Phishing Alert: Telegram Transforms into Cybercrime Hub

Feb 01 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s giving you more hope than the Fed with rate cuts ????????????

Today’s hottest cybersecurity news stories:

  • ???? And the Telegrammy goes to hackers w/ their DIY kits ????

  • ???? Italian suffer cheesy crypto hack attacks via USB attacks ????

  • ???? It’s a data leak anthology of Direct Trading Technologies ????????‍????s ????

DIY hack and pry ????


???? Phishing Alert: Telegram Transforms into Cybercrime Hub! ????

???? Cybersecurity researchers from Guardio Labs have uncovered a concerning trend in the world of cybercrime—the “democratisation” of the phishing ecosystem through Telegram. This messaging app, priced as low as $230, has become a thriving hub for cybercriminals, allowing both seasoned and novice actors to exchange tools and insights, creating a dark supply chain.

???? The once-invite-only dark web activities are now easily accessible on public Telegram channels, exposing aspiring cybercriminals to malicious tools and tactics. Guardio Labs warns of the ease with which phishing campaigns can be constructed using affordable tools and kits available on the platform.

???? In April 2023, Kaspersky reported on Telegram channels educating newcomers about phishing, offering automated bots like Telekopye for large-scale scams. Guardio Labs emphasises the dual responsibility of website owners to protect against scammers exploiting their platforms for phishing operations.

???? Digital marketplaces on Telegram provide “letters”—expertly designed email templates—enhancing the authenticity of phishing campaigns. Additionally, bulk datasets or “leads” with personal information are available to maximise attack effectiveness.

???? These phishing campaigns aim to monetize stolen credentials by selling them as “logs,” yielding a significant return on investment. Social media credentials sell for as little as a dollar, while banking details can fetch hundreds.

????️ Guardio Labs underscores the alarming accessibility of cybercrime, urging vigilance and protection against unwitting involvement in phishing operations. Stay informed, stay secure! ????????????????


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.


???? Alert: UNC4990 Targets Italian Organisations with USB Attacks! ????

???? Mandiant, a subsidiary of Google, has identified a financially motivated threat actor, UNC4990, utilising weaponized USB devices to infiltrate organisations in Italy. This threat spans various sectors, including health, transportation, construction, and logistics.

???? UNC4990’s modus operandi involves widespread USB infections, deploying the EMPTYSPACE downloader. The attacks leverage third-party websites such as GitHub, Vimeo, and Ars Technica to host encoded stages, downloaded and decoded via PowerShell in the execution chain.

???? Active since late 2020, UNC4990 predominantly operates from Italy, utilising Italian infrastructure for command-and-control (C2) functions. The end goal remains unclear, though instances of deploying an open-source cryptocurrency miner have been reported after prolonged beaconing activity.

????️ The infection initiates with a victim clicking on a malicious LNK shortcut file on a USB device, triggering a PowerShell script to download EMPTYSPACE from a remote server. Yoroi identifies four EMPTYSPACE variants (Golang, .NET, Node.js, Python), acting as conduits for fetching next-stage payloads from the C2 server, including the QUIETBOARD backdoor.

???? QUIETBOARD, a Python-based backdoor, exhibits versatile capabilities, executing commands, altering crypto wallet addresses, spreading through removable drives, taking screenshots, and gathering system information. Notably, UNC4990 utilises popular sites like Ars Technica and GitHub for hosting malicious payloads.

???? While content hosted on these services poses no direct risk to users, vigilance is crucial. UNC4990’s modular approach, using multiple programming languages, suggests adaptability and experimentation, posing a persistent threat.

???? Stay informed, enhance security measures! ????????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

You better Fintech yourself before you wreck yo’ self ????????????

???? Security Breach Alert: Fintech Firm Leaks Data of 300K+ Traders! ????

???? International fintech company Direct Trading Technologies (DTT) is under scrutiny as it inadvertently exposed the sensitive data and trading activity of over 300,000 traders, putting them at risk of account takeovers. Discovered by Cybernews on October 27th, a misconfigured web server belonging to DTT contained backups and development code references.

???? DTT, operating globally with a focus on Saudi Arabia, offers trading platforms for various assets, including stocks, forex, metals, energies, indices, CFDs, and cryptocurrencies. The leaked directory included database backups with extensive information on users, posing risks from identity theft to account manipulation.

???? Leaked Data Highlights:

  • Trading activity of 300K+ users over six years

  • Names, email addresses, and IP addresses

  •  Exposed passwords for users with DTT email addresses

  •  Home addresses, phone numbers, and partial credit card details

  • Hashed passwords for DTT trading platform access

  • KYC document storage locations and metadata (documents not exposed)

  • Database credentials and white-label customer details in plaintext

???? Cybernews promptly notified DTT, and while the issue was resolved, an official response is pending. The leaked information, including internal comments from the outreach team, raises concerns about potential financial account takeovers.

???? This breach underscores the urgency for robust cybersecurity in the rapidly growing fintech industry. Traders, holding accounts with substantial value, become prime targets for threat actors. Stay vigilant and informed to protect your financial data! ????????

That’s all for today, cyber tigers ????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles