You might not sleep well after this.

Aug 03 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like Democrats treat former U.S. presidents ????????????

Today’s hottest cyber security stories:

  • ????️ Mattress giant Tempur Sealy gets cyberattacked forcing system shutdown ????

  • ???? New NodeStealer variant targets Facebook Business accounts, crypto wallets ????

  • ???? Hackers steal Signal, WhatsApp user data with fake Android chat app ????

Mattress Attack turns up the Tempurature ????

???????? Cyberattack Hits World's Biggest Mattress Seller! ????????

Tempur Sealy, the leading bedding provider known for brands like Tempus, Cocoon, Sealy, and Stearns & Foster, is facing a cyberattack that has forced parts of its IT systems to shut down. ????????

Chief Financial Officer Bhaskar Rao reported the incident to the U.S. Securities and Exchange Commission on Monday, stating that the attack began on July 23, disrupting operations.

While the company hasn't confirmed if it's a ransomware attack, they activated incident response and business continuity plans to contain the situation. Legal counsel, cybersecurity experts, and authorities have been engaged to advise on the matter. ????‍????????️‍♂️

Tempur Sealy has started bringing critical IT systems back online and resumed operations, but the financial impact is still being assessed. ???????? They are also investigating whether customer or employee data was compromised and plan to inform regulators if any data was leaked. ????????

No specific hacking group has claimed responsibility for the attack. In the past, hackers targeted mattress sellers like and to steal payment information. ????????

Stay tuned for further updates on this developing situation. Remember to stay vigilant and protect your online data! ????️????

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Oh Node you didn’t ????

????????️‍♂️ Python Variant of NodeStealer Poses Threat to Facebook Business Accounts and Cryptocurrency ????????️‍♂️

Cybersecurity experts at Palo Alto Networks Unit 42 have discovered a new variant of the stealer malware called NodeStealer, designed to target Facebook business accounts and steal cryptocurrency. The campaign began in December 2022, but there is no current evidence of its activity. ????????????????

NodeStealer was initially exposed by Meta (formerly Facebook) in May 2023, and it was known for harvesting cookies and passwords from web browsers to compromise Facebook, Gmail, and Outlook accounts. While previous versions were written in JavaScript, the latest strain is coded in Python, making it even more dangerous. ????????️

According to Lior Rochberger, a researcher at Unit 42, NodeStealer poses significant risks to both individuals and organisations. Besides directly impacting Facebook business accounts financially, the malware steals browser credentials, which could lead to further cyberattacks. ????????

The attacks start with deceptive messages on Facebook, promising free "professional" budget tracking Microsoft Excel and Google Sheets templates. Victims are tricked into downloading a ZIP archive file hosted on Google Drive, which then initiates the malware. ????????????

????️ Top Tips:

  • Stay vigilant and cautious while interacting on social media platforms and avoid downloading suspicious files. Regularly update your cybersecurity measures to protect against evolving threats. ????️????

????️ Extra, Extra! Read all about it ????️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ???? The MoneyFitt Morning: A daily heads-up on what's important in investing & business. Loved by investors of all levels.

  • ???? Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.

  • ???? The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft.

Let us know what you think!

WhatsApp? Signal failure…

???????? Beware of 'SafeChat' Android App Spreading Spyware! ????????

Hackers are using a fake Android app called 'SafeChat' to infect devices with spyware, compromising call logs, texts, and GPS locations from phones. ????????????????️

This Android spyware is suspected to be a variant of "Coverlm," which targets popular communication apps like Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

The Indian APT hacking group 'Bahamut' is behind the campaign, mainly employing spear-phishing messages on WhatsApp to deliver malicious payloads to victims. ????????????

Researchers at CYFIRMA have identified similarities between 'Bahamut' and another Indian state-sponsored group called 'DoNot APT' (APT-C-35), which previously infiltrated Google Play with fake chat apps acting as spyware. ????????????

The 'Safe Chat' app appears authentic, tricking victims into installing it, often under the pretext of transitioning to a more secure platform for communication. The interface looks legitimate, and the user registration process adds credibility, providing a cover for the spyware. ????✉️????️‍♂️

The latest campaign by Bahamut targets individuals in South Asia.

????️ Top Tips:

  • It's essential to be cautious while downloading apps and avoid suspicious links to protect your personal data from such cyber threats.

    ????️???? Stay informed and stay safe! ????????

So long and thanks for reading all the phish!

Recent articles