May 05 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that works hard to keep you in the know… Although not as hard as the two 10 year olds working until 2am at McDonald’s for no money 💀💀💀 Only in America! 🇺🇸
Today’s hottest cyber security stories:
Okay, try not to laugh. And to all you, drone drivers, out there, it serves you right for invading our sunny picnics with your motorised wasps! Just kidding, we’re just jealous we don’t have one.
Seriously, this latest cyberattack is a little different to the usual financially motivated hacks in that it appears to be motivated by sheer malice. As Alfred, Batman’s trusted butler, famously said of the Joker: “Some men just want to watch the world burn.” You read that in Michael Caine’s accent, didn’t you? At least that’s what it seemed like, at first.
Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices’ firmware that acted as a time bomb designed to brick them.
Orqa started receiving reports from customers surprised to see their FPV.One V1 goggles enter bootloader mode and become unusable.
We first started getting the reports from our pilots in Japan“, very early in the morning while we were all still asleep (or partying — it was Friday after all!). Then in the early morning hours here in Europe, we started getting reports from a race event in Turkey,” the company said.
We know what you’re thinking, are you sure the Japanese pilots weren’t just suddenly overcome by the spirit of their WWII ancestors in full Quagmire (Family Guy) fashion…
KAMIKAZE! Sorry, that’s probably not ‘PC’, is it? Oops.
”Within 5 or 6 hours into this crisis, Saturday early afternoon, we found that this mysterious issue was a result of a ransomware time-bomb, which was secretly planted a few years ago in our bootloader by a greedy former contractor, with an intention to extract exorbitant ransom from the Company,” Orqa said.
“The perpetrator was particularly perfidious, because he kept occasional business relations with us over these last few years, as he was waiting for the code-bomb to ‘detonate’, presumably so as not to raise suspicion and hoping that he will be able to extract more ransom as our business and our market share grew.”
Alright, stop droning on about it, mate! Sorry. Ah, so wouldn’t you know it, it did turn out to be ransomware, after all. No surprises there.
Here’s what Orqa posted on Facebook regarding the matter:
The fixed firmware is expected to be available until the end of the day after the new version is deemed safe for public release.
Oh boy, have we got a story for you! So, apparently, there were these three sneaky little hackers who thought they were oh so clever, leveraging fake personas on Facebook and Instagram to go after unsuspecting folks in South Asia. And get this, they created HUNDREDS of these fake accounts! Talk about dedication.
But here’s the kicker – instead of investing a bunch of time and effort into complicated malware, these guys decided to use good old-fashioned social engineering to get people to give up their personal information or click on malicious links.
I mean, it’s kind of genius when you think about it. Why bother with all that technical stuff when you can just trick people into doing your dirty work for you?
“Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet,” Guy Rosen, chief information security officer at Meta, said. “This investment in social engineering meant that these threat actors did not have to invest as much on the malware side.”
These fake personas were something else. They posed as everything from recruiters to journalists to military personnel. They even used the classic “romantic connection” angle to lure people in. Classic Chinese honeypot style. Who could resist, eh Eric Swalwell (Google it!)?
But wait, there’s more! Apparently, at least two of these hacking attempts involved low-grade malware that wasn’t all that sophisticated. I guess they were hoping to slip by those pesky app verification checks set up by Apple and Google. Nice try, guys.
One of the groups that got caught in the act was a bunch of cybercriminals based in Pakistan. They used a whole network of fake accounts and rogue apps and websites to infect military personnel in India and Pakistan with something called GravityRAT. And still, nobody smelt a rat?
Anyway, the moral of the story is watch out for those fake personas on social media, folks. You never know who might be trying to steal your personal info or infect your computer with some wonky malware.
Luckily, Meta was on hand to blow the whistle on these trouble-makers. And that’s not the only dastardly plan foiled by Meta this week.
Scroll down for more heroics from Zuckerberg and his cyborgs.
So yeah, Meta went 2 and 0 this week with the cybercriminals. The company formerly known as Facebook has been busy taking down some naughty URLs that were using OpenAI’s ChatGPT to lure people into spreading about 10 different kinds of malware. Naughty, naughty!
It turns out that some cheeky scammers have been using fake ChatGPT browser extensions to steal Facebook account info and run unauthorised ads from hijacked business accounts.
“Threat actors create malicious browser extensions available in official web stores that claim to offer ChatGPT-based tools,” Meta said.
“They would then promote these malicious extensions on social media and through sponsored search results to trick people into downloading malware.”
The social media giant said it has blocked several iterations of a multi-pronged malware campaign dubbed Ducktail over the years, adding it issued a cease and desist letter to individuals behind the operation who are located in Vietnam.
That’s all for today, folks: let’s hear it for Meta, guardians of the um Metaverse (God, wasn’t that a flop 😂)
So long and thanks for reading all the phish!
MONDAY: Thousands of Ecom carts at risk
TUESDAY: 1.43m Malicious Android Apps blocked
WEDNESDAY: Watch out Gmail users
THURSDAY: Apple & Google suit up