PEACHPIT: iOS and Android breached in juicy hack

Oct 11 2023

Gone Phishing Banner

Welcome to Gone Phishing, your cybersecurity newsletter that’s unleashing a ‘barrage of rockets’ (#Gaza) on cybercrime ????????????

Today’s hottest cybersecurity news stories:

  • ???? Introducing PEACHPIT: iOS and Android breached in juicy hack ????‍????️

  • Magecart 2 N64! Campaign returns altering customers’ 404 error pages ⚠️

  • ???? DO Passkey, DO collect £200: Google adopts passkey as default ????

What a Peach ????


???? Breaking News: PEACHPIT Ad Fraud Botnet Exposed! ????????

Hey there, tech-savvy readers! ???? We’ve got a shocking revelation to share with you today about the PEACHPIT botnet and its connections to a vast operation called BADBOX. ????????

???? What’s the Buzz?

PEACHPIT, a sneaky ad fraud botnet, employed hundreds of thousands of Android and iOS devices to generate illicit profits for its masterminds. BADBOX, a China-based operation, not only ran this botnet but also sold off-brand mobile and connected TV (CTV) devices, loaded with Android malware called Triada, on popular online platforms. ????????

???? Key Stats

PEACHPIT’s dodgy apps spread across 227 countries and territories ????

Peak daily activity: 121,000 Android devices ???? and 159,000 iOS devices ????

39 apps infected over 15 million devices ????

???? The Intrigue

BADBOX-infected devices allowed hackers to steal data, create residential proxy exit peers, and commit ad fraud using fake apps. There’s suspicion of a firmware backdoor compromise, possibly via a Chinese hardware supply chain attack. ????????

????️‍♂️ Modus Operandi

Threat actors exploited these devices to create WhatsApp and Gmail accounts, cleverly avoiding bot detection. ????????

???? Action Taken

Cybersecurity heroes at HUMAN, Apple, and Google teamed up to disrupt BADBOX. The C2 servers behind the firmware backdoor have been taken down, and an update removed PEACHPIT modules. But stay vigilant—hackers adapt! ????‍♂️????

???? Android Malware History

Pre-installed malware on Android devices has been a menace since 2016, often sneaking onto low-cost gadgets. The level of obfuscation in BADBOX’s operation shows their growing sophistication. ????

Stay safe, tech enthusiasts! Keep your devices secure, and watch out for those fake apps. ????️????

Biometric Authentication: No Cost Proof of Concept

The world’s fastest and most secure facial recognition and liveness detection vendor is offering a Zero Cost, Zero Commitment, Full Featured Proof of Concept.

Over 50 hours of engineering goes into customization of your mobile or web application. Live Chat, email, and telephone 24/7 support after implementation. Spaces are Limited.

Compatible with IOS and Android, RESTful API’s, completely integrated into your existing operations.

Customer Onboarding | Liveness Detection | Face Recognition (1:1 & 1:N) | Age Verification | Iris Detection | Fraud Prevention against 60+ Spoofing Attacks

Speed to value in replacing manual and outdated verification methods with 3D liveness detection and AI driven face recognition with unparalleled accuracy in under 1 second.

Apply Now for your own full featured Proof-of-Concept.

Patent pending, ibeta and NIST certified compliant with the highest levels of data protection. Control your data in your own data centers.

404!!! ????️????‍♂️

????????️‍♂️ Magecart Strikes Again: New Twist in Web Attacks! ????????️

Hello, cybersecurity enthusiasts! ???? A fresh and crafty Magecart campaign has emerged, and it’s all about stealth and sophistication. Here’s the scoop! ????️‍♀️????️

???? What’s Happening?

In the latest evolution of Magecart attacks, hackers are using a clever trick. They’re manipulating the default 404 error page on websites to hide malicious code. ???? This campaign mainly targets Magento and WooCommerce websites, including those of big players in the food and retail industries. ????????

???? How Does It Work?

The attackers inject malicious code directly into the website’s HTML pages or first-party scripts. This code operates in stages, making it harder to detect. The final goal is to capture sensitive information (like credit card details) entered by users during checkout and send it to a remote server. ????????

???? Three Variations

404 Error Page Trick: Attackers use the error page to hide the skimmer code, which overlays a fake payment form to steal data.

Malformed HTML Image Tag: The skimmer code disguises itself within an image tag’s onerror attribute.

Fake Meta Pixel Code:

Fetches a sneaky JavaScript payload from an actor-controlled domain.

???? Why Is This Tricky?

These techniques make it tough for security systems to catch the malicious activity. They bypass static analysis and scanning, making the attacks harder to detect. ????????

???? Unusual Concealment

The 404 error page trick is especially sly. It creates a “404 Not Found” response, leading to a modified error page that hides the skimmer code. This code looks like a payment form but secretly steals data for later use. ????????

???? The Future of Magecart

This new twist in Magecart’s playbook shows their creativity and determination to evade detection. It’s a constant game of cat and mouse in the cybersecurity world! ????????

Stay vigilant, stay safe, and keep an eye out for these sneaky online threats! ????️????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

Thou shall not Passkey ????


???? Google Introduces Passkeys for Hassle-Free and Secure Logins! ????

???? Google has some exciting news for us. They’re making our online lives simpler and safer with the introduction of passkeys as the default way to sign in. ????

???? What Are Passkeys?

Passkeys are like magic keys that unlock your accounts without the need for usernames or passwords. Instead, they use public-key cryptography to verify your identity, with the private key safely stored on your device and the public key on the server.

???? Unique to You!

Each passkey is unique and tied to your username and a specific service. So, you’ll have one for Android, iOS, macOS, and Windows, or as many as you have accounts on each platform. ????????

????️ How It Works

When you sign in to a passkey-supported website or app, a random challenge is created.

You verify it using your biometric data or a PIN.

The private key signs the challenge and sends it back to the server.

If the server can validate it with the public key, you’re in! ????????

???? Benefits Galore

Passkeys make life easier by ditching the need to remember passwords. Plus, they’re super resistant to phishing attacks, so your accounts are safer than ever. ????????

???? Widening Adoption

Google joins the passkey party, following Microsoft, eBay, Uber, and more. It’s a game-changer for account security. ????????

Say goodbye to password headaches and hello to a more secure online experience! ????????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ???? HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.

  • Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • ???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles