Could the new Google authenticator end account lockouts.

Apr 26 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that just won’t go away. Like Amber Heard ???? #Aquaman2

Today’s hottest cyber security stories:

  • Google’s password backup feature may hold key to ending account ‘lockouts’
  • Iranian hackers target Israel with powerful PowerLess attack
  • Click-jacking: don’t get caught with your pants down!


Nope, not that ‘TOTP’; we’re talking about Time-based One-time Passwords. This is great news if you’re anything like us and constantly find yourself forgetting passwords and requesting a OTP only to find that it’s been sent to an old mobile number so then you try the other option of getting it sent to an alternate email account but then you can’t remember that password and before you know it you’re wondering where your life went.

But no more! Thanks to Google’s Authenticator update you can keep track of all your passwords without compromising on security (Google claims!). So what’s included in this update to the 12-year-old app?

Well, Google’s Christiaan Brand promises improvements in ‘both convenience and security’.

He said: “This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security.”

Indeed, the two-factor authenticator (2FA) app was probably overdue for a makeover. But boy, was it worth the wait? With a brand spankin’ new icon, this app is now on par with Apple’s iCloud Keychain.

No more re-re-reeeeeeeeeinstallations ????

But wait, there’s more! Google has also addressed a major gripe that users have had for ages – no longer will you have to deal with the headache of switching between phones and having to re-install your 2FA app. Hallelujah!

And you know what’s even worse? If you lost access to your device before this update, you were essentially up sh*t’s creek without a paddle. But fear not, my friends, because Google has heard your cries and made sure that you can still sign in to your services even if you lose your device.

And if that wasn’t enough, Google is even giving you the option to use the Authenticator app without linking it to a Google account. This is a big one, in our opinion because frankly sometimes it’s a relief to not feel like big brother is watching our every move. Can I get an amen?

So, (white)hats off to Google for stepping up its game and making our lives a little bit easier. Wow, a positive news story in Gone Phishing. Don;t worry, we’ll soon put a stop to that. Scroll for more ????

You can download from here (remember check the link ????????????)


State-backed Iranian hackers have been caught red-handed targeting Israel with a new wave of phishing attacks, using an updated version of a sneaky Windows backdoor called PowerLess.

But don’t worry, the good folks over at cybersecurity firm Check Point are on the case! They’re tracking this activity cluster under the moniker Educated Manticore, which apparently has some strong overlaps with a bunch of other notorious hacking crews.

These include:

  • APT35 (I guess they’re not too creative with their names),
  • Charming Kitten (aww, how cute)
  • Cobalt Illusion (sounds like a superhero group), ITG18 (yawn)
  • Mint Sandstorm (the hackers formerly known as Phosphorus)
  • TA453 (sounds like The Terminator’s nemesis)
  • Yellow Garuda (no idea what that is, but it sounds kinda cool)

This APT35 crew has been around since at least 2011 and they’ve got a whole bag of tricks up their sleeve. They use fake social media personas, spear-phishing techniques, and all sorts of fancy vulnerabilities to worm their way into their targets’ systems. And once they’re in, they drop all sorts of nastiness, including ransomware.

It’s pretty clear that these guys are always upping their game. They’re constantly refining and retooling their malware arsenal to expand their functionality and evade detection. I mean, you’ve got to give it to them, they’re like the Batman of cybercriminals.

But fortunately, Check Point and other cybersecurity teams are always ready to swoop in and save the day. They’re the Batman of stopping cybercrime. So, just Batman, then? Umm, yeah I guess.


We almost don’t want to touch this one and just let the facts speak for themselves. So, click-jacking doesn’t always occur on adult websites but when it does, it’s f*cking priceless. Well, if like us (and the entire cybersecurity community it would seem!), you can’t resist a pun.

Hang on, wtf is ‘Click-jacking’?

Clickjacking is a form of ad fraud which is also referred to as click fraud or click spam. It is a practice performed by certain dubious advertising networks, where they sometimes use automated programs to interact with advertisements online.

But it can also be done by tricking legitimate users into clicking ads, visiting pages, and (in some cases) creating fake form submissions. Uh-oh!

So basically, the jack-off hacking gangs are coming after the horny masses, of which there’s no shortage judging by the popularity of Porn Hub and the like. They use pop up ads that look legit but in reality are instances of what’s known as malvertising (love it). Dead Hang Gang, what out! Inbetweeners, anyone?

So, yeah: think before you click ladies and gents (who are we kidding: gents lol) because if you’re not careful you could end spunking all your money. Sorry.

Talk about a money shot, eh? Alright, enough’s enough. Enjoyed that a bit too much ????

Check out Malware Bytes Blog for some more detail around the exact pages to watch out for – Malware Bytes Blog Post

So long and thanks for reading all the phish!

Recent articles