BlackCat ransomware fakes govt shutdown

Mar 07 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s waiting to the hear the budget on taking the cybercriminals to task #Budget2024 ????

Today’s hottest cybersecurity news stories:

  • ???? BlackCat ransomware fakes govt shutdown and pulls a Bernie Madeff

  • ???? Zoom, Skype, and Google Meets users beware! Malware manifests ????

  • ???? Python-based Snake info stealer spreads via Facebook Messenger ????️

Crims be like: Ransomwhere the f*ck did BlackCat go?! ???????????? #ExitScam


???? BlackCat Ransomware Vanishes in Exit Scam! ????????????

In a hilarious case of the scammer becoming the scammy, the threat actors orchestrating the notorious BlackCat ransomware have executed a vanishing act, leaving behind a trail of confusion and suspicion. Reports suggest an exit scam, with the darknet website shuttered and a bogus law enforcement seizure banner unfurled. ????????????

Exit Scam Unveiled ????????????

Security researcher Fabian Wosar has sounded the alarm, revealing telltale signs of an exit scam. The abrupt closure of the darknet portal, coupled with the dubious law enforcement seizure notice, points to a coordinated effort to abscond with ill-gotten gains. ????????????

The Alleged Betrayal ????️‍♂️????????

Speculations abound regarding the motivations behind BlackCat’s disappearing act. Allegations of withheld ransom proceeds and internal strife have surfaced, with an affiliate claiming foul play and financial betrayal. The saga unfolds amidst rumours of a rebranding effort, raising questions about the group’s intentions and future endeavours. ????????????

Cyber Intrigue Unraveled ????????????

As BlackCat fades into obscurity, the cybersecurity landscape witnesses a flurry of activity. LockBit ransomware undergoes a transformation, while the emergence of RA World poses new threats to healthcare, finance, and insurance sectors worldwide. The ever-evolving cyber threat landscape demands vigilance and resilience from organisations and individuals alike. ????????????

Stay Alert, Stay Secure! ????????️????

Amidst the chaos of cyber warfare, staying informed and proactive is paramount. Vigilance against emerging threats, robust cybersecurity measures, and adherence to best practices are essential defences in the ongoing battle against cyber adversaries. Let’s remain vigilant and safeguard our digital realms from the shadows of cybercrime. ????????????


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Spoofta Doofta Doompa De Do, Careful when you are meeting on Zoom ????????????

???? Beware: Malware Lurks Behind Spoofed Video Conferencing Sites! ????????????

Since December 2023, threat actors have been cunningly exploiting fake websites mimicking popular video conferencing platforms like Google Meet, Skype, and Zoom. ????????????

Trojan Tricks Unveiled ????️‍♂️????????

Zscaler ThreatLabz researchers have unearthed a devious plot, with cybercriminals distributing Remote Access Trojans (RATs) under the guise of legitimate video conferencing software. The malware targets both Android and Windows users, posing a grave risk to unsuspecting victims. ????????️????

Sneaky Spoofs and Malicious Scripts ????????????

The malicious sites, cleverly crafted in Russian, employ typosquatting tactics to deceive users into downloading malware-laden payloads. Spoofed domains closely resemble their authentic counterparts, enhancing the illusion of legitimacy. Unsuspecting visitors are tricked into downloading RATs via APK files for Android and batch scripts for Windows, initiating a cascade of nefarious activities. ????????????

A Coordinated Cyber Offensive ????????????️

The threat landscape further intensifies with the emergence of WogRAT, a new malware targeting both Windows and Linux systems. Exploiting platforms like aNotepad, cyber adversaries deploy covert tactics to disseminate malicious code, amplifying the scope of their digital onslaught. Meanwhile, financially motivated actors like TA4903 orchestrate high-volume phishing campaigns, aiming to pilfer corporate credentials and perpetrate business email compromise (BEC) attacks. ????????????

Remain Vigilant, Stay Protected! ????️????????

Amidst the sea of cyber threats, maintaining vigilance is paramount. By exercising caution and adopting robust cybersecurity practices, individuals and organisations can thwart malicious actors’ schemes and safeguard their digital assets. Let’s stay informed, stay alert, and stay protected in the ever-evolving landscape of cyber warfare. ????️????????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Python-based Snake ???? Isn’t that just a python? ????

???? Beware: Snake in the Facebook Garden! ????????

Threat actors are leveraging Facebook messages to propagate a Python-based information stealer known as Snake, wreaking havoc by pilfering credentials and sensitive data. ????????????️

Covert Campaign Unveiled ????????️‍♂️????

The insidious scheme was first unveiled on social media in August 2023. Unsuspecting users are targeted with seemingly innocuous RAR or ZIP archives, which, when opened, trigger a nefarious infection sequence. ????????????

The Snake Uncoils ????????????️

Snake operates in stealth mode, employing two downloaders – a batch script and a cmd script – to fetch the information stealer from an actor-controlled GitLab repository. Designed with sophistication, Snake boasts multiple variants, with one variant assembled using PyInstaller. It meticulously targets data from various web browsers, including the Vietnamese-centric Cốc Cốc Browser, hinting at a regional focus. ????️????️‍♂️????

Vietnamese Connection Unveiled ????????

The threat landscape is further compounded by the discovery of Snake’s ties to Vietnam, evident in its targeting of the Vietnamese browser and Vietnamese-language references in the source code. ????????️‍♂️????

Cybersecurity Call to Arms ????️????????

As cyber threats proliferate, the need for robust cybersecurity measures is more pressing than ever. With information stealers like Snake lurking in the shadows, vigilance and proactive defence are paramount to safeguarding digital assets and thwarting malicious actors’ advances. Let’s stay informed, stay vigilant, and stay protected in the face of evolving cyber threats. ????️????????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ????️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ????

  • ???? Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ????

  • ???? Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ????

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles