Don’t be lured by this temptation.

Jun 14 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s here to give you the boost you need on hump day ???? 

Today’s hottest cyber security stories:

  • DoubleFinger crypto stealer fingered by Kaspersky 

  • 2 Russians finally charged for 2014 Mt. Gox crypto heist 

  • Anga Com Conference spoofed by sophisticated phishermen 

Kaspersky sticks two fingers up at DoubleFinger ✌️ 

A mischievous multi-stage loader called DoubleFinger has taken centre stage, unleashing its partner-in-crime, the cryptocurrency-stealing troublemaker known as GreetingGhoul.  

This dynamic duo has set its sights on unsuspecting victims across Europe, the U.S., and Latin America, orchestrating a truly advanced attack. 

According to the findings of Kaspersky researcher Sergey Lozhkin, the DoubleFinger saga begins when the victim, lured by temptation, opens a malicious PIF attachment found in an email.  

As this ill-fated action unfolds, the first act of DoubleFinger's grand performance commences. 

The attack commences with a cleverly modified version of espexe.exe, which comically stands for the "Microsoft Windows Economical Service Provider" application.  

In a stroke of genius, this sneaky software executes shellcode that meticulously retrieves a PNG image file from the renowned image hosting service, Imgur. Who knew DoubleFinger had a penchant for art? 

But wait, there's more! Concealed within this seemingly innocent image lies an encrypted payload, employing steganographic sorcery to hide its true intentions.  

With the stealth of a secret agent, this payload triggers a four-stage compromise chain, each step building on the next, all with a singular purpose: to unleash the notorious GreetingGhoul stealer upon the unsuspecting host. 

Ghoul figure! 

In this tale of cyber, DoubleFinger and GreetingGhoul showcase their ingenuity, employing clever tricks and misdirection to carry out their malicious deeds.  

One can't help but marvel at the audacity and absurdity of their escapades, leaving us both amused and concerned about the ever-evolving landscape of cyber threats. 

What’s the Russian? ⌚ 

The U.S. Department of Justice (DoJ) is cracking down on some cyber bandits with a flair for the dramatic.  

Two Russian nationals have FINALLY been charged as the brains behind the infamous 2014 heist of the ill-fated cryptocurrency exchange, Mt. Gox. 

Meet Alexey Bilyuchenko, the 43-year-old rogue, and his partner-in-crime Aleksandr Verner, the sprightly 29-year-old.  

These two have been accused of cooking up a plan to launder a mind-boggling 647,000 bitcoins.  

Well, they gained unauthorised access to a server hosting crypto wallets used by Mt. Gox customers from September 2011 to at least May 2014. Sneaky, sneaky! 

Assistant Attorney General Kenneth A. Polite, Jr. couldn't help but add some drama to the situation.  

He boldly declared, "Starting in 2011, Bilyuchenko and Verner stole a massive amount of cryptocurrency from Mt. Gox, ultimately leading to the exchange's downfall."  

Can’t wait for the Netflix documentary about this one! 

But wait, there's more to this tale! Bilyuchenko, not content with his newfound riches, allegedly went on to venture into the virtual currency underworld.  

Rumour has it that he played a part in setting up the notorious BTC-e virtual currency exchange, a virtual hideout where cyber criminals worldwide would flock to launder their funds. 

If that wasn't enough, our dynamic duo is also accused of performing some grand money transfers, whisking away a whopping 300,000 of the stolen digital assets using a New York Bitcoin brokerage firm. 

This cybercrime caper has it all—cryptocurrency theft, unauthorised access, money laundering, and even a touch of international banking. It's a wild ride through the underbelly of the digital world, reminding us all that truth can indeed be stranger than fiction. 

Don’t look back in Anga ???? 

Picture this: the grand stage is set in Germany, where the Anga Com Conference reigns supreme as Europe's premier hub for all things Broadband, Television, and Online.  

It's a bustling business platform where industry professionals gather to exchange ideas and forge connections. But, alas, even in this realm of digital innovation, mischievous crooks have emerged to tarnish the conference's reputation. 

In a cyber spectacle that would make even the sneakiest of magicians blush, these hackers have concocted a cunning phishing scam.  

They are capitalising on the esteemed status of Anga Com to orchestrate their malicious scheme of stealing precious personal data. It's a classic case of wolves donning sheep's clothing. 

Enter Avanan, the valiant security researchers, and subsidiary of Check Point Software, who have cracked the code and exposed the inner workings of this elaborate attack. Armed with their knowledge, we can now delve into the dark arts employed by these cyber villains. 

Imagine receiving an innocent-looking email, only to discover it's a devious trap, carefully crafted to trick unsuspecting victims into revealing their login credentials.  

These clever hackers have gone the extra mile, creating deceptive web pages that mirror the authentic Anga Com interface.  

With a click of a button, users are unwittingly walking straight into their digital snare. 

Oh, the audacity of it all! Anga Com, renowned for its wide attendance and global allure, draws in over 22,000 participants from a staggering 470 companies.  

Little did these unsuspecting attendees know that among the sea of legitimate connections and fruitful business endeavours, nefarious actors lurked, eager to exploit their trust and gather valuable information. 

Avanava drink on us! ???? 

But fear not, for Avanan has sounded the alarm and brought this treachery to light. With their expertise, they serve as a shining beacon in the fight against cybercrime, revealing the intricate techniques employed by these cunning hackers. 

So, as the curtain falls on this cyber drama, let us remain vigilant and cautious. 

And as always, stay safe, true believers!  

So long and thanks for reading all the phish!

Recent articles