Find out what Binance to stay clear of.

Jun 19 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s never given up, apart from Black Mirror. Worst. Season. Ever.

Today’s hottest cyber security stories:

  • Nigerian Binance turns out to be dodgy. Who’d have thunk?

  • Introducing: The Shampoo ChromeLoader extension

  • DEF CON 2023: 100k reward for hackers who can breach satellite

Image created by Midjourney AI

Chuck it in the Bargain Bin-ance

This writer personally knows a whole bunch of Nigerians. And not one of them is anything short of delightful, honestly. HOWEVER, it’s pretty hard to argue against Nigeria being the unofficial fraud capital of the entire planet.

Today’s story does nothing to refute that hypothesis. Many of you will have heard of Binance, it being one of the larger and more reputable of the cryptocurrency exchanges.

Indeed, Binance operates the world's biggest bitcoin exchange and altcoin crypto exchange in the world by volume. Unfortunately, this prestigious accolade does NOT extend to Binance Nigeria Limited, we’re sorry to say.

In fact, Binace Nigeria Limited is not in any way affiliated with the Binance, nor will it ever be. Binance CEO Changpeng Zhao, along with the Nigerian SEC (that one’s legitimate! ????), have made damn sure of that.

If it was going to happen, it was going to happen in Nigeria, wasn’t it? And part of us admires the audacity. And often you’d be surprised how long you can get away with such things. The more brazen, the better.

If you’re confident, most people won’t question you. You could pull over on the M25 motorway armed with nothing more than a hi-vis jacket and some traffic cones and bring London to a standstill for hours. Don’t try this at home, folks!

Incidentally, the real Binance has enough of its own problems without worrying about its illegitimate offshoot in Nigeria.

The U.S. SEC has filed 13 charges against Binance entities and Zhao, including operating as an unregistered exchange, broker-dealer, clearing agency and misrepresenting trading controls. Yikes!

Anyway, with an eye to starting the week off with a laugh and a giggle, here’s a collection of some of the funniest knock offs from around the globe. Binance Nigeria Limited, eat your heart out.

This hot weather’s got us reaching for the Spruntis. Ya feel me? ????

Dave, pass the Dove. I mean Dave ????

Have a break, Have a Kat Kot ????

Reply with any better ones you’ve come across…

Just stopped by to see what condition my Chrome-ditioner was in

Hopefully it’s No More Tears! Seriously, who comes up with these names? Not that we’re complaining; they make for fun newsletters.

So, this one’s a little bit sneaky and preys on the discerning viewer who would rather peruse dodgy movie sites than throw money away on Netflix (Streamberry? ????), Prime, or Disney.

Honestly, this one had some of us sweating. So, we’ve taken extra care to find out which sites have been hit dw. And my laptop’s been slow lately. Uh-oh. Anyway, back to it.

So, here’s the long and the short of it. A new campaign distributing a new version of the ChromeLoader malicious extension has been doing the rounds since March 2023.

The variant called Shampoo targets visitors via warez and pirated movie sites. Whilst the older versions of ChromeLoader have a complex infection chain that involves malicious ISO files, the new version involves the use of malicious VBScript files.

Hang on sec, so what’s warez? Dw, we got you. Warez is a common computing and broader cultural term referring to pirated software (i.e. illegally copied, often after deactivation of anti-piracy measures) that is distributed via the Internet.

Now the good news is you can’t get this thing by simply visiting dodgy sites. You have to actively download the Shampoo extension. Which we’d advise against.

Why not click the three dots in the far right and check out Extensions>Manage Extensions if you’re using Chrome and want to check you haven’t inadvertently become a victim.

Go ahead: see what condition your Chrome-ditioner’s in ????

FYI, once Shampoo is attached to a Chrome session, it starts applying conditioner. Sorry it starts sending sensitive information back to a C2 server controlled by the threat actors. Nisht gut!

Def Con 4 hacking

Want to earn $100,000 for hacking? That’s what the U.S. is offering if you can successfully hijack Moonlighter, a roughly 11-pound CubeSat, launched into low Earth orbit on board a SpaceX rocket.

At DEF CON 2023 (what a name!) in August, five teams of hackers will compete for a grand total of $100,000 in prize money to breach Moonlighter’s defences.

The reason? Well, cyberdefense for space assets is notoriously underdeveloped, if only because they haven’t historically been targets for hackers.

That changed when the Russians did just that and hacked Viasat’s KA-SAT network amid its invasion of Ukraine.

Gentlemen start your C++ engines! ????

So long and thanks for reading all the phish!

Recent articles