European bank customers targeted with trojan

Aug 02 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like Lizzo treats her backup dancers 😬😬😬

Little fun post I found in Instagram to start the newsletter, happy hump day πŸ˜‚

 

Instagram post by @sounxpected

 

Today’s hottest cyber security stories:

  • πŸ•΅οΈ SpyNote Android trojan campaign targets European bank customers

  • πŸ΄β€β˜ οΈ Exposed! Space Pirates’ cyber campaign hits Russia and Serbia πŸ—ΊοΈ

  • 🐈 β€˜Meow’, the malware that unexplainably destroys everything, is BACK πŸ’₯

 

giphy.com

 

The SpyNote who hacked me

πŸ“° European Customers Targeted by SpyNote Android Banking Trojan

In June and July 2023, a series of aggressive cyberattacks hit various European bank customers as they fell victim to the Android banking trojan, SpyNote.

Italian cybersecurity firm Cleafy revealed that the spyware is distributed through email phishing and smishing campaigns, leveraging a combination of remote access trojan (RAT) capabilities and vishing attacks.

πŸ›‘οΈ SpyNote, also known as SpyMax, operates like other Android banking trojans by gaining accessibility permissions to access sensitive data from infected devices. However, what sets it apart is its dual functionality as both spyware and a tool for bank fraud.

πŸ’» The attack begins with a fake SMS message prompting users to download a banking app by clicking on a link.

This link redirects them to the seemingly legitimate TeamViewer QuickSupport app on the Google Play Store.

Security researcher Francesco Iubatti warns that threat actors have adopted TeamViewer to execute fraud operations through social engineering attacks. The attackers pretend to be bank operators, performing fraudulent transactions directly on the victim’s device.

πŸ›‘οΈ Top Tips:

  • To protect yourself, be cautious of unsolicited messages urging app installations, and only download apps from official app stores. Stay vigilant against phishing attempts and verify any suspicious communications with your bank directly.

  • Remember to keep your devices updated with the latest security patches and invest in reputable cybersecurity solutions to stay one step ahead of these malicious attacks. Stay safe online! πŸ˜ŠπŸ”’πŸ’»

 

Join Discord

 

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Space Pirates of the Cyberibbean

πŸ΄β€β˜ οΈ Space Pirates Expand Cyber Attacks in Russia and Serbia

The notorious threat actor, Space Pirates, has increased its cyber attacks against 16 organisations in Russia and Serbia over the past year. According to a report from Positive Technologies, the group has adopted novel tactics and added new cyber weapons to its arsenal.

🌐 The main objectives of these cybercriminals remain espionage and stealing confidential information, but they have broadened their interests and geographical scope of attacks.

Their targets include government agencies, educational institutions, private security companies, aerospace manufacturers, agricultural producers, defence, energy, and healthcare firms in Russia and Serbia.

πŸš€ Space Pirates first came into the spotlight in May 2022 when they attacked the aerospace sector in Russia. The group has been active since late 2019 and is also associated with another adversary known as Webworm, as tracked by Symantec.

πŸ’» Positive Technologies’ analysis revealed that the threat actor is particularly interested in harvesting PST email archives and employs Deed RAT, a unique malware artefact attributed exclusively to this group.

To safeguard against such threats, organisations should maintain robust cybersecurity measures and stay informed about evolving attack techniques.

Stay vigilant and protect your digital assets! πŸ”’πŸ’‘

πŸ—žοΈ Extra, Extra! Read all about itΒ πŸ—žοΈ

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ’ΈΒ The MoneyFitt Morning: A daily heads-up on what’s important in investing & business. Loved by investors of all levels.

  • πŸ“ˆΒ Trends.vc: Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.

  • 😈 The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft.

Let us know what you think!

 

giphy.com

 

Meow meow hits Jupyter 😀

🐱 ‘Meow’ Campaign Strikes Again with Mysterious Attacks

Remember the enigmatic ‘Meow’ campaign in 2017 and 2020? It’s back! This peculiar threat targets unsecured databases like MongoDB, Elasticsearch, Cassandra, CouchDB, as well as other software such as Hadoop clusters, FTPs, and Jenkins.gip

πŸ” The modus operandi remains simple: the attackers locate exposed instances, delete everything, and obliterate data without any explanation, leaving victims puzzled. This time, they are back with renewed force.

πŸ’» Recently, one research team’s honeypots, a Jupyter notebook instance, captured a fresh ‘Meow’ campaign. Although much of the mystery endures, the researchers managed to obtain some of the attacker’s scripts and investigate their infrastructure.

⚠️ In this attack, the threat actor gains access to a misconfigured Jupyter Notebook instance, likely discovered through a Shodan search. They gather information about the victim, including user IDs, processor type, architecture, and operating system details. Then, they proceed to download a malicious script from a shared file server, install the necessary Python packages, and run the script on the notebook.

πŸ›‘οΈ Top Tips:

  • To safeguard your data from the ‘Meow’ campaign and similar threats, ensure your databases and software are properly secured. Regularly update your security measures and stay informed about emerging attack tactics. Stay vigilant! πŸ”’πŸ’‘

    That’s all for today, folks!

So long and thanks for reading all the phish!

Recent articles