Operation Zero Offers $20 Million for Phone Hacking Tools ๐Ÿ”“

Sep 29 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to destroy cybercrime like #Cloudflare destroys Discord on PCs ๐Ÿ‘€๐Ÿ™ˆ๐Ÿ˜‚

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches!! ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Hackers: Thereโ€™s no place like Chrome ๐Ÿ’€

๐Ÿ”’ Google acted swiftly to address a critical zero-day (CVE-2023-5217) in Chrome, actively exploited by spyware vendors.

๐Ÿ’ป Upgrade to Chrome version 117.0.5938.132 on Windows, macOS, and Linux to stay secure.

๐ŸŒ Mozilla also released updates for Firefox (versions 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1) to fix a similar issue.

Ensure your browser is up to date! ๐Ÿš€๐Ÿ›ก๏ธ Stay safe online! ๐Ÿ’ช๐Ÿ˜Šย 

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿ’ฐ Russian zero-day company offers $20m for hacking iPhones, Androids ๐Ÿ“ฑ

  • ๐Ÿ€ ZenRAT attacks Bitwarden and others via SEO poisoning & malspam โ˜ฃ๏ธ

  • ๐Ÿ‘จโ€๐Ÿ’ป Hackers siege GitHub with info-stealing commits masked as Dependabot ๐Ÿค–

Hackers, switch teams and go from โ€˜Zeroโ€™ to hero! ๐Ÿฆธ

๐Ÿ”’ Operation Zero Offers $20 Million for Phone Hacking Tools ๐Ÿ”“

Russian-based Operation Zero, known for acquiring and selling zero-day exploits, has raised the stakes, offering researchers a whopping $20 million for hacking tools targeting iPhones and Android devices.

They made this announcement via Telegram and X (formerly Twitter), encouraging developer teams to collaborate by offering competitive plans and bonuses.

๐ŸŒ Notably, Operation Zero exclusively serves non-NATO countries, particularly Russian private and government organisations. CEO Sergey Zelenyuk, when questioned about this, remained tight-lipped, citing "obvious reasons."

๐Ÿ’ฐ Zelenyuk explained that current high bounties might be temporary, driven by market dynamics and the challenges of hacking iOS and Android. These full chain exploits are most sought-after by government actors willing to pay a premium for exclusivity.

๐ŸŒ For years, companies worldwide have offered bounties to researchers, but Operation Zero stands out by not notifying vulnerable vendors. Instead, they sell exploits to government customers, operating in a secretive and fluctuating grey market.

๐Ÿ’ก Competitors like Zerodium and Crowdfense also offer significant bounties for mobile device exploits, emphasising the lucrative nature of zero-day markets.

๐ŸŒ The zero-day market remains largely unregulated, but geopolitical factors, like China's bug-reporting law, are increasingly influencing the landscape. This law requires researchers to alert the Chinese government before vendors, potentially consolidating China's hold on zero-days for intelligence purposes.

Stay informed and cautious in this evolving cybersecurity landscape. ๐Ÿ›ก๏ธ๐Ÿ’ป๐Ÿ“ฑ

I came across ZZZ money club during the crypto market bull run when everyoneโ€™s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Serenity now! Donโ€™t let ZenRAT spoil your zen ๐Ÿง˜๐Ÿปโ€โ™€๏ธโ˜ฎโœŒ๏ธ

๐Ÿฆ  Beware ZenRAT: New Windows Malware on the Prowl ๐Ÿฆ 

Bitwarden is giving parking wardens a run for their money when it comes to โ€˜most hated wardenโ€™ thanks to ZenRATโ€™s dastardly infiltration of the open-source password manager.

The fresh malware strain is causing concern as it targets Windows systems for information theft. The exact distribution method is unclear, but similar threats often employ SEO poisoning, adware bundles, or malspam campaigns.

๐Ÿ” Attack Insights ๐Ÿ”

Proofpoint researchers stumbled upon ZenRAT on a fake website posing as Bitwarden, an open-source password manager. Notably, when non-Windows users visited the site, they were safely redirected. However, Windows users were lured in with a deceptive Bitwarden installer.

๐Ÿ›ก๏ธ ZenRAT Features ๐Ÿ›ก๏ธ

ZenRAT is a modular Remote Access Trojan (RAT) equipped for information theft. It swiftly collects data like CPU and GPU details, OS version, RAM, IP address, antivirus, and applications from infected systems. This pilfered info, including browser data and credentials, is sent to the C2 server in a zip file named Data.zip.

๐ŸŒ Info-Stealing Surge ๐ŸŒ

While ZenRAT is fresh on the scene, information-stealing malware is on the rise. Other threats like ValleyRAT, Sainbox RAT, Purple Fox, Golang-based MetaStealer, and Atomic Stealer have been spotted in different campaigns.

๐Ÿ”’ Stay Safe ๐Ÿ”’

Researchers advise caution with search engine ad results, a prime source of malware. Always be vigilant when downloading software from untrusted sources, and double-check the legitimacy of the hosting domains.

Stay protected online! ๐Ÿ›ก๏ธ๐Ÿ–ฅ๏ธ๐Ÿ“ข

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.

โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think.

Hackers, Git the f@#& out! ๐Ÿ˜ก #UnDependabot

๐Ÿšจ GitHub Accounts Under Attack: Beware of Fake Dependabot ๐Ÿšจ

In a recent cyber threat, hackers are infiltrating GitHub accounts, disguising malicious code as Dependabot contributions. This sinister campaign was uncovered in July 2023, targeting both public and private repositories.

๐Ÿค– Impersonating Dependabot ๐Ÿค–

Dependabot, a GitHub tool, automatically updates projects with vulnerable dependencies. Attackers acquired GitHub access tokens, enabling them to pose as Dependabot with fake "fix" commits. Not so dependable now, eh?

๐Ÿ”’ The Malicious Code ๐Ÿ”’

These fake commits hide malicious code designed to:

1๏ธโƒฃ Extract secrets from GitHub projects and send them to the attacker's server.

2๏ธโƒฃ Modify JavaScript files in repositories to steal passwords from web forms.

๐Ÿ’ผ Private Repositories Also at Risk ๐Ÿ’ผ

As many tokens granted access to private repos, both public and private GitHub projects fell victim to this attack.

๐Ÿ” Possible Compromise Points ๐Ÿ”

Although the exact token theft method remains unclear, analysts suspect malware infection, possibly via a malicious package. Most victims were in Indonesia, indicating a potentially targeted attack.

๐Ÿ›ก๏ธ Stay Safe ๐Ÿ›ก๏ธ

Consider using GitHub's fine-grained personal access tokens to limit permissions, reducing risks in case of compromise.

Protect your code and be vigilant! ๐Ÿ’ป๐Ÿ” Have a good weekend folks and remember to think before you clink. I mean click. Cheers ๐Ÿป

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles