Oct 18 2024
Welcome toย Gone Phishing, your daily cybersecurity newsletter thatโs sending our love down the phishing well โค๏ธ๐ฃ๐ All the way down!! ๐ย
Patch of the Week!ย ๐ฉน
First thingโs first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs itโฆ ๐ณย
Congrats to Mozilla, the cybercriminals are no matchโฆ for your patch! ๐ฉน
Check out this freshly hatched patch ๐ฃ
๐จ Critical Firefox Flaw Under Active Attack โ Update Now!ย โ ๏ธ
Mozilla has patched a critical security vulnerability, CVE-2024-9680 (CVSS 9.8), impacting Firefox and Firefox ESR, which is being actively exploited in the wild! โ ๏ธ This use-after-free bug in the Animation timeline allows attackers to achieve remote code execution. ๐จ๐ปย
Discovered by ESETโs Damien Schaeffer, the flaw is fixed in Firefox 131.0.2ย and ESR versions 128.3.1 and 115.16.1. While details on real-world attacks are sparse, this could be used in watering hole or drive-by download campaigns. ๐๐
Even the Tor Browser has issued an emergency update to protect users from this threatย (version 13.5.7). Mozilla shipped the fix within 25 hours of disclosure! ๐ง๐ฅ Update now to stay safe from these active exploits! ๐ก๏ธ๐ฅย
Now, on to this weekโs hottest cybersecurity news stories:ย
๐ต๐ป FBI creates fake cryptocurrency to expose crypto corruption ๐จ๐ปโ๐ป
๐ N. Korean ScarCrufts spreads RokRAT via Windows zero-day ๐
๐ฃ Brazil spearโphished by resurfaced Astaroth banking malware ๐ธ
๐ฅ Crypto scammers, watch out! In a bold move, the FBI has taken down a widespread crypto fraud operation by creating a fake cryptocurrency, NexFundAI, to expose shady market manipulation. ๐ต๏ธโโ๏ธ
๐ ๏ธ How It Worked
As part of Operation Token Mirrors, the FBI launched NexFundAI, a fake crypto token marketed as a bridge between finance and artificial intelligence. However, it was secretly a sting operation designed to uncover illegal trading activities like wash trading and pump-and-dump schemes. ๐ฃ
๐ Wash Trading Explained
In this scam, companies involved in the operation made fake trades with their own tokens to artificially inflate prices. This created a false sense of value, tricking investors into buying in, only for the fraudsters to sell at a profit, leaving everyone else in the dust. ๐ฅ๐ธ
๐ Who Got Caught?
The crackdown has led to charges against 18 individuals and entities, including market makers like ZM Quant and CLS Global, who conspired to manipulate prices. So far, $25 million in cryptocurrency has been seized, and several key players arrested in the U.S., U.K., and Portugal.
๐ผ Whatโs the Damage?
Fraudulent companies exploited investors by promising big returns, but it was all smoke and mirrors. Pump-and-dump scams flooded the market with fake value, leaving unsuspecting buyers with worthless assets.
โ ๏ธ Stay Alert!
As the crypto market continues to grow, so do scams. Remember: not all that glitters is Bitcoin! Protect yourself from market manipulation by staying informed and cautious. ๐จ
๐ Earn 15%+ APY on BTC + 3X Lombard Points
๐ฅ MORE points: Babylon, Symbiotic & Corn, Etherfi Veda, and VCX
๐ฅ $300K VCX pool + 2X multiplier in week 1 – Act fast!
๐ ScarCruft Strikes Again! The North Korean threat group ScarCruft (aka TA-RedAnt) has been caught exploiting a zero-day flaw in Windows, using it to spread the dangerous RokRAT malware. ๐จ
๐ ๏ธ The Vulnerability
The bug, known as CVE-2024-38178, is a memory corruption flaw in Windows' Scripting Engine with a CVSS score of 7.5. The vulnerability allows for remote code execution when users open a malicious link in Edge's Internet Explorer mode. It was patched in August 2024, but attackers were quick to exploit it before the update.
๐ฉ Operation Code on Toast
The attack, dubbed Operation Code on Toast by South Korean cybersecurity researchers, targeted toast ads (pop-up notifications) bundled with free software in Korea. Threat actors compromised an ad server and injected malicious code into the ad content to infect users. ๐ฅ
๐ฆ RokRAT Malware in Action
Once the vulnerable toast program downloaded the infected ad, users were hit with RokRAT. This malware can spy on your files, control your processes, and steal data from apps like KakaoTalk, WeChat, and web browsers. What makes it even sneakier? It uses trusted cloud services like Dropbox and Google Cloud to communicate with its command-and-control server, blending in with regular traffic. ๐ฉ๏ธ
๐ Stay Safe!
ScarCruft has a history of exploiting Internet Explorer flaws. To protect yourself, always keep your system and software up to date, especially if you're using any legacy programs. Hackers are always evolvingโdonโt let your system become their next target! ๐ฏ
๐ฐ Supercharge BTC: 15%+ APY & 3X Lombard Points
๐ Point bonanza: 1X Babylon, 0.75X Symbiotic & Corn, 2.25X Etherfi & Veda, Upto 2X VCX
โฐ $300K VCX rewards + 2X week 1 multiplier – Limited time!
๐ Brazil Under Attack! A spear-phishing campaign targeting various industries in Brazil is spreading the notorious Astaroth banking malware (also known as Guildma) through obfuscated JavaScript to evade security defences. ๐ฆ
๐ผ Targeting Businesses and Government
The attack, dubbed Water Makara by Trend Micro, has been aimed at manufacturing companies, retail firms, and government agencies, using fake tax document emails to trick victims. Posing as official messages from Receita Federal, the emails urge recipients to download malware disguised as personal income tax files. ๐
๐ฃ How It Works
The phishing emails deliver a ZIP file containing a malicious Windows shortcut (LNK), which exploits the legitimate mshta.exe utility to run obfuscated JavaScript. This sneaky script connects to a command-and-control (C2) server, where the real damage beginsโinfecting devices with the evolving Astaroth malware. ๐
๐ฆ Astaroth Banking Trojan
Though Astaroth has been around for a while, itโs still evolving and continues to be a serious threat. Once on your system, the malware steals sensitive banking data, leading to financial losses and long-term damage to consumer trust. It also causes business disruptions, from downtime to recovery costs, making it a major headache for affected companies. ๐จ
๐ก๏ธ Top Tips
To protect yourself from this and similar attacks, make sure to:
Enforce strong password policies ๐
Use multi-factor authentication (MFA) ๐
Keep your software and security solutions updated ๐ก๏ธ
Apply the principle of least privilege (PoLP) to minimise risk ๐
๐ซ Don't let your business fall victim to Water Makara! Stay vigilant and cautious with any unsolicited emails, especially those that seem urgent or too official. ๐ผ
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตCrypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!