WhiteSnake infoStealer malware infiltrates Windows machines

Jan 30 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that makes cybercriminals cry like a lovely dose of ceramic magic makes the big bald(ing) bloke from The Great Pottery Throw Down cry ???? If you know, you know ????

Today’s hottest cybersecurity news stories:

  • ???? WhiteSnake infoStealer malware infiltrates Windows machines ????

  • ????‍???? Trickbot malware dev sentenced to 64 months in prison. YAY! ????

  • ???? Data theft plagues U.S. K-12 schools after holiday season attacks ????

Hackers: Here I go again on Py-thoneee ????????????

 

giphy.com

 

???? Cybersecurity Alert: Python Package Index Threat! ????

Cybersecurity experts have identified malicious packages on the PyPI repository, delivering WhiteSnake Stealer malware to Windows systems. Threat actor “WS” uploaded packages like nigpal, figflix, and seGMM.

???? How it Works

These packages carry Base64-encoded source code in their setup.py files. Once installed, they drop a malicious payload, infecting Windows with WhiteSnake Stealer and compromising Linux hosts with a data-harvesting Python script.

???? Targets and Payloads

WhiteSnake Stealer on Windows steals info, communicates via Tor, and targets web browsers, crypto wallets, and apps like Discord. PYTA31, the threat actor, aims to exfiltrate sensitive data, including crypto wallet information.

???? Advanced Tactics

Some packages use clipper functionality to replace clipboard content with attacker-owned wallet addresses for unauthorised transactions. Others steal data from browsers, apps, and crypto services.

???? Worrying Trend

Fortinet warns of a single author disseminating multiple info-stealing malware packages on PyPI, each with distinct payload intricacies.

???? Broader Issue

ReversingLabs finds similar threats on npm package registry using GitHub to store stolen SSH keys.

Stay vigilant! ????️ Update your security measures and be cautious with package installations. Report suspicious activity ASAP! ????

 

Signup for Free

 

Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

It’s tricky to rock a rhyme, to rock a rhyme that’s right on time, it’s Trickbot ????

???? Justice Served: TrickBot Malware Developer Sentenced! ????

Russian National Behind Bars: Vladimir Dunaev, aka FFX, extradited to the U.S. in October 2021, has been sentenced to 64 months in prison for his role in developing and distributing the notorious TrickBot malware.

????‍⚖️ Legal Journey

Dunaev, a TrickBot gang developer since 2016, faced charges for computer fraud, identity theft, wire fraud, and bank fraud. He pleaded guilty on November 30, 2023.

???? Global Arrest Drama

Initially arrested at Seoul International Airport in August 2021, Dunaev faced an unexpected passport expiration hurdle after being stuck in South Korea due to COVID-19 lockdowns and travel cancellations.

???? TrickBot’s Dark History

TrickBot, a Windows banking Trojan since 2016, evolved with new features, infecting millions of computers globally. It initially collaborated with Ryuk ransomware and later with Conti Ransomware gang for network access.

???? Financial Impact

Dunaev’s actions led to over $3.4 million in fraud, affecting victims in the Northern District of Ohio, including schools and a real estate company.

???? Global Effort for Justice

The FBI Cleveland Field Office emphasises the case’s significance, highlighting collaboration among domestic and international partners to bring cybercriminals to justice.

⚖️ Strong Message Sent

Special Agent in Charge Greg Nelsen stresses that this sentencing sends a robust message to cybercriminals, demonstrating the commitment to combating malicious intent.

Stay vigilant against cyber threats! ????️ Update your security measures and report any suspicious activity. ????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)


???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)


???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

The kids aren’t alright ????????????

???? Education Under Siege: U.S. Schools Battling Cyber Threats! ????

Post-holiday season, K-12 schools across the U.S. face an alarming surge in cyberattacks and data thefts. Butte School District in Montana, Edmonds School District in Washington, Fullerton Joint Union High School District, and Glendale Unified School District in California have all reported data breaches.

???? Ransomware Hits Ohio’s Groveport Madison Schools

Groveport Madison Schools, Ohio, battled a ransomware attack, enduring a month-long recovery. The hackers, self-identified as BlackSuit, a suspected rebrand of the Royal ransomware gang, stole staff data. Despite disruptions, the district managed to fully recover, serving about 6,000 students in Franklin County.

???? Rapid Response

Superintendent Jamie Grube acknowledged the prompt warning from the Cybersecurity and Infrastructure Security Agency (CISA). Though internet access was shut down, damage was inflicted on Windows devices, security cameras, and printers. Grube assured no compromise of student or staff data occurred.

???? Vulnerabilities Unearthed

As schools embrace cloud-based platforms, cybersecurity researchers, like vpnMentor’s Jeremiah Fowler, uncover vulnerabilities. Fowler exposed millions of records from school security company Raptor Technologies, revealing incident response plans, school layouts, and sensitive information on at-risk students. Lawyers are now seeking affected individuals, and the D.C. public school system notifies parents of potential student information exposure.

????️ Growing Concerns

The increasing reliance on cloud platforms leaves educational institutions susceptible to cyber threats. Immediate actions, like suspending compromised software, are crucial to safeguard sensitive information.

????‍???? Education’s Digital Defense

As schools navigate the digital landscape, continuous vigilance, rapid response, and cybersecurity measures are essential to protect the integrity of education. Stay informed and report any suspicious activity promptly! ????

That’s all folks ✌️

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles