Knight ransomware source code for sale

Feb 22 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s like a cyber-condom, protecting you from infection ????????????

Today’s hottest cybersecurity news stories:

  • ???? Roll up! Roll up! Knight ransomware source code for sale ????

  • ???? Android, Linux devices left exposed by new Wi-Fi vulnerabilities ????

  • ???? BRICS investment hype exploited by fake tokens. Watch out! ⚠️

It’s your Knight in shining malware ????????☠️


????️ Ransomware Alert: Knight 3.0 Source Code for Sale ????️

The alleged source code for the notorious Knight ransomware’s third iteration is up for grabs on a hacker forum, offered exclusively to a single buyer by a representative of the operation. ????????

Originally emerging as a successor to the Cyclops ransomware in July 2023, Knight targeted Windows, macOS, and Linux/ESXi systems, gaining notoriety for its info-stealers and a ‘lite’ encryptor version catering to smaller organisations. ????️????

Threat analysts at KELA uncovered the advertisement on RAMP forums, posted by the alias Cyclops, known to represent the Knight ransomware gang. The offer includes the source code for Knight 3.0’s panel and locker, all written in Glong C++. ????️‍♂️????

Version 3.0 boasted enhancements like 40% faster encryption, revamped ESXi support, and various improvements, making it a coveted asset in the cybercriminal underworld. ????✨

While the seller did not disclose a price, they emphasised selling to a single buyer to maintain its exclusivity. Interested parties must reach out via Jabber or TOX messaging services to negotiate terms. ????????

Despite Knight’s recent inactivity and the offline status of its victim extortion portal, the legitimacy of the sale is bolstered by the seller’s reputation and contact details. ????️????

With Knight’s operations seemingly dormant since December 2023, speculation abounds that the group may be liquidating assets, signalling a potential shift in the ransomware landscape. ????????

As ransomware threats continue to evolve, vigilance and proactive cybersecurity measures are crucial to safeguard against potential attacks. Stay informed and stay protected. ????????️


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Don’t get Wi-Fried by hackers ????????????

???? Critical Wi-Fi Vulnerabilities Discovered ????

Cybersecurity researchers have uncovered two authentication bypass flaws in open-source Wi-Fi software, posing significant risks to Android, Linux, and ChromeOS devices. ????????

Tracked as CVE-2023-52160 and CVE-2023-52161, these vulnerabilities in wpa_supplicant and Intel’s iNet Wireless Daemon (IWD) allow attackers to lure victims into joining malicious networks or gain unauthorised access to trusted networks without passwords. ????????

Particularly concerning, CVE-2023-52161 enables adversaries to infiltrate protected Wi-Fi networks, paving the way for potential malware infections, data breaches, and business email compromise (BEC) attacks. It affects IWD versions 2.12 and below. ????️????

Meanwhile, CVE-2023-52160 affects wpa_supplicant versions 2.10 and earlier, posing a grave threat as it’s the default software for handling wireless network logins in Android devices. Proper configuration to verify the authentication server’s certificate is essential to mitigate this risk. ????????

To exploit CVE-2023-52160, attackers must be in close proximity to victims and possess the SSID of a previously connected Wi-Fi network. This scenario underscores the importance of robust security measures, especially in enterprise environments. ????????

While major Linux distributions have issued advisories addressing these flaws, fixes for Android are pending. In the interim, Android users are urged to manually configure CA certificates for saved enterprise networks to thwart potential attacks. ????️????‍????

As the threat landscape evolves, proactive measures and prompt patching are essential to safeguard against emerging vulnerabilities. Stay vigilant and prioritise cybersecurity best practices. ????????️

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Don’t sh*t a BRIC, but there’s fake tokens about ????????????

????️ Rising Cryptocurrency Counterfeiting Threatens Fortune 100 Companies ????️

Security researchers have sounded the alarm on a concerning trend in cryptocurrency counterfeiting, particularly targeting Fortune 100 companies. ????????

In a report released today by Resecurity researchers, it’s revealed that scammers are creating tokens that impersonate major brands, government bodies, and even national fiat currencies, exploiting investor interest in decentralised finance (DeFi) and crypto markets. ????????

One striking example highlighted by Resecurity involves a counterfeit token named “BRICS,” capitalising on the investment hype surrounding the BRICS intergovernmental organisation. By spreading misinformation and leveraging geopolitical narratives, scammers conducted an initial coin offering (ICO) to promote the fake token, tapping into the organisation’s global image. ????????

The ease of creating counterfeit tokens on platforms like, combined with their flexibility, has made them hotspots for fraudulent activities. Scammers have also impersonated significant entities such as oil corporations and national regulators, referencing reputable organisations to lend credibility to their schemes. ????️????️

These scams have defrauded over 2 million investors, surpassing victims of major crypto failures like FTX, Celsius, and Voyager, according to Solidus Labs. They manifest primarily as DeFi scams or exit scams, exploiting vulnerabilities in token smart contracts or betraying investors after extensive promotion. ????????

As the cryptocurrency landscape faces mounting challenges from counterfeiters, Resecurity calls for heightened vigilance and robust regulatory frameworks to combat fraudulent activities. ????????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles