Mar 14 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s got more sticky situations than a Drake video
Today’s hottest cyber security stories:
It may sound like a stripper but it’s actually a very smart and very sneaky thing that hides in emails and steals your info. Exotic Lily is getting quite a name for itself thanks in part to its ties to ransomware. It’s been linked to Diavol and Conti, respectively. These are well known ransomware operations.
In short: bad news. Exotic Lily, aka PROJECTOR LIBRA and TA580, is an Initial Access Broker (IAB).
FYI, Initial Access Brokers (IABs) are an emerging breed of cybercriminal that sells access to compromised networks. It’s similar to outsourcing models where an organisation decides to focus on their domain expertise instead of wasting resources on things other companies can do better.
Exotic Lily is known for its expertise in obtaining login information from important targets by utilising techniques such as employee impersonation, OSINT, and the creation of convincing fraudulent documents.
It’s also gained considerable traction and success by paying close attention to the finer details of its phishing campaigns.
The attackers follow a well-established procedure that typically commences with initiating an open conversation with the victim.
These profiles exploit the implied trust factor to lure victims into accessing apparently innocuous sites that end up downloading harmful payloads.
So yeah, it sounds like a stripper and if you come into contact with it, the effect it’ll have on your wallet will be similar to if it was a stripper. Boo Exotic Lily.
Google search results seem to be becoming more treacherous by the day, thanks to pesky phishing scams. So, the latest is that Batloader has reared its ugly head again. We’ve covered this nasty strain of malware before and sadly we probably will again. This latest campaign started in February and shows no signs of letting up.
Here’s the technical stuff:
The scary thing about BatLoader is that it’s continuously improving itself with more convincing tricks such as the impersonation of popular business applications and propagation via Google ads.
Lately, several other threats have been observed using the same impersonation tactics in recent times.
Organisations are suggested to educate employees on how to protect from malware masquerading as legitimate applications.
Is nothing sacred anymore!! Stay safe out there, folks!
So long and thanks for reading all the phish!