Sneaky new tactic to watch for

Aug 01 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that gives cybercriminals the Bud Light treatment πŸ˜‚ Is Costa next? πŸ‘€

Today’s hottest cyber security stories:

  • 🍍 β€˜Fruity’ Trojan spreads Remcos RAT (remote access trojan) 🐴

  • πŸ’» AVRecon botnet enslaves routers to fuel illegal proxy service 🚫

  • 🏫 School accreditation organisation hacked! Student & teachers’ data leaked πŸ’§

Tutti Frutti 🎢

πŸ“°πŸ”’ Cybersecurity Alert: Beware of Fruity Trojan Campaign! 🍎🚨

πŸ•΅οΈβ€β™‚οΈ Threat actors are upping their game with a sneaky new tactic! They're creating fake websites hosting software installers 🌐 that seem legit, but secretly contain the dangerous Fruity trojan 😱. Their aim? To install remote trojan tools like the Remcos RAT πŸ€.

According to cybersecurity vendor Doctor Web, the fake sites offer various software tools for CPUs, graphic cards, BIOS, and more 😎. These installers are deceivingly legit, bundled with the trojan itself! 😈

How does it work? When you land on one of these sites, you're prompted to download a ZIP installer package πŸ’½. The sneaky part? While you're busy installing the software, Fruity trojan gets activated in the background, without you even knowing! πŸ™ŠπŸ€―

Fruity trojan is one crafty malware! It uses steganography, a secret hiding technique, to conceal two executable files and shellcode within an innocent-looking image file πŸ–ΌοΈ. Sneaky, right?

But that's not all! Fruity trojan also knows how to be a ninja πŸ₯·! It can bypass antivirus detection on your computer, making it even harder to catch πŸ¦Έβ€β™‚οΈ. And once it's done with the stealthy moves, it launches the Remcos RAT payload, giving hackers control over your system! πŸ’»πŸš«

πŸ›‘οΈ Top Tips:

  • 🚨 Stay alert, folks! Don't fall for the trap 🚫🍎. Be cautious when downloading software from unfamiliar websites and always double-check the source πŸ‘€. Keep your cybersecurity tools updated and your πŸ›‘οΈ shields up! Let's keep our digital world safe! πŸ’ͺ🌐

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Hmm what do you (AV)recon?

πŸ”πŸ  Beware of AVRecon Botnet: Your Home Router at Risk! 🚨🌐

πŸ•΅οΈβ€β™‚οΈ More details have emerged about the dangerous AVRecon botnet, and it's using compromised small office/home office (SOHO) routers in a large-scale campaign since May 2021 😱.

🦠 AVRecon is no ordinary malware! It can execute additional commands and steal your bandwidth for illegal proxy services, available to other cyber actors πŸ•΅οΈβ€β™€οΈ. Shockingly, it has already infiltrated over 41,000 nodes across 20 countries, surpassing QakBot in scale πŸ”₯.

πŸ›‘οΈ The botnet creates residential proxy services to mask malicious activities like password spraying, web-traffic proxying, and ad fraud πŸ•΅οΈβ€β™‚οΈπŸŒ.

It's not just a recent threat; it's been lurking around for 12 years! Researchers have found that AVRecon is the engine behind a service called SocksEscort, offering hacked residential and small business devices to cybercriminals seeking to hide their true online locations πŸ πŸ‘£.

πŸ›‘οΈ Top Tips:

  • ⚠️ Stay vigilant and protect your home router! Keep your cybersecurity up-to-date to avoid falling victim to this stealthy threat. Let's keep our digital homes safe from these cyber villains! πŸ’ͺπŸ›‘οΈ

πŸ—žοΈ Extra, Extra! Read all about itΒ πŸ—žοΈ

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ’ΈΒ The MoneyFitt Morning: A daily heads-up on what's important in investing & business. Loved by investors of all levels.

  • πŸ“ˆΒ Trends.vc: Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.

  • 😈 The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft.

Let us know what you think!

School’s (data’s) out!

πŸ“’πŸ”’ Urgent Data Breach Alert: Students, Parents, and Teachers at Risk! 😱🚨

πŸ” Cybersecurity researcher, Jeremiah Fowler, has uncovered a major data breach 😨. A non-password protected database containing 680k records was exposed online, and it appears to be related to educational institutions 🏫.

Shockingly, this database belongs to the Southern Association of Independent Schools, Inc (SAIS) 😱.

πŸ“š The sensitive information exposed includes student and teacher records, health info, social security numbers (SSN), active shooter and lockdown notifications, school maps, financial budgets, and more! πŸ˜₯ The records span from 2012 to 2023 πŸ“….

😳 What's even scarier is that the breach revealed confidential third-party security reports πŸ•΅οΈβ€β™‚οΈ, exposing weaknesses in school security, camera locations, access points, and more. This poses a severe real-world security risk to students and teachers' safety 🚸.

🚨 Immediate action was taken after the responsible disclosure notice was sent to SAIS, and the database has been secured from public access. But the impact of this breach is significant πŸ˜“.

Stay vigilant and be cautious about sharing sensitive information online! Let's protect our education community from cyber threats! πŸ›‘οΈπŸ’ͺ

That’s all for today, cyber-squad.

So long and thanks for reading all the phish!

Recent articles