Healthcare industry might be looking for alternative medicine to this latest issue

Feb 10 2023

Gone Phishing Banner

Welcome to Gone Phishing your daily newsletter that’s more shareable than an Andrew Tate TikTok video!

Today’s hottest cyber security stories:

  • Trust Wallet’s Mysterious Million $ Hack
  • Healthcare industry might be looking for alternative medicine to this latest issue
  • Insurance is big business for Cyber Attackers $1.4 Billion to be precise


Most of us have had one too many shandies on a night out (often abroad, it must be said!) and collapsed into our budget hotel bed only to awaken, bleary-eyed, to discover our wallet is nowhere to be found.

The extent of the damage is usually between ten and 100 Euros, pesos or dollars, depending on the hosting nation and how much fun we had the night before, along with the inconvenience of cancelling cards and a vague feeling of violation.

Now, reimagine this scenario, except the wallet you were carrying was a virtual wallet billed as (get this) “the most trusted & secure crypto wallet” (source: Trust Wallet’s website) and the amount stolen was… Three. Point three. MILLION pounds! ($4 MILLION dollars) Well, that’s exactly what happened to hacking victim, Ahad Shams this week.

He was reportedly preyed on by a Rome-based organized crime syndicate who, he believes, perpetrated the theft by taking a picture of his wallet’s balance.

Trust’s response

Trust Wallet said the criminals had always insisted on physical meetings and posed as web3 project investors.

In Shams’ case, the crypto wallet firm said it was highly likely that the scammers had made him download malware in the guise of an NDA PDF file and KYC information sent to him; though, this is unconfirmed at time of writing.

This would have allowed the hackers to steal the funds after getting the proof of funds, the Trust Wallet team claims (pleads?).

General consensus?

Not everyone agrees with the Trust Wallet response. One user noted that the victim claimed he did not open the pdf on the phone. Others point to the incident as another reason to use cold wallets.

So yeah, make sure you keep your crypto wallet on ice!


‘Gootkit’, or ‘Gootloader’, has been targeting healthcare and finance organizations in the US, UK, and Australia, according to new findings from Cybereason.

As previously covered by Gone Phishing, Gootkit is an attack chain that relies on luring victims searching for agreements and contracts on DuckDuckGo and Google to the booby-trapped web page, ultimately leading to the deployment of Gootloader.

And just when covid season was coming to an end…

What’s the damage?

“The threat actor displayed fast-moving behaviors, quickly heading to control the network it infected, and getting elevated privileges in less than four hours,” according to an analysis published by Cybereason on Feb 8, 2023.

The takeaway?

Once again, please remember to be especially careful when clicking on Google Ads and other searched business contracts and agreements and read the URL unless you want to wind up on one of Gootkit’s ‘booby trapped’ sites.

Remember: URL (Ulways Read the Link) ????????????


Insurance companies are still suffering the fallout (wait for it…) from 2017’s billion dollar “cyber nuclear (lol) attack” (insurers words, not ours) on pharmaceutical giant Merck & Co. The US blamed the attack, dubbed ‘NotPetya’, on Russia.

Basically, a particularly nasty bit of ‘ransomware’ malware infected Merck’s computer systems and extorted the company for a mindboggling $1.4b dollars (£1.15 billion).

FACT: Ransomware attacks lock users out of their files and demand cash in return for re-access

Merck successfully made an insurance claim to recoup the losses which no-doubt had the insurance firm’s financial directors popping Xanax pills like Smarties!

Why is this news?

Alright, we’re getting to that!

Now, roughly six years later, lawyers representing the aforementioned insurance companies are still battling away in court with hopes of taking advantage of something known as a ‘war exclusion’.

War exclusion is a fairly common clause that features in many policies and basically means insurers don’t have to pay out if the loss traces back to warlike hostilities.

This is to stop things like, for example, home insurance claims snowballing in the event that a country or area is subject to widescale military attacks and catapulting insurance firms into financial oblivion.

Luckily, clauses such as these exist… to protect the real, unsung victims of war: the poor, impoverished insurance companies. ????????‍♂️????????‍♂️.

Why should you care?

In short, because this landmark case could set a precedent on who must shoulder the financial liability in the event of costly cyber-attacks: the affected business, or its insurance company. It will be interesting to see how this plays out and whether the insurance companies will manage to eschew responsibility.

We know what you’re thinking: In the fight between a multinational pharmaceutical giant, and a team of insurance company-representing lawyers… Can’t they both lose?

Joking aside, this is definitely one to watch, especially if you’re a business owner concerned about the financial implications of suffering a dreaded cyberattack.

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he’s your Dawg, he got you.

footer graphic cyber security newsletter

Recent articles