; thatβs the CrΓΌe π at Motley Fool. Youβd be a fool (alright, enough already! π) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! π Kidding aside, if you check out their website theyβve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets π€Β (LINK)
π΅Β Wander: Find your happy place. Cue Happy Gilmore flashback ποΈβ³πποΈ Mmmm Happy Placeβ¦ π So, weβve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itβs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ποΈπΒ (LINK)
πΒ Digital Ocean: If you build it they will come. Nope, weβre not talking about a baseball field for ghosts βΎπ»πΏ (Great movie, to be fair π). This is the Digital Ocean whoβve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youβll find yourself catching the buzz even if you canβt code (guilty π). But if you can and youβre looking for somewhere to test things out or launch something new or simply enhance what youβve got, weβd recommend checking out their services foβ sho π And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! πΏΒ (LINK)
In a landmark move, Google has agreed to settle a class action lawsuit alleging privacy violations related to its Chrome browser's "incognito" mode, promising sweeping changes to protect users' browsing activities.
π The Lawsuit Unveiled
Initiated in 2020, the lawsuit accused Google of misleading users by tracking their internet browsing activities despite using the "incognito" or "private" mode on web browsers like Chrome, leading to concerns about privacy breaches.
πΌ Terms of Settlement
Google's settlement agreement, awaiting approval from U.S. District Judge Yvonne Gonzalez Rogers, promises substantial relief to affected users. The company pledges to purge billions of data records reflecting users' private browsing activities, marking a significant step towards restoring trust.
π‘οΈ Enhanced Privacy Measures
As part of the settlement, Google commits to a comprehensive data remediation process, including the deletion of identifiable information and blocking third-party cookies within Chrome's Incognito Mode for five years. Additionally, Google plans to eliminate tracking cookies by default by year-end.
π Clarification and Transparency
Google has updated the wording of Incognito Mode to clarify its functionality, ensuring users understand that it doesn't alter data collection practices by websites. This transparency aims to empower users to make informed decisions about their online privacy.
π« Crackdown on Spam and Phishing
In parallel efforts to bolster security, Google has implemented measures to automatically block bulk senders in Gmail who don't adhere to email sender guidelines, reducing the risk of spam and phishing attacks.
π Ensuring Privacy and Accountability
While the settlement marks a pivotal moment in addressing privacy concerns, ongoing vigilance and accountability are paramount. Users must remain informed about privacy settings and continue advocating for transparency and data protection in digital platforms.
Stay informed, stay empowered. Together, we can champion privacy rights and foster a safer online environment for all.
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think!
So long and thanks for reading all the phish!
