Aug 02 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like Lizzo treats her backup dancers 😬😬😬
Little fun post I found in Instagram to start the newsletter, happy hump day 😂
Instagram post by @sounxpected
Today’s hottest cyber security stories:
🕵️ SpyNote Android trojan campaign targets European bank customers
🏴☠️ Exposed! Space Pirates’ cyber campaign hits Russia and Serbia 🗺️
🐈 ‘Meow’, the malware that unexplainably destroys everything, is BACK 💥
📰 European Customers Targeted by SpyNote Android Banking Trojan
In June and July 2023, a series of aggressive cyberattacks hit various European bank customers as they fell victim to the Android banking trojan, SpyNote.
Italian cybersecurity firm Cleafy revealed that the spyware is distributed through email phishing and smishing campaigns, leveraging a combination of remote access trojan (RAT) capabilities and vishing attacks.
🛡️ SpyNote, also known as SpyMax, operates like other Android banking trojans by gaining accessibility permissions to access sensitive data from infected devices. However, what sets it apart is its dual functionality as both spyware and a tool for bank fraud.
💻 The attack begins with a fake SMS message prompting users to download a banking app by clicking on a link.
This link redirects them to the seemingly legitimate TeamViewer QuickSupport app on the Google Play Store.
Security researcher Francesco Iubatti warns that threat actors have adopted TeamViewer to execute fraud operations through social engineering attacks. The attackers pretend to be bank operators, performing fraudulent transactions directly on the victim’s device.
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
🏴☠️ Space Pirates Expand Cyber Attacks in Russia and Serbia
The notorious threat actor, Space Pirates, has increased its cyber attacks against 16 organisations in Russia and Serbia over the past year. According to a report from Positive Technologies, the group has adopted novel tactics and added new cyber weapons to its arsenal.
🌐 The main objectives of these cybercriminals remain espionage and stealing confidential information, but they have broadened their interests and geographical scope of attacks.
Their targets include government agencies, educational institutions, private security companies, aerospace manufacturers, agricultural producers, defence, energy, and healthcare firms in Russia and Serbia.
🚀 Space Pirates first came into the spotlight in May 2022 when they attacked the aerospace sector in Russia. The group has been active since late 2019 and is also associated with another adversary known as Webworm, as tracked by Symantec.
💻 Positive Technologies’ analysis revealed that the threat actor is particularly interested in harvesting PST email archives and employs Deed RAT, a unique malware artefact attributed exclusively to this group.
To safeguard against such threats, organisations should maintain robust cybersecurity measures and stay informed about evolving attack techniques.
Stay vigilant and protect your digital assets! 🔒💡
🗞️ Extra, Extra! Read all about it 🗞️
Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💸 The MoneyFitt Morning: A daily heads-up on what’s important in investing & business. Loved by investors of all levels.
📈 Trends.vc: Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.
😈 The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft.
Let us know what you think!
🐱 ‘Meow’ Campaign Strikes Again with Mysterious Attacks
Remember the enigmatic ‘Meow’ campaign in 2017 and 2020? It’s back! This peculiar threat targets unsecured databases like MongoDB, Elasticsearch, Cassandra, CouchDB, as well as other software such as Hadoop clusters, FTPs, and Jenkins.gip
🔍 The modus operandi remains simple: the attackers locate exposed instances, delete everything, and obliterate data without any explanation, leaving victims puzzled. This time, they are back with renewed force.
💻 Recently, one research team’s honeypots, a Jupyter notebook instance, captured a fresh ‘Meow’ campaign. Although much of the mystery endures, the researchers managed to obtain some of the attacker’s scripts and investigate their infrastructure.
⚠️ In this attack, the threat actor gains access to a misconfigured Jupyter Notebook instance, likely discovered through a Shodan search. They gather information about the victim, including user IDs, processor type, architecture, and operating system details. Then, they proceed to download a malicious script from a shared file server, install the necessary Python packages, and run the script on the notebook.
So long and thanks for reading all the phish!