Top crypto wallet Ledger’s supply chain done for $600k

Dec 18 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that thinks Biden’s Democrats using #Decency as a slogan is a bit like a scammer being sponsored by McAfee ????????????

Today’s hottest cybersecurity news stories: 

  • ???? Top crypto wallet Ledger’s supply chain done for $600k ????

  • ????‍???? American database company MongoDB gets data jacked ????

  • ???? Microsoft warns of gift card scam its calling ‘Storm-0539’ ⛈️

Add $600k to the crypto theft Ledger ????????????

???? Ledger Faces Security Breach: $600,000 in Crypto Stolen! ????

Ledger, the prominent crypto hardware wallet maker, recently encountered a phishing attack that resulted in the theft of over $600,000 in virtual assets. ???? The breach unfolded when a former employee fell prey to a phishing attack, compromising Ledger's npm account.

???? Crypto drainer ????

The assailants exploited this access, uploading malicious code into versions 1.1.5, 1.1.6, and 1.1.7 of the "@ledgerhq/connect-kit" npm module. ???? This code unleashed a crypto drainer malware, impacting connected wallets and using a deceptive WalletConnect project to reroute funds to a hacker-controlled wallet.

Security firm Sonatype revealed that version 1.1.7 executed unauthorised transactions, directly draining wallets, while versions 1.1.5 and 1.1.6 downloaded a secondary npm package, acting as a crypto drainer.

???? Tether to the rescue ????

Responding swiftly, Ledger removed the malicious versions, released 1.1.8, and reported the threat actor's wallet addresses. ????️ Tether took action by freezing the stolen funds. However, this incident underscores the vulnerability of open-source ecosystems to supply chain attacks.

???? Update: The malicious npm module (2e6d5f64604be31) has been promptly removed, emphasising the continuous need for vigilance in the crypto space.

Stay safe, secure your assets, and be wary of potential threats! ????????

The best eye and brain candy curated from all corners of the web

No news. No politics. No BS.

Just the good stuff

100% Free

Where’s the data? It’s Mongone ????

???? MongoDB Investigates Security Incident: Customer Data Exposed! ????

MongoDB has launched an active investigation into a security incident that led to unauthorised access to "certain" corporate systems, exposing customer account metadata and contact details. ????️‍♂️ The American database software company detected unusual activity on December 13, 2023, and swiftly initiated its incident response efforts.

???? Atlas, an explanation ????

The unauthorised access had been ongoing for a period before discovery, though MongoDB assures customers that there's no known exposure to data stored in MongoDB Atlas. ???? While the exact compromise time frame remains undisclosed, MongoDB urges caution against social engineering and phishing attacks, advocating for the implementation of phishing-resistant multi-factor authentication (MFA) and regular password rotations for MongoDB Atlas.

But that's not the end of it! MongoDB faces increased login attempts affecting Atlas and its Support Portal. ???? The company clarifies that this issue is unrelated to the security event but acknowledges its impact on customer logins.

MongoDB is actively investigating the incident, promising updates as the investigation unfolds.

Stay vigilant, implement security measures, and watch out for further announcements! ????????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)

???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)

???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

The gift that keeps on g̶i̶v̶i̶n̶g̶ taking ????????????

???? Microsoft Alert: Storm-0539 Threat Targets Holiday Shoppers! ????????

Microsoft issues a warning about the rising threat named Storm-0539, orchestrating gift card fraud and theft through sophisticated email and SMS phishing attacks during the holiday season. ???? The threat aims to spread booby-trapped links, leading victims to adversary-in-the-middle (AiTM) phishing pages, harvesting credentials and session tokens.

⛈️ The Perfect Storm ⛈️

Once inside, Storm-0539 registers its device for secondary authentication, bypassing Multi-Factor Authentication (MFA) and persisting with compromised identities. ???? This foothold enables lateral movement, accessing cloud resources to target gift card-related services for fraud. The group also gathers emails, contact lists, and network configurations, emphasising the need for robust credential hygiene.

☕ It’s no storm in a teacup ☕

Described as a financially motivated group active since 2021, Storm-0539 conducts extensive reconnaissance to craft convincing phishing lures. Microsoft highlights the threat's proficiency in cloud providers and post-compromise activities.

☂️ Weathering the Storms ☂️

This disclosure follows Microsoft's recent court-ordered seizure of a Vietnamese cybercriminal group, Storm-1152, which sold access to 750 million fraudulent Microsoft accounts. ???? Additionally, Microsoft warns of threat actors exploiting OAuth applications for financially motivated cyber crimes, including business email compromise, phishing, spamming, and illicit cryptocurrency mining.

Stay vigilant and secure during the festive season, folks! ????✨

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles