Dec 11 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that thought Elon himself had been hacked when it saw the news that Alex Jones is back on Twitter (X). Let the Infowars begin 🙈🙈🙈
Today’s hottest cybersecurity news stories:
💱 Gandlaf the guilty: Bitzlato founder pleads guilty to money-laundering 💸
💻 Mac-attack! New Trojan-Proxy malware spreads via pirated software 🏴☠️
🎧 More Bluetooth shenanigans: Android, Linux, macOS, and iOS at risk 👨💻
🕵️♂️ Russian founder Anatoly Legkodymov, known as Gandalf 🧙, has pleaded guilty to operating an unlicensed money-transmitting business. Arrested almost a year ago in Miami, he now faces a potential 5-year prison term.
💸 Criminal Profits 💸
Bitzlato, once a haven for fraudsters and ransomware crews like Conti, amassed a staggering $2.5 billion in cryptocurrency between 2019 and 2023. Shockingly, over half of this sum is traced back to illegal and risky sources.
🕵️♀️ Lax Security Exposed 🕵️♀️
Bitzlato's infamous lax Know Your Customer (KYC) procedures allowed users to register with minimal information, leading to suspicions that some utilised stolen identity documents.
🌐 Darknet Partnership 🌐
The Hydra darknet marketplace, infamous for narcotics, stolen financial information, and money laundering, emerged as Bitzlato's largest counterparty. The partnership facilitated transactions worth no less than $700 million in digital assets before Hydra's dismantling in April 2022.
⚖️ Legal Consequences ⚖️
Acting Assistant Attorney General Nicole M. Argentieri warns, "Transacting in cryptocurrency does not put you beyond the reach of the law."
🚔 Criminal Turnstile 🚔
U.S. Attorney Breon Peace emphasises Legkodymov's full awareness of Bitzlato's misuse, stating, "His guilty plea confirms it was an open turnstile for criminals."
Stay tuned for further updates on this landmark case! 🌐🚀
Tired of news with a slant? Struggle to find the truth in a sea of sources? Get a daily dose of unbiased facts with 1440. Explore various topics like politics, business, and science. Be part of the 3 million informed Americans every morning.
A significant Bluetooth security flaw, identified as CVE-2023-45866, poses a serious risk to Android, Linux, macOS, and iOS devices. Discovered by security researcher Marc Newlin, the flaw allows threat actors to bypass authentication, connecting to vulnerable devices and injecting keystrokes to execute malicious code.
🔍 How it Works 🔍
Exploiting an "unauthenticated pairing mechanism," attackers trick devices into believing they are connected to a Bluetooth keyboard. This enables the injection of keystrokes, allowing the installation of apps and execution of arbitrary commands.
💻 No Specialized Hardware Needed 💻
Disturbingly, this attack doesn't require specialised hardware and can be executed from a Linux computer using a regular Bluetooth adapter.
🌐 Widespread Impact 🌐
Devices running Android (since version 4.2.2), iOS, Linux, and macOS are all susceptible. Even Apple's LockDown Mode, designed to safeguard against advanced threats, is not immune.
🛡️ Google's Warning 🛡️
Google warns that the flaw could result in remote escalation of privilege without additional execution privileges, emphasising the urgency of addressing this issue.
📆 Stay Informed 📆
Technical details of the flaw are expected to be released soon. Ensure device security by staying updated and cautious. 🔒📱
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
🔍 Unauthorised websites distributing trojanized versions of cracked software have been discovered, infecting Apple macOS users with a new Trojan-Proxy malware.
👾 Modus Operandi 👾
Attackers leverage this malware for financial gain, building proxy server networks or executing criminal acts on behalf of victims—launching attacks, purchasing illicit goods like guns and drugs, and more.
🌐 Cross-Platform Danger 🌐
Kaspersky reveals evidence of cross-platform threats, with artefacts for Windows and Android linked to pirated tools.
🔐 Deceptive Delivery 🔐
macOS variants disguise themselves as legitimate multimedia, image editing, data recovery, and productivity tools, primarily targeting users seeking pirated software.
💽 Installation Trickery 💽
Unlike authentic counterparts offered as .DMG files, rogue versions use .PKG installers. These include post-install scripts activating malicious behaviour, often inheriting administrator permissions.
🕵️♂️ Stealthy Infiltration 🕵️♂️
Trojan-Proxy conceals itself as the WindowServer process on macOS, a core system component responsible for window management and GUI rendering, making detection challenging.
🌐 Covert Communication 🌐
The malware encrypts DNS requests and responses using DNS-over-HTTPS (DoH) to connect to a command-and-control (C2) server, establishing communication for further instructions.
⚠️ Stay Protected ⚠️
Kaspersky discovered samples as early as April 28, 2023. To safeguard against such threats, users are strongly advised to avoid downloading software from untrusted sources.
🛡️ Protect Yourself, Be Informed! 🦠🔒
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!