Mobile devices targeted with spyware

Jul 19 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that views cybercriminals like it views politicians during campaign season. With unmitigated disdain ????

Today’s hottest cyber security stories:

  • ???? Chinese APT41 hackers target mobile devices with spyware ????️

  • ???? Spotify makes user’s private playlists public ????

  • ???? More national cybersecurity initiatives from White House ????️????

Enter the DragonEgg

China's APT41 Unleashes New Android Spyware: WyrmSpy and DragonEgg! ????

APT41, a notorious China-linked hacking group, has recently been associated with two previously unknown Android spyware strains named WyrmSpy and DragonEgg. ????

According to a report from Lookout, a leading cybersecurity company, APT41 is renowned for its expertise in exploiting web-facing applications and infiltrating traditional endpoint devices.

The fact that they now possess mobile spyware showcases the value they place on targeting mobile endpoints to acquire highly sought-after corporate and personal data. ????????

Also known as Axiom, Blackfly, Brass Typhoon (formerly Barium), Bronze Atlas, HOODOO, Wicked Panda, and Winnti, APT41 has been operational since at least 2007, engaging in intellectual property theft across various industries. ????️‍♂️????

Recent attacks by this threat actor involved the utilisation of an open-source red teaming tool called Google Command and Control (GC2). The targeted victims were media and job platforms in Taiwan and Italy. ????????

While the initial infiltration method for the mobile surveillanceware campaign remains unknown, social engineering tactics are suspected to have been involved. WyrmSpy was initially detected by Lookout in 2017, while DragonEgg emerged in early 2021. Recent samples of DragonEgg were identified as recently as April 2023. ????

WyrmSpy disguises itself as a default system app responsible for displaying notifications. However, newer variants have been found packaged within apps impersonating adult video content, Baidu Waimai, and Adobe Flash.

On the other hand, DragonEgg has been distributed through third-party Android keyboards and messaging apps such as Telegram. No surprise there! ????????

No evidence suggests that these malicious apps were distributed via the official Google Play Store, raising concerns about the security of third-party app repositories. ????????

Stay vigilant and ensure you download apps from trusted sources to protect your personal information from falling into the wrong hands. ????????

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Spotify the difference?

Spotify, the popular music streaming service, is facing a major privacy scandal as users allege that their private playlists were made public without their consent. ????

This incident echoes a similar concern raised in March, sparking worries about an ongoing privacy issue.

The controversy erupted when affected users took to Twitter and Spotify's community forums to report the unexpected change.

Microsoft Edge Project Manager, William Devereux, tweeted, "Apparently @SpotifyUSA silently made all of my private playlists public without my consent. The same happened to my wife too. That's an absolutely unacceptable privacy violation. Anyone else noticed this happen recently? I haven't changed any privacy settings." ????

Additional reports surfaced on Spotify's forum in March, including a professional music curator who found their meticulously crafted playlists made public. ????

"I have revisited some lists made a month or so ago and they are all public now. Looking at more, and they are now public as well! Why has this happened? Is there a way to make bulk lists private? I don't want to spend days of my life changing them one by one, there are over 1400 lists, and I can't invoice for that time, so it will take away from my wages," expressed the user on Spotify's forums.

The theory proposed in March suggests that the actual settings of playlists haven't changed. Previously, playlists labelled as "private" and "public" are now categorised as "public" since they could be shared through a link, indicating they were never truly private. ????????

This privacy controversy raises serious concerns about Spotify's handling of user data. Stay tuned for further updates on this unfolding situation. ????????????

????️ Extra, Extra! Read all about it ????️

Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ✍️ The Story Grid: Fancy yourself as a writer, but unsure where to start. Check out this free ebook on how to write stories people will love.

  • ???? Life's A Game with Amanda Goetz: If you're a founder, marketer, or leader who is looking to grow your career and your life, then I highly recommend signing up for this program. You'll learn from some of the top experts in the field.

  • ???? Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.

Let us know what you think!

The National Cybersecurity Strategy Implementation Plan (NCSIP): Doesn’t exactly NCSIP off the tongue…

The White House has released the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure effective execution of the US National Cybersecurity Strategy, introduced in March 2023. ????????????

Published on July 13, 2023, the NCSIP emphasises transparency and coordination among federal government agencies to achieve the strategy's vision.

This vision aims for a transformative shift in roles, responsibilities, and resource allocation in cyberspace while incentivizing long-term investments in cybersecurity. ????????

The NCSIP outlines more than 65 "high-impact" federal initiatives, each assigned to a responsible agency and accompanied by a timeline for completion. These initiatives encompass a range of tasks, including proposing new legislation and modernising technology systems. ????✅

The initiatives are organised around five pillars:

Defending Critical Infrastructure: The Cybersecurity and Infrastructure Security Agency (CISA) will update the National Cyber Incident Response Plan to enhance coordinated government action during cyber incidents.

Disrupting and Dismantling Threat Actors: The FBI will strengthen the National Cyber Investigative Joint Task Force (NCIJTF) to facilitate faster, larger-scale takedowns of threat actors.

Shaping Market Forces for Security and Resilience: CISA will collaborate with stakeholders to advance the implementation of software bill of materials (SBOM) and address gaps in scalability.

Investing in a Resilient Future: The National Institute of Standards and Technology (NIST) will standardise quantum-resistant public key cryptographic algorithms.

Forging International Partnerships: The Department of State will publish an International Cyberspace and Digital Policy Strategy, integrating bilateral and multilateral activities. ????????

The NCSIP highlights the US government's commitment to strengthening cybersecurity and fostering collaboration to address evolving threats in the digital landscape.

Stay tuned for updates on the progress of these critical cybersecurity initiatives. ????????

So long and thanks for reading all the phish!

Recent articles