PEACHPIT: iOS and Android breached in juicy hack

Oct 11 2023

Gone Phishing Banner

Welcome to Gone Phishing, your cybersecurity newsletter thatโ€™s unleashing a โ€˜barrage of rocketsโ€™ (#Gaza) on cybercrime ๐Ÿ’ฃ๐Ÿ’ฃ๐Ÿ’ฃ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ‘ Introducing PEACHPIT: iOS and Android breached in juicy hack ๐Ÿฑโ€๐ŸŽ๏ธ

  • Magecart 2 N64! Campaign returns altering customersโ€™ 404 error pages โš ๏ธ

  • ๐Ÿ”‘ DO Passkey, DO collect ยฃ200: Google adopts passkey as default ๐Ÿ’ต

What a Peach ๐Ÿ‘


๐ŸŒŸ Breaking News: PEACHPIT Ad Fraud Botnet Exposed! ๐ŸŒ๐Ÿ“ฑ

Hey there, tech-savvy readers! ๐Ÿค“ We’ve got a shocking revelation to share with you today about the PEACHPIT botnet and its connections to a vast operation called BADBOX. ๐Ÿ˜ฑ๐Ÿค–

๐Ÿ“Œ What’s the Buzz?

PEACHPIT, a sneaky ad fraud botnet, employed hundreds of thousands of Android and iOS devices to generate illicit profits for its masterminds. BADBOX, a China-based operation, not only ran this botnet but also sold off-brand mobile and connected TV (CTV) devices, loaded with Android malware called Triada, on popular online platforms. ๐Ÿ‡จ๐Ÿ‡ณ

๐Ÿ’ก Key Stats

PEACHPIT’s dodgy apps spread across 227 countries and territories ๐ŸŒ

Peak daily activity: 121,000 Android devices ๐Ÿ“ฒ and 159,000 iOS devices ๐ŸŽ

39 apps infected over 15 million devices ๐Ÿฆ 

๐Ÿ” The Intrigue

BADBOX-infected devices allowed hackers to steal data, create residential proxy exit peers, and commit ad fraud using fake apps. There’s suspicion of a firmware backdoor compromise, possibly via a Chinese hardware supply chain attack. ๐Ÿ›’๐Ÿ”

๐Ÿ•ต๏ธโ€โ™‚๏ธ Modus Operandi

Threat actors exploited these devices to create WhatsApp and Gmail accounts, cleverly avoiding bot detection. ๐Ÿ“ฉ๐Ÿ”’

๐Ÿšจ Action Taken

Cybersecurity heroes at HUMAN, Apple, and Google teamed up to disrupt BADBOX. The C2 servers behind the firmware backdoor have been taken down, and an update removed PEACHPIT modules. But stay vigilantโ€”hackers adapt! ๐Ÿฆธโ€โ™‚๏ธ๐Ÿ’ช

๐Ÿค– Android Malware History

Pre-installed malware on Android devices has been a menace since 2016, often sneaking onto low-cost gadgets. The level of obfuscation in BADBOX’s operation shows their growing sophistication. ๐Ÿ˜จ

Stay safe, tech enthusiasts! Keep your devices secure, and watch out for those fake apps. ๐Ÿ›ก๏ธ๐Ÿ“ฒ

Biometric Authentication: No Cost Proof of Concept

The worldโ€™s fastest and most secure facial recognition and liveness detection vendor is offering a Zero Cost, Zero Commitment, Full Featured Proof of Concept.

Over 50 hours of engineering goes into customization of your mobile or web application. Live Chat, email, and telephone 24/7 support after implementation. Spaces are Limited.

Compatible with IOS and Android, RESTful APIโ€™s, completely integrated into your existing operations.

Customer Onboarding | Liveness Detection | Face Recognition (1:1 & 1:N) | Age Verification | Iris Detection | Fraud Prevention against 60+ Spoofing Attacks

Speed to value in replacing manual and outdated verification methods with 3D liveness detection and AI driven face recognition with unparalleled accuracy in under 1 second.

Apply Now for your own full featured Proof-of-Concept.

Patent pending, ibeta and NIST certified compliant with the highest levels of data protection. Control your data in your own data centers.

404!!! ๐ŸŒ๏ธ๐Ÿคฆโ€โ™‚๏ธ

๐Ÿ”๐Ÿ•ต๏ธโ€โ™‚๏ธ Magecart Strikes Again: New Twist in Web Attacks! ๐ŸŒ๐Ÿ›ก๏ธ

Hello, cybersecurity enthusiasts! ๐Ÿค“ A fresh and crafty Magecart campaign has emerged, and it’s all about stealth and sophistication. Here’s the scoop! ๐Ÿ•ต๏ธโ€โ™€๏ธ๐Ÿ•ถ๏ธ

๐Ÿง What’s Happening?

In the latest evolution of Magecart attacks, hackers are using a clever trick. They’re manipulating the default 404 error page on websites to hide malicious code. ๐Ÿ˜ˆ This campaign mainly targets Magento and WooCommerce websites, including those of big players in the food and retail industries. ๐Ÿ›’๐Ÿ”

๐Ÿ’ป How Does It Work?

The attackers inject malicious code directly into the website’s HTML pages or first-party scripts. This code operates in stages, making it harder to detect. The final goal is to capture sensitive information (like credit card details) entered by users during checkout and send it to a remote server. ๐Ÿ“ฅ๐Ÿ’ณ

๐Ÿค– Three Variations

404 Error Page Trick: Attackers use the error page to hide the skimmer code, which overlays a fake payment form to steal data.

Malformed HTML Image Tag: The skimmer code disguises itself within an image tag’s onerror attribute.

Fake Meta Pixel Code:

Fetches a sneaky JavaScript payload from an actor-controlled domain.

๐Ÿคฏ Why Is This Tricky?

These techniques make it tough for security systems to catch the malicious activity. They bypass static analysis and scanning, making the attacks harder to detect. ๐Ÿšซ๐Ÿ”

๐Ÿงฉ Unusual Concealment

The 404 error page trick is especially sly. It creates a “404 Not Found” response, leading to a modified error page that hides the skimmer code. This code looks like a payment form but secretly steals data for later use. ๐Ÿคซ๐Ÿ”’

๐Ÿš€ The Future of Magecart

This new twist in Magecart’s playbook shows their creativity and determination to evade detection. It’s a constant game of cat and mouse in the cybersecurity world! ๐Ÿฑ๐Ÿญ

Stay vigilant, stay safe, and keep an eye out for these sneaky online threats! ๐Ÿ›ก๏ธ๐Ÿ’ป

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Thou shall not Passkey ๐Ÿ”‘


๐Ÿ”’โœจ Google Introduces Passkeys for Hassle-Free and Secure Logins! ๐Ÿš€

๐Ÿค– Google has some exciting news for us. They’re making our online lives simpler and safer with the introduction of passkeys as the default way to sign in. ๐Ÿ™Œ

๐Ÿ” What Are Passkeys?

Passkeys are like magic keys that unlock your accounts without the need for usernames or passwords. Instead, they use public-key cryptography to verify your identity, with the private key safely stored on your device and the public key on the server.

๐ŸŒŸ Unique to You!

Each passkey is unique and tied to your username and a specific service. So, you’ll have one for Android, iOS, macOS, and Windows, or as many as you have accounts on each platform. ๐Ÿ“ฑ๐Ÿ’ป

๐Ÿ›ก๏ธ How It Works

When you sign in to a passkey-supported website or app, a random challenge is created.

You verify it using your biometric data or a PIN.

The private key signs the challenge and sends it back to the server.

If the server can validate it with the public key, you’re in! ๐Ÿคณ๐Ÿ”‘

๐Ÿ’ช Benefits Galore

Passkeys make life easier by ditching the need to remember passwords. Plus, they’re super resistant to phishing attacks, so your accounts are safer than ever. ๐Ÿšซ๐ŸŽฃ

๐ŸŒ Widening Adoption

Google joins the passkey party, following Microsoft, eBay, Uber, and more. It’s a game-changer for account security. ๐ŸŽ‰๐Ÿ’ผ

Say goodbye to password headaches and hello to a more secure online experience! ๐Ÿคฉ๐Ÿ”’

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ’Šย HealthHack:ย Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.

  • โ‚ฟ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • ๐Ÿง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles