New malware could steal your passwords and crypto.

Jul 03 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that's making cybercriminals restless, just like the streets of France. ???? #FranceHasFallen

Today’s hottest cyber security stories:

  • Meduza stealer targets 19 password managers, 76 crypto wallets, 95 browsers ????????

  • LockBit hacks TSMC, demands $70m in ransomware cyberattack

  • Mac users beware! N. Korean RustBucket malware hits Asia, Europe, U.S.

Meduza me a favour! ????????

Enter Meduza Stealer, the Windows-based information-stealing sensation that's causing waves in the crimeware-as-a-service (CaaS) scene. This diabolical creation, carefully crafted to avoid detection by software solutions, has cybersecurity experts on high alert.

According to the sharp minds at Uptycs, Meduza Stealer has one devious purpose: to snatch valuable data from unsuspecting victims. It brazenly infiltrates their digital lives, leaving no stone unturned. From critical login credentials to meticulously curated bookmarks, no digital artefact is safe from its clutches.

Even crypto wallet extensions and password managers, believed to be secure, tremble in the face of this new threat.


But what sets Meduza Stealer apart from its counterparts is its clever operational design. Unlike its peers, it shuns the cloak-and-dagger tactics of obfuscation, instead relying on swift and decisive action. If a connection to the attacker's server fails, Meduza promptly terminates its mission on the compromised host, leaving no trace of its nefarious activities.

Adding another layer to its calculated strategy, Meduza Stealer is programmed to ‘abort mission’ if it detects a victim's location in its predefined list of excluded countries.

Those unlucky enough to reside within the Commonwealth of Independent States (CIS) and Turkmenistan can breathe a cautious sigh of relief—for now.

But the plot thickens. Meduza Stealer is not content with mere data theft. It yearns for more. It craves the allure of financial gain. In a move that raises eyebrows and amplifies concerns, this tool not only extracts information from a staggering 19 password manager apps, 76 crypto wallets, and 95 web browsers, but it also delves into the depths of Windows Registry entries related to cryptocurrency mining. As if that weren't enough, it greedily devours a list of installed games, signalling an insatiable appetite for a broader financial empire.

Meduza Stealer has emerged as the latest symbol of the thriving crimeware-as-a-service ecosystem. Its ruthless pursuit of personal data and financial gain serves as a chilling reminder of the constant battle between cybercriminals and those who seek to protect us.

As the digital landscape continues to evolve, it is clear that the Meduza Stealers of the world will stop at nothing to sink their teeth into our virtual lives.

Stay vigilant, dear readers, for this is a tale that is far from over.


Double check any download locations if you are using password managers, updating web browsers or installing crypto wallets, this could be disastrous if you end up with a compromised bit of software on your machine.

$70m? We’ll TSMC about that… ????

In a sinister turn of events, the National Hazard Agency, a faction operating within the notorious LockBit ransomware gang, has struck again.

Their latest target: Taiwan Semiconductor Manufacturing Company (TSMC), a global behemoth in chip manufacturing.

On the ominous dark web leak site of LockBit, the agency brazenly exposed the name of this industry titan on June 29, 2023. This threat actor wasted no time in making their demands known.

They have set a hefty price tag of $70 million, coercing TSMC into paying up to prevent the alleged data they possess from being released into the abyss of the internet.

Initially, a tight deadline of seven days was given for TSMC to comply. However, the deadline has now been extended, prolonging the victim's torment until August 6.

In a chilling message plastered on the dark web, LockBit laid out the consequences of non-compliance: the exposure of entry points, passwords, and logins of the besieged company.

The threat is crystal clear—refusal to meet their demands will result in the merciless publication of all available data they have obtained. The stakes are high, and the world watches as this high-stakes ransom drama unfolds.

As TSMC grapples with this malicious threat, the clock ticks relentlessly. The chilling ultimatum hovers over the company, leaving them with an agonising decision to make.

Will they succumb to the demands of these digital extortionists, or will they stand firm and face the potentially devastating consequences of their defiance?

As the fate of TSMC hangs in the balance, the world watches with bated breath, hoping for a resolution that strikes a blow against the forces of cybercrime.

They’re Korea criminals ????

Lazurus rises from the dead once more (third story down on link). A new version of the notorious Apple macOS malware, RustBucket, has emerged, flaunting its enhanced prowess to establish a firm foothold and slip past the watchful eyes of security software.

Elastic Security Labs have peeled back the layers of this evolved malware variant. They reveal that RustBucket, a longstanding nemesis of macOS systems, has acquired a new set of capabilities.

Now, let's delve into the origin of this digital menace. The fingerprints of a North Korean threat actor known as BlueNoroff adorn RustBucket.

But the plot thickens, for BlueNoroff is merely a cog in a grander machinery. It operates under the watchful eye of the Lazarus Group, a formidable hacking unit, renowned for its expertise and audacity.

This elite faction, closely supervised by none other than the Reconnaissance General Bureau (RGB), North Korea's primary intelligence agency, operates with precision and purpose.

Stay safe, true believers!

So long and thanks for reading all the phish!

Recent articles