‘Fubar’ Faces 18 Years for Darkode Reign! ๐Ÿ˜ˆ

Nov 21 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that longs for the day when the cybersecurity award ceremonies are afforded the same glitz, glamour, and prestige as the 2023 Billboard Music Awards. May it come #Swift ๐Ÿ˜‚ย ย 

Todayโ€™s hottest cybersecurity news stories:ย ย 

  • ๐Ÿ‘จโ€๐Ÿ’ป Darkode hacking forum mastermind โ€˜Fubarโ€™ jailed for 18 ๐Ÿ‘จโ€โš–๏ธย 

  • โ›ฉ๏ธ DarkGate, PikaBot malware borrow from QakBot playbook โ™Ÿ๏ธย 

  • ๐Ÿ€ RAT infestation worsens w/ NetSupport targeting govt, biz. ๐ŸŽฏย 

Fubarโ€™s behind bars ๐Ÿ‘ฎโ›“๏ธ๐Ÿ’€

 

giphy.com

 

๐Ÿšจ’Fubar’ Faces 18 Years for Darkode Reign! ๐Ÿ˜ˆย ย 

๐Ÿ‘ค Dive into the saga of Thomas Kennedy McCormick, aka ‘Fubar,’ a 30-year-old from Cambridge, Massachusetts, now sentenced to 18 years in the slammer for orchestrating the notorious cybercrime forum, Darkode. ๐ŸŒย 

๐Ÿ‘€ The Hackerโ€™s Kodeย 

๐Ÿ‘ฎโ€โ™‚๏ธ McCormick, an integral Darkode member since 2009 and one of its final administrators, recently faced the gavel on RICO conspiracy (12 months) and aggravated identity theft (6 months) charges.ย ย 

His cyber misdeeds included malware distribution, website hacking, and the illicit trade of personal info, payment cards, and bank credentials. ๐Ÿ˜ฑย 

๐Ÿ•ต๏ธโ€โ™‚๏ธ Darkode’s demise in 2015 saw the arrest of 70 cybercriminals. Fubar’s abode raid uncovered credit card info from nearly 30,000 individuals, revealing the scale of his illicit operations! ๐Ÿ˜ฎย 

๐Ÿ€ Breaking the Kodeย 

๐Ÿค Playing a surprising turn in 2022, McCormick struck a deal with law enforcement, pledging to aid in the prosecution of other Darkode cohorts. His confession acknowledged causing financial losses of almost $680,000. ๐Ÿ˜žย 

๐Ÿ’ป Despite some futile attempts to resurrect Darkode, the digital dungeon remains M.I.A., thanks to successful law enforcement operations. ๐ŸŒ๐Ÿ”’ Justice prevails, making the online realm a tad safer!ย 

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

So, Qakbot or Pikabot? Go ahead! Pik-a-bot! ๐Ÿ˜

 

giphy.com

 

๐Ÿšจ Phishing Attacks Resurrecting QakBot Tactics! ๐Ÿ”ย 

๐Ÿ“‰ Phishing campaigns deploying DarkGate and PikaBot are mirroring tactics reminiscent of the now-defunct QakBot trojan, warns a report from Cofense. ๐Ÿฆ ย 

๐Ÿ”„ The attacks employ hijacked email threads for initial infection, unique URL patterns restricting user access, and an infection chain strikingly similar to QakBot’s modus operandi. QakBot, shut down in Operation Duck Hunt this August, still influences current threats. ๐Ÿšซย 

๐Ÿ’ป Both DarkGate and PikaBot serve as conduits for additional payloads, making them favoured choices for cybercriminals. Zscaler’s May 2023 analysis highlighted PikaBot’s parallels with QakBot in distribution methods and behaviours. ๐ŸŽญย 

๐Ÿšจ DarkGate stands outย ย 

This is thanks to its advanced evasion techniques against antivirus systems, keystroke logging, PowerShell execution, and bidirectional remote control capabilities.ย ย 

Cofense’s analysis reveals a high-volume phishing campaign targeting various sectors, employing booby-trapped URLs in hijacked email threads.ย ย 

The ZIP archives contain JavaScript droppers, with Excel add-ins observed in some variants, delivering DarkGate or PikaBot malware. ๐ŸŒย 

๐Ÿ›‘ Beware!ย ย 

A successful infection could unleash crypto miners, reconnaissance tools, ransomware, or other malicious files at the whim of threat actors. Stay vigilant, secure those inboxes! ๐Ÿ›ก๏ธย 

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

This needs its own NetSupport group ๐Ÿ’€

 

giphy.com

 

๐Ÿšจ NetSupport RAT Strikes Education and Government Sectors! ๐ŸŒย 

Beware! Threat actors are deploying the NetSupport RAT in targeted attacks on the education, government, and business services sectors, according to VMware Carbon Black researchers. The trojan utilises various deceptive tactics, including fraudulent updates, drive-by downloads, malware loaders like GHOSTPULSE, and diverse phishing campaigns.ย 

๐Ÿ” Recent Surge in Infectionsย 

In the last few weeks, researchers detected no less than 15 new infections related to NetSupport RAT. The surge highlights the severity and frequency of these targeted attacks.ย 

๐Ÿ•ต๏ธโ€โ™‚๏ธ From Legit Tool to Cyber Threatย 

Originally designed as a legitimate remote administration tool, NetSupport Manager has been misappropriated by malicious actors. It now serves as a beachhead for subsequent attacks on unsuspecting victims.ย 

๐ŸŒ Deceptive Delivery Methodsย 

Victims unknowingly download the RAT through deceptive means such as fake browser updates and compromised websites. In a previous campaign, compromised WordPress sites were used to distribute NetSupport RAT via fraudulent Cloudflare DDoS protection pages.ย 

๐Ÿšซ Advanced Malware Tacticsย 

The use of bogus web browser updates aligns with tactics associated with SocGholish and BLISTER. These tactics involve JavaScript-based downloader malware and remote server connections, culminating in the installation of NetSupport RAT.ย 

๐Ÿ’ป Capabilities and Impactย 

Once infiltrated, NetSupport RAT empowers threat actors to monitor behaviour, transfer files, manipulate computer settings, and propagate within networks. The stakes are high, making it crucial to stay vigilant and fortify systems against these evolving cyber threats.ย 

Stay informed, stay protected! ๐Ÿ›ก๏ธย 

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles