Cybersecurity experts at Zimperium have unearthed a fresh threat

Aug 21 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that will never overhype a cyber-threat like the mainstream media’s overhyping Storm Hilary. #cLimAtEcriSIs ????????????

  • ???? 1000s of malware apps avoid detection with stealthy ‘APK’ compression ????

  • ☠️ WinRAR flaw allows hackers to run programs when you open RAR archives ????

  • ???? Interpol busts 14 African suspected cybercriminals for stealing $40 million ????

Hackers: Today I didn’t even have to use my APK, I gotta say it was a good day ????????????

???? Cybersecurity experts at Zimperium have unearthed a fresh threat in the digital landscape. ???????? Malicious actors are now employing Android Package (APK) files utilising obscure compression methods, steering clear of malware scrutiny.

???? Zimperium's research unveils a staggering 3,300 instances of these crafty APKs in the wild. Out of these, a whopping 71 samples seamlessly infiltrate operating systems.

Notably, these apps haven't graced the Google Play Store, hinting at alternative distribution channels such as shady app repositories or manipulation via social engineering.

�� The twist lies in the APKs' use of an unsupported compression technique. This enigmatic approach fends off decompilation attempts, bolstering their resilience. Security guru Fernando Ortega explains that this tactic hampers numerous analysis tools.

⚙️ Interestingly, this evasion manoeuvre functions like a charm on Android OS versions post 9 Pie, all the while being a no-go for older editions.

???? The trailblazing revelation follows a June 2023 exposé by Joe Security. Zimperium's Texas-based team delved into the matter, unravelling the alarming truth.

???? Did you know? Android packages rely on two ZIP modes: compression-free and DEFLATE algorithm-packed. This game-changing insight showcases that APKs using unsupported compression are a no-deal for Android versions before 9.

???? Additionally, Zimperium found malware creators purposefully wrecking havoc by crafting unwieldy filenames and scrambled AndroidManifest.xml files, causing analysis tools to crash.

???? Coinciding with Google's recent disclosure about versioning-driven malware evasion, this revelation raises the alarm on the ever-evolving landscape of digital threats. Stay vigilant, stay safe! ????????️

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Hackers: WinRAR I'ma give it to ya, with no trivia, we hack archives straight from Bolivia ????????????

???? WinRAR users, take heed! A crucial vulnerability in this popular Windows file archiver utility has been fixed ????️. This flaw, tagged as CVE-2023-40477, allowed hackers to execute commands on your computer through a simple archive opening.

???? Discovered by researcher "goodbyeselene" from Zero Day Initiative, this vulnerability grants remote attackers the power of arbitrary code execution after opening a specially crafted RAR file.

???? While the severity rating stands at 7.8 on the CVSS scale, as tricking a user into opening the archive is a prerequisite, practical exploitation remains plausible. ???? Considering WinRAR's extensive user base, attackers have ample opportunities.

???? Fear not, as RARLAB has acted swiftly. WinRAR version 6.23, launched on August 2nd, 2023, addresses CVE-2023-40477. Users are strongly advised to install this security update immediately to safeguard their systems.

????️ Beyond this fix, version 6.23 also tackles a concern with wrongly initiated files in specially crafted archives, further fortifying your security.

???? Additionally, Windows 11 is integrating native support for RAR, 7-Zip, and GZ files, potentially reducing reliance on third-party tools like WinRAR.

???? Stay proactive in protecting your system—keep WinRAR updated, exercise caution when opening RAR files, and consider an antivirus tool for scanning archives. Your cybersecurity matters! ????????????️

????️ Extra, Extra! Read all about it! ????️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ????The Crypto Nutshell: Crypto News & Expert Predictions all in a nutshell ????

  • ????The Breakthrough: Receive one idea, one question, and one exercise each week that could spark your next breakthrough.

  • ✈️ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

Let us know what you think!

Africa: Hack the world, let them know it’s phismas time ????????????

???? A major win against cybercriminals! Interpol's international operation, 'Africa Cyber Surge II,' concluded in April 2023 with the arrest of 14 suspected cyber wrongdoers ????????.

The four-month endeavour spanned 25 African nations and dealt a blow to over 20,000 cybercrime networks responsible for scams, extortion, phishing, and BEC, causing financial losses exceeding $40 million.

???? Alongside the arrests, authorities dismantled hundreds of malicious IP addresses hosting malware and distributing hazardous software.

???? Key findings from Interpol's investigation and partnerships for 'Africa Cyber Surge II' include:

  • 3,786 malicious command and control servers

  • 14,134 victim IPs tied to data theft

  • 1,415 phishing domains and links

  • 939 scam IPs

  • Over 400 malicious URLs, IPs, and botnets

???? Partnering with Group-IB, Interpol acted on intelligence from Africa, aiding law enforcement's takedown actions.

???? Operation highlights include arrests in Cameroon, Nigeria, Mauritius, and Gambia, plus takedowns of darknet sites and malware hosts in Kenya.

???? This triumph follows Interpol's prior actions against cybercrime, including shutting down the '16shop' phishing platform and nabbing OPERA1ER group members.

A noteworthy sequel to the 2022 'Africa Cyber Surge,' which yielded similar successes against digital malfeasance. ????????️

So long and thanks for reading all the phish!

Recent articles