blunder reveals identity of cybercrime mastermind.

May 22 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s sick of cybercrime like Holly’s sick of Phillip 😂 #ThisMorning

Today’s hottest cyber security stories:

  • ‘Fatal’ security blunder reveals identity of cybercrime mastermind #irony
  • Samsung users beware! CISA warns of active exploitation.
  • Google calls time on third-party cookies courtesy of Privacy Sandbox

HIT THE ROAD, JACK

Why did the Golden Chickens cross the road? To escape the feds! In a hilarious twist of fate, a prolific cybercriminal, codename: Jack, has revealed his true identity to Canadian cybersecurity firm eSentire.

Started from the bottom, now we’re here 🎶

He’s been in the cybercrime game since he was a teenager and is one of the two criminals operating an account on the Russian-language Exploit.in forum under the name “badbullzvenom;” the other being “Chuck from Montreal.” Lol Jack and Chuck.

What a pleasant surprise it is to begin the week with a win for the good guys, eh ladies and gents? As mentioned, the now infamous Jack began his life of cybercrime as a teenager interested in building malicious programs but, through hardwork and steely-eyed dedication, progressed to a longtime hacker involved in the development of password stealers, crypters, and More_eggs. You name it!

No More_eggs?

We know what you’re thinking, what came first the Golden Chickens or More_eggs? Well, that’s a trick question because More_eggs is simply another alias for Golden Chickens. Isn’t cybercrime fun? Well, not for the victims which is why this is cause for celebration, folks 🎉

“Like ‘Chuck from Montreal,’ ‘Jack’ uses multiple aliases for the underground forums, social media, and Jabber accounts, and he too has gone to great lengths to disguise himself,” eSentire researchers Joe Stewart and Keegan Keplinger said.

“‘Jack’ has taken great pains to obfuscate the Golden Chickens malware, trying to make it undetectable by most [antivirus] companies, and strictly allowing only a small number of customers to buy access to the Golden Chickens MaaS.”

The cybersecurity firm said it also found the identities of his wife, mother, and two sisters. He and his wife are said to reside in an upscale part of Bucharest (Lah-de-dah!), with his wife’s social media accounts documenting their trips to cities like London, Paris, and Milan. The photos further show them wearing designer clothing and accessories.

So crime does pay. Well, it does until it doesn’t…

Another alias for the criminal is LUCKY. Bet he’s not feeling quite so lucky now though, mind.

WILL CYBERATTACKS SPELL SWANSONG FOR SAMSUNG?

Okay, that may be an exaggeration so don’t chuck your Galaxies in the bin just yet. It is cause for concern though with CISA (U.S. Cybersecurity and Infrastructure Security Agency) labelling the ‘active exploitation’ a medium-severity flaw. Uh-oh.

So, what’s the 411?

Well, Samsung has reported a security vulnerability, identified as CVE-2023-21492 with a CVSS score of 4.4, affecting specific Samsung devices running Android versions 11, 12, and 13.

The flaw has been described by the South Korean electronics giant as an information disclosure weakness that enables a privileged attacker to bypass address space layout randomization (ASLR) protections.

FYI, ASLR is a security measure implemented to hinder memory corruption and code execution vulnerabilities by concealing the location of an executable in a device’s memory.

In a recent advisory released by Samsung this month, it was revealed that the company was informed about the existence of an exploit for this vulnerability in the wild. The information was privately disclosed to Samsung on January 17, 2023.

Currently, there is limited information available (surprise, surprise!) regarding the specific methods employed to exploit this flaw.

However, it is worth noting that in the past, commercial spyware vendors have utilised vulnerabilities in Samsung phones to distribute malicious software.

In light of active abuse, CISA has added the shortcoming to its Known Exploited Vulnerabilities (KEV) catalogue.

Nice one, KEV!

AND THAT’S THE WAY THE COOKIES CRUMBLE

Alright, kids, playtime is over! Say hello to Google’s new Privacy Sandbox initiative! Sandbox? I thought you said playtime was over. Not that kind of sandbox!

This is Google’s long touted privacy initiative which promises to pull the plug (read: gradually phase out, at least) on third-party cookies within its massively popular Chrome browser. Sounds good to us!

We wouldn’t normally have Google down as staunch protectors of privacy either but the tech giant seems serious about limiting covert tracking which has got to be a good thing, right?

Privacy Sandbox is a two-pronged project for the web and Android that aims to limit covert tracking by eliminating the need for third-party cookie

Indeed, Anthony Chavez, vice president of Privacy Sandbox at Google, said: “This will support developers in conducting real world experiments that assess the readiness and effectiveness of their products without third-party cookies,”

Viva Chávez! Woah, not that one. #PrayForVenezuela 🇻🇪

Thanks for reading folks and a happy Monday to you all!

So long and thanks for reading all the phish!

Recent articles