Keylogger masquerading as bank

Mar 28 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s always phishing for compliments so if you’ve got a moment, drop us a line 🎣🎣

Today's hottest cybersecurity news stories:

  • 💻 Keylogger distributed as bank payment notice in phishing attack 🎣

  • 🤖 Ray AI flaw left unpatched is exploited for cryptocurrency mining ⛏️

  • 📱 Android users beware! Google Play apps make Androids = proxies 🎭

Hackers: There’s plenty more phish in the sea 🌊🐟💀

🚨 New Phishing Alert! Keylogger masquerading as bank payment notice 🏧

A cutting-edge phishing campaign has emerged, deploying a sophisticated loader malware to deliver the notorious Agent Tesla information stealer and keylogger. 😱💻

📧 Trustwave SpiderLabs uncovered this malicious operation on March 8, 2024, disguised as a bank payment notification email. Recipients are tricked into opening an archive file attachment containing a devious loader that unleashes Agent Tesla onto the victim's system. 🕵️‍♂️📤

💣 "This loader exhibits advanced evasion techniques, including obfuscation and polymorphic behaviour, to dodge detection," explained security researcher Bernard Bautista. "It even bypasses antivirus defences and leverages proxies to obscure traffic." 🛡️🕵️‍♂️

🔒 Once activated, the loader bypasses Windows Antimalware Scan Interface (AMSI) to execute Agent Tesla in memory, enabling cybercriminals to covertly siphon sensitive data via SMTP from a compromised email account linked to a legitimate Turkish security system supplier. 📧🔓

🌐 This sophisticated attack not only evades detection but also provides an added layer of anonymity, making it challenging to trace back to the perpetrators. "[The loader] marks a notable evolution in the deployment tactics of Agent Tesla," noted Bautista. 📈🕵️‍♂️

🚨 In parallel, cybersecurity firm BlueVoyant has uncovered another phishing campaign orchestrated by cybercrime group TA544, using PDFs disguised as legal invoices to distribute WikiLoader and establish connections with hacked WordPress sites for command-and-control (C2) purposes. 💼📄

💻 Moreover, the surge in Tycoon phishing kit activity highlights the ongoing sophistication of cyber threats. Targeting Microsoft 365 users with deceptive login pages, Tycoon employs intricate traffic filtering methods to bypass detection and steal credentials. 🎣🔐

🔍 Stay vigilant against these evolving cyber threats! Remember to scrutinise emails, avoid opening suspicious attachments, and keep your cybersecurity defences up-to-date. 💻🛡️

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Raided 💀💀💀

🚨 Urgent Security Alert! All those afraid say Ray AI 🤖

Cybersecurity experts have uncovered a grave threat targeting the Anyscale Ray AI platform, leaving organisations vulnerable to malicious exploitation. 🛡️💻

Oligo Security researchers Avi Lumelsky, Guy Kaplan, and Gal Elbaz have disclosed an ongoing campaign dubbed ShadowRay, which has been active since September 2023. 😱🔒

This sophisticated attack leverages a critical vulnerability (CVE-2023-48022) in Ray's job submission API, allowing attackers to execute arbitrary code remotely without authentication. 🛠️🔓

Ray, a widely-used open-source AI compute framework trusted by major companies like OpenAI, Uber, Spotify, and Netflix, is now under siege, with threat actors infiltrating GPU clusters to mine cryptocurrencies and gain unauthorised access to sensitive credentials. 💰🔑

Despite the severity of the flaw, Anyscale has no immediate plans to address the issue, leaving countless organisations at risk of data breaches and system compromise. 😨🔍

The attackers behind ShadowRay have demonstrated a cunning ability to evade detection, utilising tools like Interactsh to maintain anonymity while exploiting compromised clusters for financial gain. 💼🕵️‍♂️

This alarming development underscores the urgent need for organisations to fortify their cybersecurity defences and remain vigilant against evolving threats in the AI landscape. 🌐🔒

Stay informed and take proactive measures to safeguard your systems against exploitation. Your security is paramount! 💻🛡️

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)

🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Google don’t Play 😬😬😬

🚨 Critical Security Alert: Beware of Rogue VPN Apps on Google Play! 🔒

Attention Android users! Cybersecurity experts have uncovered a dangerous threat lurking within seemingly innocent free VPN apps on Google Play. 😱💻

Over 15 VPN applications have been identified as carriers of a malicious software development kit (SDK) that transforms Android devices into unwitting residential proxies. 🚫📱

These proxies reroute internet traffic through residential devices, making it appear legitimate and evading detection, but in reality, they're hijacking your device's bandwidth for illicit activities like cybercrime and shopping bot schemes. 🕵️‍♂️🔍

While residential proxies have legitimate uses, such as market research and ad verification, threat actors exploit them for nefarious purposes like ad fraud, spamming, and phishing, putting unsuspecting users at risk of legal trouble. ⚠️💸

The offending VPN apps, masquerading as tools for online privacy, include names like Lite VPN, Fast Fly VPN, and Oko VPN, among others. These apps, once installed, secretly deploy the malicious SDK to convert your device into a proxy server without your knowledge. 🕵️‍♂️🔓

The SDK, developed by LumiApps, has been utilised to orchestrate a sophisticated campaign dubbed ShadowRay, allowing attackers to compromise hundreds of Android devices and syphon sensitive credentials and data. 😨🔑

Despite efforts to address the issue, some of these apps have resurfaced on Google Play under different developer accounts, potentially exposing users to continued risks. 🔄📲

🛡️ Top Tips:

Update or Uninstall: If you've installed any of the listed apps, update to the latest version that does not use the malicious SDK. If no safe version exists, uninstall the app immediately.

Stay Informed: Be wary of free VPN apps and consider using paid services that prioritise user privacy and security.

Enable Play Protect: Google Play Protect can help detect and remove harmful apps from your device.

Your online safety is paramount. Don't let rogue apps compromise your security. Stay vigilant and take proactive measures to safeguard your digital life! 🔒🛡️

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think!

So long and thanks for reading all the phish!


Recent articles