Scam-as-a-Service (SaaS) aids hackers in crypto-jacks

Jan 01 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes you a Happy New Year πŸŽ‰πŸŽ‰πŸŽ‰ and wants you to make your new year’s resolution to be not to click on any phishy looking emails πŸŽ£πŸ‘ƒπŸ™ˆ

Today’s hottest cybersecurity news stories:

  • ⚠️ Scam-as-a-Service (SaaS) aids hackers in crypto-jacks πŸ’°

  • 🌍 Albanian parliament, telecom struck by smooth cyber-crims πŸ‘¨β€πŸ’»

  • πŸ€“ Microsoft knocks MSIX app for six to put a stop to malware πŸ‘Ύ

Mr. Scam-at-your-service sir 🧐🍸🎩

🚨 Crypto Alert: Rise in Phishing Threats – Protect Your Wallets!

Cybersecurity researchers have flagged an alarming surge in phishing attacks targeting cryptocurrency wallets, and it's time to dive into the details. πŸŽ£πŸ’Έ

🌐 Diverse Blockchain Targets

Check Point researchers, Oded Vanunu, Dikla Barda, and Roman Zaikin, reveal that these threats aren't limited to a single blockchain. Ethereum, Binance Smart Chain, Polygon, Avalanche, and nearly 20 other networks are under attack, with a unique wallet-draining technique.

πŸ‘₯ Meet the Culprit: Angel Drainer

This notorious phishing group offers a "scam-as-a-service," charging a hefty 20% to 30% of the stolen amount from collaborators. Another player, Inferno Drainer, recently shut down after helping scammers swipe $70 million from over 100,000 victims.

🎭 Phishing Tactics

Victims are lured through airdrop or phishing scams, tricked into connecting wallets on counterfeit websites spread through malvertising or unsolicited messages. The attackers stealthily gain access to funds, using tactics like mixers or multiple transfers to cover their tracks.

πŸ” Protect Your Crypto

Experts advise using hardware wallets for enhanced security, verifying smart contract legitimacy, and regularly reviewing wallet allowances for signs of suspicious activity.

πŸš€ Stay Informed, Stay Secure

Share this crucial alert with your crypto community to ensure everyone stays one step ahead of these evolving threats. πŸ›‘οΈπŸ’°

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Albania mania πŸ€ͺπŸ€ͺπŸ€ͺ

🌐 Albanian Cybersecurity Under Siege! 🚨

The Assembly of the Republic and One Albania, a major telecom player with 1.5 million subscribers, are grappling with cyber attacks, as disclosed by the National Authority for Electronic Certification and Cyber Security (AKCESK).

πŸ” AKCESK highlighted that, despite the attacks, current legislation doesn't classify these infrastructures as critical or important (ouch! πŸ˜‚). One Albania, on December 25, reassured users on Facebook that the security incident had been successfully handled, with no impact on mobile, landline, or IPTV services.

πŸ‘Ύ The cyber intrusions, traced back to non-Albanian IP addresses, triggered real-time identification efforts by AKCESK. The focus now lies on source tracing, system recovery, and implementing robust security measures.

πŸ’Ό Homeland Justice, an Iranian hacker group, claimed responsibility for the attacks on its Telegram channel. In a concerning twist, they also asserted breaching Air Albania, the national flag carrier.

🌐 This incident follows destructive cyber attacks on Albanian government services in mid-2022, with Homeland Justice claiming responsibility then too. The U.S. responded by sanctioning Iran's Ministry of Intelligence and Security.

πŸ’ͺ AKCESK pledges to fortify cybersecurity strategies amid evolving threats. Stay informed, stay secure! πŸ›‘οΈπŸš€πŸ’»

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)


🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Microsoft with his head πŸͺ“πŸ’€πŸͺ“

🚨 Microsoft Takes Action Against Malware Threat! 🚫

Microsoft announced the disabling of the ms-appinstaller protocol handler by default, as it became a tool for threat actors to distribute malware.

πŸ”’ The Microsoft Threat Intelligence team uncovered abuse of the protocol handler, exposing it as an access vector for malware, potentially leading to ransomware distribution. Cybercriminals offer a malware kit for sale, leveraging the MSIX file format and ms-appinstaller protocol handler.

πŸ›‘οΈ Effective in App Installer version 1.21.3421.0 or higher, the attacks involve signed malicious MSIX packages distributed via Microsoft Teams or deceptive ads for popular software on search engines.

πŸ’» At least four hacking groups have exploited this, using the App Installer service as an entry point for ransomware activities. Microsoft describes Storm-1113 as an "as-a-service" entity providing malicious installers to other threat actors.

πŸ“… Notably, this isn't the first time Microsoft disabled the ms-appinstaller protocol handler. In February 2022, a similar step was taken to prevent the delivery of threats like Emotet and TrickBot.

πŸš€ Stay informed, stay secure! Share this update to ensure everyone is vigilant against evolving cyber threats. πŸ›‘οΈπŸ’»

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:Β The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:Β Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles