Tag: hackers

Programming, Security, Tech

Cats & Hat Tricks

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Yes human, keep petting me in hopes that I never turn on you.
Photo by Anna Alexes, please support by following @pexel.com

They are not Cats in a Hat and the eggs they offer will scramble your ham. If these cats come knocking at your door it’s not a good thing. Charming Kitten has employed a malicious tactic which is causing some major issues. We’re going to look at the attack, who is using it, the functionality and effects upon its release, and what are some ways to keep safe from these kittens dropping a plate at your doorstep.

That’s right kitty, you’re about to be exposed.
Photo by Cong H, please support by following @pexel.com

The Attack

Knocking on your door, what is this attack? Look no further than what’s being called “NokNok”. This is a backdoor type of malware, kind of like a trojan, that is targeting macOS (Mac Operating Systems).

Window users don’t let your hair down, you’re on the menu too. Like with trojans, once it’s in, it creates a backdoor for later entry and the victim won’t have a clue until it’s too late.

Jenny: Honey, the script said hackers, we can still trust the cat.
Brad: I still think we should get rid of it just in case.
Photo by Vlada Karpovich, please support by following @pexel.com

Who Can It Be Now

Now don’t let the name Charming Kitten fool you, there’s nothing cute about these cats. They are an Iranian government cyberwarfare group classified as an advanced persisting threat (APT) and have gone by other names such as APT35, Phosphorus, Ajax Security, and NewsBeef.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Things getting out of hand tend to take off.
Photo by SpaceX, please support by following @pexel.com

That Sinking Feeling

In this cyber-espionage comes the war you never wanted. Their targets include circles of US foreign affairs and nuclear security. Their attacks involve email phishing attempts, which could be considered whale phishing, to a nuclear security expert at the U.S.-based think tank, focused on foreign affairs to deliver a troublesome link to a Google script macro that would redirect to a Dropbox URL (Uniform Resource Locator) housing a RAR (Roshal Archive) archive.

Once presented with this file, an LNK dropper sets off a multi-stage process to deploy GorjolEcho, in turn, shows a decoy of a PDF document while awaiting the payload from a remote server. If it recognizes that it is in an Apple or MacOS, it will tweak its operation by sending a second email with a ZIP archive storing a Mach-O binary that masks as a VPN (Virtual Private Network) application. In truth, this would be an AppleScript to contact the remote server to download the payload to run the Bash script for the backdoor calling NokNok.

NokNok then retrieves modules that are able to gather information as to the running process, installed applications, and metadata from the system. The threat actor uses a fake file-sharing website which likely functions as a footprint for visitors and tracks new victims.

Out of all this, just know once it’s in it begins to collect information on the machine and user or users in secret.

Looks like that time for some awareness training.
Photo by cottonbro studio, please support by following @pexel.com

The Prevention

Charming Kitten has a high degree of adaptability because it can target both MacOS and Windows. It is strongly recommended when going through emails that caution is exercised.

Emails with attachments or links could be infectious which could put your machine at risk. Never download from untrusted or unknown sources as this could house malicious malware.

Always use and keep up to date with the anti-virus software as this will alert you to any danger on your machine. Frequent scanning of your computer should help safeguard you from experiencing a NokNok at your door.

I have a malware package from “We are Cats-To-Go.”
Photo by Pavel Danilyuk, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on NokNok? Script a comment below.

Programming, Security, Tech

Ducktails vs. Duck Tales

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Bye-bye Mr. Duck, Scriptingthewhy told my dad all about you.
Photo by Abdel Rahman Abu Baker, please support by following @pexel.com

Ducktails is not going to have a good spin after you read about this one. So you may have looked at the title and thought that you are going to read a nice story about Ducktails and have those memories of being a child sitting in front of the TV on weekday afternoons and Saturday mornings come rushing back to you.

Remembering the time sat through your watch list of favorite cartoons until you got to the main event. However, sadly, you’re not going to have that moment. We have come across some information that will have your head spinning including your tail.

So, as usual, we’ll be covering what the attack is, who is using it, the functionality, and effects upon release, and what are some ways to protect yourself from this being the last Saturday morning for your peace of mind.

We found a duck in your computer, it was ducking.
Photo by Ekaterina Belinskaya, please support by following @pexel.com

The Attack

What has you spinning around like a record from the 80s? Great that you asked, the intruder in question is called “Ducktail”, and no, it’s not “Duck Tales”. As mentioned earlier, your sweet childhood is here to be exploited, not rewarded.

Ducktail is what is known as “adware”, adware for those who may not know is malware software that secretly installs itself on the victim’s device and pops up unwanted advertisements.

No, your YouTube account doesn’t have adware, that’s just YouTube being god-awful. Speaking of god-awful, did you know that ducktail was a hairstyle? I’ll take the adware, please.

Ed: You know they could give us more information as to who the scammers are.
Z-daddy: It’s not that simple, and most of the time it’s untraceable.
Photo by Athena, please support by following @pexel.com

Who Can It Be Now

As far as who has been making use of ducktails to make other people’s lives interesting, there have been no names. However, it is believed that its origins trace back to Vietnam a few years back.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Sue: Ed, I thought you landed a job interview and was looking to get out of here.
Ed: It was a scam.
Sue: Oh, well, Scriptingthewhy could’ve told you about that.
Photo by olia danilevich, please support by following @pexel.com

That Sinking Feeling

Are you confused about how something like this works? Don’t worry, I have you on that front. The Ducktails adware pairs with NodeStealer and targets Meta business and Facebook (also called Meta) accounts and for lack of better a term, hi-jack the accounts.

Once access is gained, social engineering can begin, where multiple victims can be approached through various platforms like Facebook, LinkedIn, and WhatsApp, even including freelancer platforms like Upwork.

So, yeah, once in, everyone is getting a spicy meatball, and no one is off the menu. Ducktail also has another way in due to performing what is called “search engine poisoning”, this is the dark art of tricking a search engine like Google into ranking webpages to appear number one so they can further distribute their malware.

The overall is you’re being lured into giving your information. These lures involve bogus posting on Upwork, Freelancer, Facebook ads, LinkedIn mailing, and even those “Disney is hiring for Data Analytics 100% remote position” ads you see on YouTube. Disney, like any other job, wants your butt in a seat on-site. Don’t fall for this.

Back on track, so once the adware gets onto your computer and begins to steal information, this includes items like saved session cookies from the browser to then tailor ads more personal to the victim. So basically, you have in your search history lawn mowers, it finds that and crafts you “lawn mowers for cheap or even free”, you click, and pop goes the weasel.

The good news is the rest of your collected information doesn’t go to waste however, it has been known to be sold on the dark web for about $15 USD to about $340 USD depending on who you are. You’re still worth something, whether you believe it or not.

You make one move on my owner’s computer and you’re gone with Tweetie. You got me?
Photo by Turong Chopper, please support by following @pexel.com

The Prevention

So it’s clear, you don’t want your tail like your life spinning out of control. Well, don’t worry, I have you on that one. Everyone thinks that cybersecurity is using cutting-edge technology to stop the bad guys when in reality, it’s just practicing some good fundamental habits.

A simple way of thinking about a form of protecting yourself is when contacted by anyone you don’t know and they request you visit a link, uh treat it like the front door of your house, and don’t open it. I hope you wouldn’t open the door all the way for a complete stranger so the same applies here.

Always keep a lookout when visiting websites as if you look in your browser search bar and to the left, if the little lock symbol is not locked then that means the site is not secure. This means everyone else can see your transactions and you don’t want that.

When downloading software, it is always best to download from the official site and not a third party as downloading from a third party may contain malware and other nasty software.

Having your operating system and anti-virus up to date is a must because patches for vulnerabilities are released often and further help protect your computer. Always remember, your tail is meant to twerk for a paycheck, not twerking because you lost one.

Whoa there lil duckie, we’re not saying all ducks are bad.
Photo by Pixabay, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Ducktail? Script a comment below.

Programming, Security, Tech

Buzzing in Your Computer

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Tom: Hey, did either of you check out the script?
Aaron: Yeah Tom, now shut up the movie is about to start.
Photo by Pavel Danilyuk, please support by following @pexel.com

So, you’re a fan of Transformers, huh? Well, brace yourself, because this might shock you. You know how those robots can turn into cars, planes, and other stuff?

Well, guess what? Some of them can also hack into your computer or your online accounts without breaking a sweat. It’s crazy, the internet never stops being the place where people can exploit sweet childhood memories.

We’re going to look at what the attack is, who is using it, the functionality and effects upon release, and what are some ways to protect yourself from this transformer transforming your life into a nightmare.

Kim: So uh…we’re just friends huh?
Dave: *Thinking: If I pretend like I’m drinking she’ll stop asking me questions.*
Photo by Pavel Danilyuk, please support by following @pexel.com

The Attack

Have you ever experienced a transforming nightmare?  For those who may not know it’s called “malware” which means “malicious software”.  This refers to any software that is designed to harm, disrupt, or steal data from a computer or a network. You can think of this as your neighbor offering you food knowing it’s laced with naptime medicine.

The newest addition to being laced with something that stings and honey is not included is called “BumbleBee”. BumbleBee is a malware downloader written in C++ language and has a single function that handles various tasks.

This is malware that can hide in plain sight and deliver ransomware payloads to infected systems. In a nutshell, this bee sting giveth and this bee taketh your data.

Not only do I collect pollen but I can give your computer everything you never wanted, like a virus.
Photo by Egor Kamelev, please support by following @pexel.com

Who Can It Be Now

Who would set something like this up to take your data? Well, we’re happy to tell you that this didn’t come out from Beyonce’s beehive. BumbleBee has been linked to several cybercriminal groups, such as EXOTIC LILY and TrickBot.

Let us quickly go over the two. EXOTIC LILY is a financially motivated group that may have acted as initial access brokers for other malicious actors and targets a wide range of industries also involving IT.

TrickBot is a Trojan that threat actors spread via spear phishing campaigns. This is done by using tailored emails that contain malicious links. And you thought ChatGPT was only good for fixing resumes and completing essays.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Well, it’s time to mail some ransomware.
Photo by Liza Summer, please support by following @pexel.com

That Sinking Feeling

Now moving on to how something like BumbleBee works. BumbleBee is a downloader that is distributed through malspam (malware spam- spam email with malware) campaigns. Emails are sent with a malicious attachment that has an ISO extension.

When the user opens the attachment, they see a folder with two files: a DLL file and an LNK file. Both files are infected with this troublesome transformer. The LNK file is a shortcut that executes the DLL file when clicked. Trigging the BumbleBee downloader to download and run other malware on the compromised system.

What’s the other malware that could be downloaded we hear you ask. Well, this could be but is not limited to viruses, worms, trojans, spyware, adware, ransomware, and more. What problems can they cause? Don’t worry, we have you on that as well.

Malware can cause various problems, such as slowing down the system, encrypting or deleting files, displaying unwanted ads, or demanding a ransom to restore access. Malware can infect a device through various methods, such as downloading attachments, clicking on links, visiting malicious websites, or using infected USB drives.

So all in all, BumbleBee gets into your system, transforms, drops off, and rolls out. And you thought Optimus was bad.

This isn’t what we meant as far as protecting your information but it’s a start.
Photo by cottonbro studio, please support by following @pexel.com

The Prevention

So how does one protect themselves from what came from the beehive? Well, to protect your computer from malware and other threats of the like. You should follow some basic security practices.

First, avoid opening attachments and clicking on links in emails that look off or are irrelevant to you. Especially if they came from an unknown sender. Second, use only official tools to update and activate the software you use. And never download or run any cracks, keygens, or patches from unknown sources.

Third, keep your operating system and applications updated with the latest security patches and fixes. Fourth, download software and files only from official or reputable websites, and avoid using third-party downloaders.

Lastly, install a reliable antivirus program on your computer and scan your system regularly for any potential infections or vulnerabilities. Many issues will come a buzzing but if you can avoid being stung from a hit and run, then do so.

It’s a good thing I read Scriptingthewhy. I knew these bees were acting funny. IT’S TIME TO GET YA’ll IN ORDER!
Photo by Anete Lusina, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on BumbleBee? Script a comment below.