Top crypto wallet Ledgerโ€™s supply chain done for $600k

Dec 18 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that thinks Bidenโ€™s Democrats using #Decency as a slogan is a bit like a scammer being sponsored by McAfee ๐Ÿ’€๐Ÿ™ˆ๐Ÿ˜‚

Todayโ€™s hottest cybersecurity news stories:ย 

  • ๐Ÿ‘› Top crypto wallet Ledgerโ€™s supply chain done for $600k ๐Ÿ’ฐ

  • ๐Ÿ‘จโ€๐Ÿ’ป American database company MongoDB gets data jacked ๐Ÿค

  • ๐Ÿค“ Microsoft warns of gift card scam its calling โ€˜Storm-0539โ€™ โ›ˆ๏ธ

Add $600k to the crypto theft Ledger ๐Ÿ“’๐Ÿ‘€๐Ÿ˜ญ

๐Ÿ” Ledger Faces Security Breach: $600,000 in Crypto Stolen! ๐Ÿ˜ฑ

Ledger, the prominent crypto hardware wallet maker, recently encountered a phishing attack that resulted in the theft of over $600,000 in virtual assets. ๐Ÿšจ The breach unfolded when a former employee fell prey to a phishing attack, compromising Ledger's npm account.

๐Ÿ’ธ Crypto drainer ๐Ÿ’ธ

The assailants exploited this access, uploading malicious code into versions 1.1.5, 1.1.6, and 1.1.7 of the "@ledgerhq/connect-kit" npm module. ๐Ÿ˜จ This code unleashed a crypto drainer malware, impacting connected wallets and using a deceptive WalletConnect project to reroute funds to a hacker-controlled wallet.

Security firm Sonatype revealed that version 1.1.7 executed unauthorised transactions, directly draining wallets, while versions 1.1.5 and 1.1.6 downloaded a secondary npm package, acting as a crypto drainer.

๐Ÿฆธ Tether to the rescue ๐Ÿฆธ

Responding swiftly, Ledger removed the malicious versions, released 1.1.8, and reported the threat actor's wallet addresses. ๐Ÿ›ก๏ธ Tether took action by freezing the stolen funds. However, this incident underscores the vulnerability of open-source ecosystems to supply chain attacks.

๐Ÿšจ Update: The malicious npm module (2e6d5f64604be31) has been promptly removed, emphasising the continuous need for vigilance in the crypto space.

Stay safe, secure your assets, and be wary of potential threats! ๐Ÿ”’๐Ÿ’ฐ

The best eye and brain candy curated from all corners of the web

No news. No politics. No BS.

Just the good stuff

100% Free

Whereโ€™s the data? Itโ€™s Mongone ๐Ÿ˜ฌ

๐Ÿ” MongoDB Investigates Security Incident: Customer Data Exposed! ๐Ÿ˜ฑ

MongoDB has launched an active investigation into a security incident that led to unauthorised access to "certain" corporate systems, exposing customer account metadata and contact details. ๐Ÿ•ต๏ธโ€โ™‚๏ธ The American database software company detected unusual activity on December 13, 2023, and swiftly initiated its incident response efforts.

๐Ÿ˜ Atlas, an explanation ๐Ÿ˜

The unauthorised access had been ongoing for a period before discovery, though MongoDB assures customers that there's no known exposure to data stored in MongoDB Atlas. ๐ŸŒ While the exact compromise time frame remains undisclosed, MongoDB urges caution against social engineering and phishing attacks, advocating for the implementation of phishing-resistant multi-factor authentication (MFA) and regular password rotations for MongoDB Atlas.

But that's not the end of it! MongoDB faces increased login attempts affecting Atlas and its Support Portal. ๐Ÿšจ The company clarifies that this issue is unrelated to the security event but acknowledges its impact on customer logins.

MongoDB is actively investigating the incident, promising updates as the investigation unfolds.

Stay vigilant, implement security measures, and watch out for further announcements! ๐Ÿ”’๐ŸŒ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

The gift that keeps on gฬถiฬถvฬถiฬถnฬถgฬถ taking ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿšจ Microsoft Alert: Storm-0539 Threat Targets Holiday Shoppers! ๐ŸŽ๐Ÿ”’

Microsoft issues a warning about the rising threat named Storm-0539, orchestrating gift card fraud and theft through sophisticated email and SMS phishing attacks during the holiday season. ๐ŸŽ„ The threat aims to spread booby-trapped links, leading victims to adversary-in-the-middle (AiTM) phishing pages, harvesting credentials and session tokens.

โ›ˆ๏ธ The Perfect Storm โ›ˆ๏ธ

Once inside, Storm-0539 registers its device for secondary authentication, bypassing Multi-Factor Authentication (MFA) and persisting with compromised identities. ๐Ÿ˜ฑ This foothold enables lateral movement, accessing cloud resources to target gift card-related services for fraud. The group also gathers emails, contact lists, and network configurations, emphasising the need for robust credential hygiene.

โ˜• Itโ€™s no storm in a teacup โ˜•

Described as a financially motivated group active since 2021, Storm-0539 conducts extensive reconnaissance to craft convincing phishing lures. Microsoft highlights the threat's proficiency in cloud providers and post-compromise activities.

โ˜‚๏ธ Weathering the Storms โ˜‚๏ธ

This disclosure follows Microsoft's recent court-ordered seizure of a Vietnamese cybercriminal group, Storm-1152, which sold access to 750 million fraudulent Microsoft accounts. ๐Ÿ›‘ Additionally, Microsoft warns of threat actors exploiting OAuth applications for financially motivated cyber crimes, including business email compromise, phishing, spamming, and illicit cryptocurrency mining.

Stay vigilant and secure during the festive season, folks! ๐Ÿ”โœจ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles