The Sneaky New Android Dropper-as-a-Service (DaaS) ๐Ÿ˜ˆ

Nov 07 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s โ€˜tough on cybercrime, tough on causes of cybercrimeโ€™ ๐Ÿ˜‚ Showing our age? ๐Ÿ™ˆ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ”“ SecuriDropper-as-a-service storms new Google Play defences ๐Ÿฅ…

  • โš ๏ธ Google warns of how hackers could abuse its calendar service ๐Ÿ“…

  • ๐Ÿคท Russian woman sanctioned by U.S. for laundering virtual currency ๐Ÿ‘จโ€๐Ÿ’ป

SecuriDrops is on fire! Googleโ€™s defence is terrified ๐Ÿ™ˆ๐Ÿ˜‚๐Ÿ˜‚

๐Ÿค– Introducing SecuriDropper: The Sneaky New Android Dropper-as-a-Service (DaaS) ๐Ÿ˜ˆ

๐Ÿ“ข Cybersecurity researchers have uncovered a new Android threat, known as SecuriDropper, a Dropper-as-a-Service (DaaS) that's causing a stir in the cyber world! ๐Ÿ˜ฑ

๐Ÿ‘พ What is a DaaS? It's a sneaky tool which can be purchased by anyone (hence โ€˜as-a-service) that helps cybercriminals install malware on your Android device, all while (in this case, at least!) bypassing Google's latest security measures. ๐Ÿ˜จ

๐Ÿ›ก๏ธ Google's Android 13 brought new security features, including "Restricted Settings" to prevent malicious apps from hijacking your device. But SecuriDropper cleverly sidesteps this safeguard by disguising itself as harmless apps. ๐Ÿ˜‡

๐Ÿ›ก๏ธ What's more, SecuriDropper uses a different Android API to mimic marketplace installations, making it harder to detect. ๐Ÿ˜ฒ

๐Ÿ’ผ Cybersecurity firm ThreatFabric warns that this malware can lead to the distribution of nasty banking trojans like SpyNote and ERMAC. ๐Ÿ˜ก

๐Ÿ’ก Stay safe: Avoid downloading apps from sketchy websites and third-party sources. Stick to trusted app stores. ๐Ÿ›ก๏ธ

๐Ÿ“š Keep yourself informed about the latest cybersecurity threats, and remember that Android users have control over their app permissions. Google is also working tirelessly to protect users. ๐Ÿ‘

Stay safe out there, and keep those devices secure! ๐Ÿ”’๐Ÿ’ป

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Hackers: Hmm let me see when I can pencil you in ๐Ÿ‘€๐Ÿ“…๐Ÿ’€

๐Ÿšจ Google Calendar Exploit Alert! ๐Ÿšจ

๐Ÿ“… Google has issued a warning about a potential threat involving its Calendar service being used for cyber attacks. ๐Ÿ˜ฑ

๐Ÿ› ๏ธ The exploit, called Google Calendar RAT (GCR), was publicly shared on GitHub in June 2023. It cleverly uses Google Calendar Events as a command-and-control (C2) mechanism, with events hosted through a Gmail account.

๐Ÿ•ต๏ธโ€โ™‚๏ธ The developer behind this tool, known as MrSaighnal, explains that GCR creates a "Covert Channel" by manipulating event descriptions in Google Calendar, allowing a direct connection with the target. ๐Ÿ˜ฎ

๐ŸŒ Google hasn't seen GCR used in real-world attacks, but its Mandiant threat intelligence unit has noticed threat actors sharing this proof-of-concept on underground forums.

๐Ÿ›ก๏ธ GCR can periodically check the event description for new commands, execute those commands on the target device, and update the event description with the command output. Because it operates on legitimate infrastructure, detecting suspicious activity becomes challenging.

๐ŸŒฅ๏ธ This incident emphasises how cyber threats are evolving, with attackers using cloud services to hide in plain sight. Even a nation-state actor has been caught using a .NET backdoor, codenamed BANANAMAIL, for Windows, which uses email for command-and-control operations.

๐Ÿ” Google is actively addressing these threats, taking down attacker-controlled Gmail accounts linked to such malware. Stay vigilant and follow best security practices to protect your data and devices. ๐Ÿ’ป๐Ÿ“…๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Shock, none of her esteemed clientele came Russian to her defence ๐Ÿ™„๐Ÿ˜’๐Ÿ˜

๐Ÿšจ U.S. Treasury Sanctions Russian Woman for Money Laundering ๐Ÿšจ

The U.S. Department of the Treasury has taken action against Ekaterina Zhdanova, a Russian individual, for her involvement in laundering virtual currency for Russia's elites and cybercriminal groups, including the notorious Ryuk ransomware gang. ๐Ÿ’ฐ

๐ŸŒ Zhdanova is accused of facilitating large cross-border transactions to help Russian individuals access Western financial markets and evade international sanctions. She utilises entities lacking Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) controls, like the OFAC-designated Russian crypto exchange Garantex Europe OU (Garantex). ๐Ÿ’ผ

๐Ÿ’ธ To move funds internationally, Zhdanova employs various methods, including cash and connections to international money laundering associates and organisations. It's worth noting that Garantex was previously sanctioned in April 2022, alongside the takedown of the dark web marketplace Hydra. ๐Ÿ”’

๐Ÿ•ต๏ธ She's also accused of assisting the Ryuk ransomware group by laundering over $2.3 million of suspected victim payments in 2021. Ryuk, a precursor to Conti ransomware, has targeted governments, healthcare, and more since 2018.

๐Ÿ‘ฎโ€โ™‚๏ธ In a related case, a Russian citizen named Denis Mihaqlovic Dubnikov pleaded guilty to money laundering charges connected to Ryuk ransomware attacks earlier this year.

๐Ÿ’ผ As ransomware attacks continue to rise, organisations are urged to adopt comprehensive defence strategies, including robust backups, security software, user training, and proactive incident response plans. ๐Ÿ›ก๏ธ๐ŸŒ๐Ÿ’ธ๐Ÿ”

Donโ€™t get caught with your pants down folks; ransomware is the cyber-scourge of our time. Stay safe out there, true believers โœŠ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles