Cybersecurity experts at Zimperium have unearthed a fresh threat

Aug 21 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that will never overhype a cyber-threat like the mainstream mediaโ€™s overhyping Storm Hilary. #cLimAtEcriSIs ๐Ÿคช๐Ÿ˜‘๐Ÿ™ˆ

  • ๐Ÿ‘พ 1000s of malware apps avoid detection with stealthy โ€˜APKโ€™ compression ๐Ÿฅท

  • โ˜ ๏ธ WinRAR flaw allows hackers to run programs when you open RAR archives ๐Ÿ—„

  • ๐Ÿ‘ฎ Interpol busts 14 African suspected cybercriminals for stealing $40 million ๐Ÿ’ฐ

Hackers: Today I didnโ€™t even have to use my APK, I gotta say it was a good day ๐ŸŽถ๐Ÿ‘€๐Ÿ’€

๐Ÿ” Cybersecurity experts at Zimperium have unearthed a fresh threat in the digital landscape. ๐Ÿฆ ๐Ÿ“ฒ Malicious actors are now employing Android Package (APK) files utilising obscure compression methods, steering clear of malware scrutiny.

๐Ÿ“Š Zimperium's research unveils a staggering 3,300 instances of these crafty APKs in the wild. Out of these, a whopping 71 samples seamlessly infiltrate operating systems.

โŒ Notably, these apps haven't graced the Google Play Store, hinting at alternative distribution channels such as shady app repositories or manipulation via social engineering.

๏ฟฝ๏ฟฝ The twist lies in the APKs' use of an unsupported compression technique. This enigmatic approach fends off decompilation attempts, bolstering their resilience. Security guru Fernando Ortega explains that this tactic hampers numerous analysis tools.

โš™๏ธ Interestingly, this evasion manoeuvre functions like a charm on Android OS versions post 9 Pie, all the while being a no-go for older editions.

๐Ÿ”ฅ The trailblazing revelation follows a June 2023 exposรฉ by Joe Security. Zimperium's Texas-based team delved into the matter, unravelling the alarming truth.

๐Ÿ“ฑ Did you know? Android packages rely on two ZIP modes: compression-free and DEFLATE algorithm-packed. This game-changing insight showcases that APKs using unsupported compression are a no-deal for Android versions before 9.

๐Ÿšจ Additionally, Zimperium found malware creators purposefully wrecking havoc by crafting unwieldy filenames and scrambled AndroidManifest.xml files, causing analysis tools to crash.

๐ŸŒ Coinciding with Google's recent disclosure about versioning-driven malware evasion, this revelation raises the alarm on the ever-evolving landscape of digital threats. Stay vigilant, stay safe! ๐Ÿ’ช๐Ÿ›ก๏ธ

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Hackers: WinRAR I'ma give it to ya, with no trivia, we hack archives straight from Bolivia ๐ŸŽถ๐Ÿ‘€๐Ÿ’€

๐Ÿšจ WinRAR users, take heed! A crucial vulnerability in this popular Windows file archiver utility has been fixed ๐Ÿ› ๏ธ. This flaw, tagged as CVE-2023-40477, allowed hackers to execute commands on your computer through a simple archive opening.

๐Ÿ” Discovered by researcher "goodbyeselene" from Zero Day Initiative, this vulnerability grants remote attackers the power of arbitrary code execution after opening a specially crafted RAR file.

๐Ÿ” While the severity rating stands at 7.8 on the CVSS scale, as tricking a user into opening the archive is a prerequisite, practical exploitation remains plausible.ย ๐Ÿคจ Considering WinRAR's extensive user base, attackers have ample opportunities.

๐Ÿ’ก Fear not, as RARLAB has acted swiftly. WinRAR version 6.23, launched on August 2nd, 2023, addresses CVE-2023-40477. Users are strongly advised to install this security update immediately to safeguard their systems.

๐Ÿ›ก๏ธ Beyond this fix, version 6.23 also tackles a concern with wrongly initiated files in specially crafted archives, further fortifying your security.

๐Ÿ†• Additionally, Windows 11 is integrating native support for RAR, 7-Zip, and GZ files, potentially reducing reliance on third-party tools like WinRAR.

๐Ÿš€ Stay proactive in protecting your systemโ€”keep WinRAR updated, exercise caution when opening RAR files, and consider an antivirus tool for scanning archives. Your cybersecurity matters! ๐ŸŒ๐Ÿ”๐Ÿ›ก๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’ฐThe Crypto Nutshell: Crypto News & Expert Predictions all in a nutshell ๐Ÿ’ช

  • ๐Ÿ“ˆThe Breakthrough: Receive one idea, one question, and one exercise each week that could spark your next breakthrough.

  • โœˆ๏ธViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

Let us know what you think!

Africa: Hack the world, let them know itโ€™s phismas time ๐ŸŽถ๐Ÿ‘€๐Ÿ’€

๐Ÿ” A major win against cybercriminals! Interpol's international operation, 'Africa Cyber Surge II,' concluded in April 2023 with the arrest of 14 suspected cyber wrongdoers ๐Ÿš“๐Ÿ’ป.

The four-month endeavour spanned 25 African nations and dealt a blow to over 20,000 cybercrime networks responsible for scams, extortion, phishing, and BEC, causing financial losses exceeding $40 million.

๐Ÿ›‘ Alongside the arrests, authorities dismantled hundreds of malicious IP addresses hosting malware and distributing hazardous software.

๐Ÿ“Š Key findings from Interpol's investigation and partnerships for 'Africa Cyber Surge II' include:

  • 3,786 malicious command and control servers

  • 14,134 victim IPs tied to data theft

  • 1,415 phishing domains and links

  • 939 scam IPs

  • Over 400 malicious URLs, IPs, and botnets

๐Ÿค Partnering with Group-IB, Interpol acted on intelligence from Africa, aiding law enforcement's takedown actions.

๐Ÿ’ฅ Operation highlights include arrests in Cameroon, Nigeria, Mauritius, and Gambia, plus takedowns of darknet sites and malware hosts in Kenya.

๐ŸŒ This triumph follows Interpol's prior actions against cybercrime, including shutting down the '16shop' phishing platform and nabbing OPERA1ER group members.

A noteworthy sequel to the 2022 'Africa Cyber Surge,' which yielded similar successes against digital malfeasance. ๐ŸŽ‰๐Ÿ›ก๏ธ

So long and thanks for reading all the phish!

Recent articles