You have to read this fruity edition, its bursting with juice

Feb 24 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s got more subs than Jake Paul and Tommy Fury.

Today’s hottest cyber security stories:

  • Yes! We have Dole bananas’… files and data
  • Mine your own Bitcoins! Trojan-apps target macs
  • Social media’s a minefield… crypto mining, that is


Irish multinational agricultural giant Dole got caught slippin’ on Wednesday after falling victim to a ransomware cyberattack.

Ransomware attacks are where scammers hack into an individual’s, business’, or organisation’s computer network, lock everybody out, and then demand a ransom in exchange for restoring access.

In this latest instance, the ransom hasn’t been made public. So, one can only speculate…

We want 100,000 bananas… in unmarked skins! Whether or not the attack was orchestrated by a gang of hangry gorillas remains unclear at this juncture.

However, what we do know is Dole seems keen to sweep this recent attack under the rug and minimise its impact. But how disruptive was the breach, really?

Well, the attack reportedly forced the produce juggernaut to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN. Sounds pretty major to us, not gonna lie.

Dole publicly acknowledged the incident on Wednesday after the company memo was leaked and CNN got hold of the story.

It said: “The company has notified law enforcement about the incident and are cooperating with their investigation.

“While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.”

However, two grocery stores in Texas and New Mexico said they couldn’t stock Dole salad kits on their shelves for days.

Dole will no-doubt be keeping its eyes peeled from now on… After all, we’re talking about the company’s (banana) bread and butter.

Seriously though, boo ransomware. We hate you!


Has your Mac been running slow lately? Well, it will be easy to catch then, won’t it? Just kidding. If your mac seems sluggish, and you’ve recently installed a legit-looking app such as Final Cut Pro or Photoshop, there’s a chance you’ve been Trojan-horsed, son.

This latest strain of trojan-based malware installs itself on your Apple device and effectively sends your laptop down the mines to mine for the popular cryptocurrency Monero (XMR). The resulting XMR coins are then sneakily deposited into the attackers’ wallets.

This is known as crypto-jacking. Not making this up, honestly.

What is Monero (XMR)?

Monero is a decentralized cryptocurrency. It uses a public distributed ledger with privacy-enhancing technologies that obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading monero, transaction amounts, address balances, or transaction histories. Hence why it seems to be favoured by criminals presently.

In short, trojanised versions of legitimate apps are being used to deploy evasive cryptocurrency mining malware on macOS systems.

Affected apps:

  • Final Cut Pro, Apple-developed video editing software
  • DMG package for Adobe Photoshop CC 2019 (unconfirmed)

“This malware makes use of the Invisible Internet Project (i2p) […] to download malicious components and send mined currency to the attacker’s wallet,” Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley said.

The good news is Apple is taking steps to combat this by subjecting notarized apps to more stringent Gatekeeper checks in macOS Ventura, thereby preventing tampered apps from being launched. Phew!


There’s a new malware campaign in town but dw, Gone Phishing is here to give you the 4-1-1. So let us hit with some knowledge…

What’s it called?

S1deload Stealer


Because of its use of DLL side-loading techniques to get past security defences and execute its malicious components.


It comes in the side gate. Sort of.

What does it do?

It tries to take control of the users’ Facebook and YouTube accounts and rent out access to raise view counts and likes for videos and posts shared on the platforms.

What else?

It also invades victims’ devices potentially via their social media and sneakily mines for cryptocurrency; ‘BEAM’ coin cryptocurrency, to be precise.

What do the experts say?

Bitdefender researcher Dávid ÁCS said: “Once infected, S1deload Stealer steals user credentials, emulates human behaviour to artificially boost videos and other content engagement, assesses the value of individual accounts (such as identifying corporate social media admins), mines for BEAM cryptocurrency, and propagates the malicious link to the user’s followers.”

Another fantastic reason to log off social media and go for a walk in the park and smell the roses, eh?

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he’s your Dawg, he got you.

footer graphic cyber security newsletter

Recent articles