Invasion of the b̶o̶d̶y̶ ̶s̶n̶a̶t̶c̶h̶e̶r̶s info stealers 😱

Aug 17 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s praying none of the 20-odd thousand students getting their A level result in Computer Science today don’t get seduced by the darkside of the cyber-force 💀💀💀 #alevels2023

Today’s hottest cybersecurity news stories:

  • 🖥️ 120k+ computers hijacked by info stealers linked to cybercrime networks 🌐

  • 📱 QR code phishing attack! Major U.S. energy org targeted 🔌

  • 🦝 Raccoon Stealer’s back with a brand new (stealthy!) invention 🥷

Invasion of the b̶o̶d̶y̶ ̶s̶n̶a̶t̶c̶h̶e̶r̶s info stealers 😱

🔐 120,000 Infected Computers Exposed in Cybercrime Web 🔐

Startling revelations have emerged, as cybersecurity experts at Hudson Rock uncovered over 120,000 compromised computers tied to cybercrime forums 🕵️‍♂️. The research spanned from 2018 to 2023, revealing a web of infection.

🦠 The Intrusion Story

Hudson Rock’s analysis shows that opportunistic hackers infect systems through phoney software and manipulated YouTube tutorials. Shockingly, some of the infected systems belong to hackers who accidentally fell victim themselves. These stolen credentials provide insight into their real-world identities, including addresses, IPs, and phone numbers.

💰 Fueling the Malware Ecosystem

Information stealers, also driving the malware-as-a-service landscape, act as lucrative attack vectors for various malicious activities, from espionage to ransomware 🌐.

🔍 Forum Insights

The investigation spotlights cybercrime forums: Nulled.to topped the list with 57,000 affected users, followed by Cracked.io (19,062) and Hackforums.net (13,366). Password strength varies, but cybercrime forums surprisingly show stronger credentials than even some governmental sites.

🌍 Global Impacts

Countries like Tunisia, Malaysia, Belgium, the Netherlands, and Israel have the highest infection rates. Recognized culprits include RedLine, Raccoon, and AZORult malware strains.

👮‍♂️ Implications for Law Enforcement

While these infections spell trouble for organisations, they also offer insights for law enforcement in tracking cybercriminals. The data takes on even more importance considering findings that certain stolen logs access corporate SaaS apps and financial services.

🚫 Recent Developments

The uncovering comes after the Discord.io breach affecting 760,000 users, highlighting the resilience of these threats. In the ever-evolving world of cybersecurity, knowledge and vigilance remain paramount! 🔒🌐🔍

 

Join Discord

 

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

To scan QR not to scan, that is the question 🤔

🎣 QR Code Phishing Targets Energy Giant 🎣

A concerning phishing campaign has emerged, with a major US energy company as the primary target 🏭. The unique twist? QR codes are being harnessed to slide malicious emails past defences and into inboxes, according to Cofense.

📊 Wide-Scale Attack

Among 1,000 emails tied to the campaign, 29% were directed at the energy sector, with manufacturing (15%), insurance (9%), tech (7%), and finance (6%) also in the crosshairs.

🔑 Tactics Unveiled

The scam initiates with emails urging recipients to update Microsoft 365 settings. Attached PNG or PDF files carry QR codes that recipients must scan to ‘verify’ their accounts within 2-3 days, adding a sense of urgency. Threat actors exploit QR codes hidden in images to outsmart security tools that scan emails for malicious links.

🎯 Complex Evasion Techniques

This campaign employs QR code-based redirections via Bing, Salesforce, and Cloudflare’s Web3 services, which then lead to a fake Microsoft 365 login page. Such methods, including base64 encoding and hiding URLs, sidestep email filters.

📱 QR Code Caution

QR code phishing has previously emerged in smaller campaigns, including instances in France and Germany. While they can bypass security, victim engagement is still required, which well-trained personnel can help mitigate. Many smartphone QR code scanners prompt users to verify URLs before opening.

🔒 Security Measures

To guard against QR-based threats, Cofense recommends employee training and image recognition tools, although no defence is foolproof.

Stay vigilant and informed to outsmart evolving phishing tactics! 🛡️🔒📢

🗞️ Extra, Extra! Read all about it! 🗞️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

💰 Daily Dough: Bite-sized investing ideas, wisdom, news, and trends you need to grow your dough!

📈 ProductivityGlide: A bite-sized email for your most productive day yet!

🏫 AI Marketing School: The latest AI Marketing tools, techniques, and news delivered biweekly.

Let us know what you think!

Lord have mercy, we haven’t seen this old malware in a ‘coon’s age! 😂

🦝 Raccoon Malware Returns with Enhanced Features 🦝

The notorious Raccoon Stealer malware has resurfaced after a 6-month hiatus, introducing version 2.3.0 in the cybercriminal world 🌐. Raccoon has a history dating back to 2019, renowned for its subscription-based $200/month model, stealing data from over 60 applications.

🔒 New & Improved

Amid uncertainties following the arrest of its primary author and the FBI’s intervention, the Raccoon developers are back. They’ve fine-tuned the malware based on user feedback, trends, and demands, aiming to maintain its status as a premier info-stealer.

🛡️ Enhanced Protection

The revamped Raccoon boasts “quality of life” upgrades, including a quick search tool for stolen data, defences against suspicious activities from security-assisting bots, and a reporting system to deter monitoring efforts by security researchers.

🔍 Guarding Against Threats

With its potential to steal credentials and cookies, Raccoon poses a significant threat, potentially leading to multi-factor authentication bypasses, corporate network breaches, data theft, ransomware attacks, BEC scams, and cyber espionage.

🛡️ Top Tips:

To guard against Raccoon and similar threats, you might want to consider:

  • Using password managers instead of browser-stored credentials,

  • Enabling multi-factor authentication

  • Avoiding downloading executables from questionable sources

Stay proactive against evolving threats and bolster your cybersecurity defences! 🛡️🔒🚨

So long and thanks for reading all the phish!

Recent articles