๐Ÿ Mac users beware! โ€˜ClearFakeโ€™ campaign targets macOS ๐Ÿ–ฅ๏ธ

Nov 23 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that thinks Dominic Cummings has been hacked by cybercriminals ๐Ÿ˜ตโ€๐Ÿ’ซ #CovidInquiryA

Todayโ€™s hottest cybersecurity news stories:ย 

  • ๐Ÿ Mac users beware! โ€˜ClearFakeโ€™ campaign targets macOS ๐Ÿ–ฅ๏ธ

  • ๐Ÿš N. Koreans masquerade as recruiters, distribute malware ๐Ÿ‘พ

  • ๐Ÿ‘จโ€๐Ÿ’ป Hackers exploit fingerprint flaws to bypass Windows login ๐Ÿ”‘ย 

Itโ€™s Clearly a Fake ๐Ÿ‘€๐Ÿ’€

 

giphy.com

 

๐Ÿ”’ Cybersecurity Alert: New Threats Targeting macOS Users! ๐Ÿ’ป

๐Ÿšจ The notorious macOS data-stealing malware, Atomic Stealer (AMOS), has evolved! Now, it’s infiltrating Mac systems through a deceptive web browser update chain called ClearFake. ๐Ÿ˜ฑ

๐Ÿ’ฐ $1,000 a month ๐Ÿ’ฐ

๐Ÿ•ต๏ธโ€โ™‚๏ธ According to Malwarebytes’ analysis, this marks a significant shift in social engineering tactics, expanding beyond Windows to target macOS users worldwide. AMOS, a subscription-based malware sold for $1,000/month, specialises in extracting data from web browsers and cryptocurrency wallets. ๐Ÿ˜จ

๐ŸŽญ ClearFake ๐ŸŽญ

๐Ÿ–ฅ๏ธ In a recent development, ClearFake, a rising malware distribution operation, uses compromised WordPress sites to deploy fraudulent browser update notices. It has joined the league of threat actors like TA569 and RogueRaticate, employing fake browser updates to spread malware.

๐ŸŒ The ClearFake campaign, as of November 2023, has expanded its reach to macOS systems. This highlights the adaptability of stealer malware, relying on fake installer files via malicious ads, drive-by downloads, and phishing.

๐Ÿ‘พ LummaC2 ๐Ÿ‘พ

๐Ÿชย Additionally, beware of LummaC2 stealerย updates featuring an anti-sandbox technique and claiming to extract persistent Google cookies. This could open the door to extensive cyber attacks, compromising Google accounts.

๐Ÿ›ก๏ธ Stay vigilant, update your security software, and avoid suspicious downloads! Your digital safety is our top priority. ๐Ÿ”

Automate Compliance and Scale Security

Accelerated growth can make managing a security program much more complex.

Vanta brings GRC and security efforts together. You can integrate information from multiple systems and reduce risks to your business and your brand โ€” all without the need for additional staffing.

And because Vanta automates up to 90% of the work for SOC 2, ISO 27001, and more, youโ€™ll be able to focus on strategy and security, not maintaining compliance.

Join 6,000 fast-growing companies like Chili Piper, Autodesk, and Patch that leverage Vanta to manage risk and prove security in real time.

Get started with a 7 day free trial – no costs or obligations.

Looking for a new Korea? ๐Ÿ˜ย 

 

giphy.com

 

๐ŸŒ North Korean Hackers Targeting Organizations Globally! ๐Ÿ’ผ

In this campaign, North Korean threat actors disguise themselves as job recruiters, targeting software developers in a bid to spread malware through deceptive job interviews. The malware, including BeaverTail and InvisibleFerret, poses a cross-platform risk for Windows, Linux, and macOS users.

๐Ÿฆ› Wagemole ๐Ÿฆ›

Wagemole involves a cunning scheme where hackers, impersonating job seekers, utilize GitHub to host fake resumes. The ultimate goal is financial gain and espionage, with threat actors aiming to embed insiders within targeted companies. The sophistication of these attacks highlights the evolving tactics of North Korean cyber threats.

๐Ÿฆฆ BeaverTail & InvisibleFerret ๐Ÿฆฆ

The Contagious Interview campaign introduces two previously undocumented malware, BeaverTail and InvisibleFerret. These threats can compromise systems running on Windows, Linux, and macOS. BeaverTail acts as a JavaScript implant, stealing sensitive information, while InvisibleFerret serves as a Python-based backdoor, enabling remote control and data exfiltration.

๐Ÿ‘€ Persistent Threats ๐Ÿ‘€

These tactics mirror previous North Korean threat activities, emphasising the ongoing risk of deception. The threat landscape remains dynamic, with hackers adapting their strategies to exploit vulnerabilities. Cybersecurity measures must evolve to counter these sophisticated attacks.

๐Ÿ” Emerging Threats! ๐Ÿค–

As software developers become a prime target, and fake job offers persist, maintaining robust cybersecurity defences is crucial. Keep your systems updated and be cautious of unsolicited communications. Together, we can thwart these sophisticated cyber threats!

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

๐Ÿ‘ฎโ€โ™‚๏ธ Cyber Cops: Letโ€™s dust for prints โ˜๏ธ๐Ÿคฆโ€โ™‚๏ธ๐Ÿ˜‚

 

giphy.com

 

๐Ÿšจ Vulnerabilities in Fingerprint Sensors Threaten Windows Hello Authentication! โš ๏ธ

๐Ÿ” Researchers at Blackwing Intelligence have uncovered serious vulnerabilities in fingerprint sensors from Goodix, Synaptics, and ELAN, affecting Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. ๐Ÿ˜ฑ

๐Ÿ‘พ The flaws, identified as a potential gateway to bypass Windows Hello authentication, stem from weaknesses in the “match on chip” (MoC) type fingerprint sensors integrated into these devices.

๐Ÿ“Ÿ MoC ๐Ÿ“Ÿ

๐Ÿ›ก๏ธ Despite MoC preventing the replay of stored fingerprint data, it fails to prevent malicious sensors from falsely claiming authorised user authentication, leaving the door open for exploitation.

๐ŸŒ ELAN’s vulnerability allows any USB device to impersonate the fingerprint sensor, potentially leading to unauthorised access.

๐Ÿ”’ Synaptics faces issues with the default disabling of the Secure Device Connection Protocol (SDCP), relying on a flawed Transport Layer Security (TLS) stack, posing a risk to biometric authentication.

๐Ÿ˜ˆ Goodix ๐Ÿ˜ˆ

๐Ÿ’ป Goodix’s exploit takes advantage of the difference in enrollment operations between Windows and Linux, potentially allowing attackers to compromise the system.

๐Ÿ›‘ To counter these threats, original equipment manufacturers (OEMs) are advised to enable SDCP and undergo independent expert audits of fingerprint sensor implementations.

๐Ÿ” Windows Hello biometrics, designed with the Secure Device Connection Protocol, faces challenges in device manufacturers’ understanding and limited coverage of the device’s overall security. Stay vigilant for updates and patches! ๐Ÿค–๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles