New Phishing kit utilises SMS, voice calls

Mar 04 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s airdropping you your cybersecurity supplies on a daily basis ????????????️

Today’s hottest cybersecurity news stories:

  • ???? Crypto traders beware! New Phishing kit utilises SMS, voice calls ????

  • ???? U.S. offers $10 million for info leading to capture of Iranian hacker

  • ???? NSO group Meta its match! Ordered to hand over Pegasus code ????

Hackers: Good luck tackling this tackle box! ???????????? Dw, Karma’ll catch up to them ????

 

giphy.com

 

???? Alert: New CryptoChameleon Phishing Threat! ????

???? A sophisticated phishing kit, part of an attack cluster dubbed CryptoChameleon, has emerged, targeting mobile users by impersonating login pages of popular cryptocurrency services. This kit enables attackers to gather sensitive information, including usernames, passwords, and even photo IDs, from hundreds of victims, primarily in the United States.

???? Targets

Victims include employees of the Federal Communications Commission (FCC), as well as users of cryptocurrency platforms such as Binance, Coinbase, Gemini, and more. Over 100 victims have already fallen prey to this phishing campaign.

???? How It Works

The phishing pages are designed to mimic legitimate login screens and are accessed after completing a CAPTCHA test, thwarting automated analysis tools. The attackers employ a variety of tactics, including unsolicited phone calls and text messages, to lure victims into divulging their credentials.

???? Sophisticated Techniques

The phishing kit allows operators to customise pages in real-time, enhancing the illusion of credibility. Once credentials are entered, attackers prompt victims for two-factor authentication (2FA) codes, which are then captured and used to gain access to online services.

????️ Protection Measures

While the origins of CryptoChameleon remain unclear, cybersecurity experts emphasise the importance of remaining vigilant against such phishing attempts. Users are advised to verify the authenticity of login pages and exercise caution when responding to unsolicited communications.

???? Links to Other Threats

The tactics employed by CryptoChameleon bear resemblance to those used by other threat groups, indicating potential connections within the cybercriminal ecosystem.

Stay informed and stay safe against evolving cyber threats! ????️????

 

Signup for Free

 

Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Uncle Sam: You can Iran but you can’t hide ????????????

???? DoJ Strikes Back! Iranian Cyber Villain Nabbed! ????️‍♂️????????

The U.S. Department of Justice (DoJ) has brought down the hammer on an Iranian cyber culprit, Alireza Shafie Nasab, accusing him of orchestrating a sneaky cyber campaign targeting Uncle Sam and some big-shot private players. Nasab, 39, posed as a cyber whiz working for a company called Mahak Rayan Afraz while pulling off this digital caper, which ran from about 2016 to April 2021.

The Cyber Capers Unveiled! ????️‍♂️????????

Using devious spear-phishing tricks and other hacker shenanigans, Nasab and his crew allegedly hacked into over 200,000 devices, many of them housing juicy defence secrets. They even had their own custom app to manage these sneaky spear-phishing campaigns like a cyber ninja.

Hack me once, shame on you ????????????

One time, they infiltrated an email account of a defence bigwig, then used it to create fake accounts and send more sneaky emails to folks at other defence companies and consulting firms. They also played some sneaky social engineering games, pretending to be other people, usually women, to fool their victims into downloading malware onto their computers.

Hack me twice, shame on me ????????????

Nasab is accused of sneaking around to get all the tech stuff needed for the caper by using a stolen identity to register servers and email accounts. The DoJ is throwing the book at him, charging him with all sorts of cyber crimes. If he’s found guilty, Nasab could be looking at a whopping 47 years behind bars. Uncle Sam is so keen on getting him that they’re offering up to $10 million to anyone who can help track him down.

IRGC’s Digital Dilemma! ????️????????

Moreover, Nasab’s supposed company, Mahak Rayan Afraz (MRA), was flagged by Meta in 2021 for having ties to the Islamic Revolutionary Guard Corps (IRGC), Iran’s armed force. This IRGC-linked gang has been caught red-handed before, pulling off social engineering stunts, like pretending to be an aerobics instructor on Facebook to trick an aerospace defence worker into downloading malware.

Cyber and Crime Busters on Duty! ????‍♂️????????

These cyber and crime busters are showing that they mean business, keeping the digital and real-world streets safe from sneaky crooks and cyber villains! ????️‍♂️????????️

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)


???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)


???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

NSO Group: Damn, WhatsApp with that? ????

Spyware Showdown: Meta vs. NSO Group! ????️‍♂️????????

In a legal showdown straight out of a cyber thriller, a U.S. judge has ruled in favor of Meta, the social media giant, ordering NSO Group, the Israeli spyware heavyweight, to cough up its source code for Pegasus and other sneaky products. ????????????

Victory for Meta! ????????

Meta landed a major win in its legal tussle with NSO Group, which kicked off back in 2019. The lawsuit accused NSO Group of using Meta’s platform to dish out its spyware to around 1,400 mobile devices, even targeting two dozen Indian activists and journalists. ????????????????

Zero-Day Shenanigans! ????️‍♂️????????

The attacks were slick, leveraging a zero-day flaw in an instant messaging app to slip Pegasus onto unsuspecting devices with just a missed call. The spyware even wiped away call logs to cover its tracks. ????????????️‍♀️

Spilling the Cyber Beans! ????????????

The judge’s order demands NSO Group spill the cyber beans on Pegasus, from a year before the attacks to a year after. But, there’s a twist: NSO Group doesn’t have to reveal its clients or spill the beans on server stuff. ????????️‍♂️????

Meta vs. Privacy Police! ????️????????

While Meta celebrates, it’s under the spotlight itself, facing heat from privacy watchdogs in the EU over its “pay or okay” model. Critics say it’s like choosing between privacy or being tracked, raising eyebrows over GDPR rules. ????????

Digital Danger Looms! ????????????

As the cyber saga unfolds, one thing’s for sure: the digital world is a wild, wild place, where privacy battles and spyware wars are fought in the shadows, and every click could be a step into the unknown. ????????????️‍♂️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ????️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ????

  • ???? Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ????

  • ???? Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ????

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles