Nov 20 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders if any hackers managed to ply their trade to something constructive this weekendโฆ like buying Glastonbury tickets ๐ค
Todayโs hottest cybersecurity news
๐จโ๐ป Googleโs DSA hijacked by hackers to display malicious ads ๐ฅ
๐ท๏ธ Introducing Scattered Spiderโs Gen Z cybercrime ecosystem ๐ฑ
๐ 27 malicious PyPI packages are actively targeting IT experts ๐ค
Cybersecurity firm Securonix has uncovered an ongoing threat dubbed SEO#LURKER, exposing a sneaky malware distribution tactic through manipulated search results and Google ads. ๐ฑ Users seeking the legitimate WinSCP software are falling prey to a complex attack chain.
๐ How it Works:
Malicious ads, likely using Google's Dynamic Search Ads, lead users to a compromised WordPress site, then redirect them to a phishing site. The ultimate goal is to trick users into downloading malware disguised as WinSCP from a lookalike site, winccp[.]net.
๐ป The Payload:
A ZIP file, "WinSCP_v.6.1.zip," contains a setup executable using DLL side-loading. It downloads a genuine WinSCP installer while secretly activating Python scripts in the background for malicious activities, including establishing contact with a remote server.
๐ฏ Targeted Victims:
The malware's geoblocking hints that U.S. users seeking WinSCP may be primary targets. This isn't the first time Google's Dynamic Search Ads have been exploited for malware distribution, emphasising the importance of vigilance.
๐ก๏ธ Stay Safe:
Be cautious when downloading software, verify URLs, and keep your cybersecurity tools updated. Malvertising is on the rise, so stay informed to protect yourself!
๐ Related News:
Malwarebytes recently uncovered a PyCharm-targeting campaign using a similar tactic, highlighting the growing trend of malvertising.
Stay vigilant, and report suspicious activities to protect the online community! ๐
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.
U.S. cybersecurity agencies issue a joint warning on Scattered Spider, a notorious cybercriminal group employing advanced phishing tactics for data theft and extortion. ๐
๐ Threat Overview:
Also known as Muddled Libra, Octo Tempest, and more, Scattered Spider is a leading player in the Gen Z cybercrime ecosystem, engaging in sophisticated phishing, prompt bombing, and SIM swapping attacks to breach targets.
๐ฏ Tactics:
Experts in social engineering, they impersonate IT and help desk staff through calls or SMS, gaining elevated access. Once in, they deploy tools like Fleetdeck.io and remote access trojans like AveMaria to navigate networks undetected.
๐ป Ransomware Connection:
Recently associated with BlackCat/ALPHV ransomware, Scattered Spider operates as an affiliate, monetizing access for extortion and data theft.
๐จ Alert Level:
The FBI is aware of at least a dozen members, emphasising the severity of this threat.
๐ก๏ธ Defense Strategies:
U.S. government advises implementing phishing-resistant MFA, having a robust recovery plan, maintaining offline backups, and using application controls to prevent unauthorised software execution.
๐ Stay Informed:
Scattered Spider is dynamic and adapts to defences. Stay vigilant, educate teams, and adopt recommended security measures to safeguard against evolving cyber threats! ๐
๐ย The Motley Fool: โFool me once, shame on โ shame on you. Fool me โ you can't get fooled again.โ Good olโ George Dubya ๐ Let us tell whoโs not fooling around though; thatโs the Crรผe ๐ at Motley Fool. Youโd be a fool (alright, enough already! ๐) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐ Kidding aside, if you check out their website theyโve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐คย (LINK)
๐ตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐๏ธโณ๐๐๏ธ Mmmm Happy Placeโฆ ๐ So, weโve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐๏ธ๐ย (LINK)
๐ย Digital Ocean: If you build it they will come. Nope, weโre not talking about a baseball field for ghosts โพ๐ป๐ฟ (Great movie, to be fair ๐). This is the Digital Ocean whoโve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโll find yourself catching the buzz even if you canโt code (guilty ๐). But if you can and youโre looking for somewhere to test things out or launch something new or simply enhance what youโve got, weโd recommend checking out their services foโ sho ๐ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ฟย (LINK)
An unidentified threat actor has been distributing malware via typosquat packages on the Python Package Index (PyPI) for six months, aiming to compromise user systems. ๐ฑ
๐ฆ The Setup:
27 malicious packages posing as popular Python libraries, including pyefflorer and pywool, were downloaded thousands of times, mainly in the U.S., China, France, and more.
๐ Stealthy Tactics:
The attack used steganography, hiding malicious payloads within innocent-looking image files, increasing its stealthiness. The malware, once on a host, gained persistence by deploying Visual Basic Script (VBScript) via setup.py references.
๐ป The Payload:
The malware can extract information from web browsers and cryptocurrency wallets. Some packages, like Pystob and Pywool, disguised as API management tools, exfiltrated data to a Discord webhook and sought persistence in the Windows startup folder.
๐ Broader Landscape:
This incident follows GitGuardian's revelation of leaked secrets in open-source projects, posing risks for developers and users. The U.S. government urges supply chain risk assessments and improved software development processes.
๐ก๏ธ Stay Secure:
Developers, be vigilant about package authenticity, implement security measures, and follow the latest government guidance to protect your systems and users. ๐ค
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!