Thursday 8th August 2024

Good morning everyone and thank you for joining me for today's edition of Cyber Daily. Whether it's uncovering spyware or stopping cybercriminals in their tracks, today's newsletter is all about digital sleuthing. We’ll look into how Interpol swiftly recovered $40 million from a BEC heist, explore the clever CSS tricks bypassing Outlook’s anti-phishing measures, and uncover the stealthy operations of the newly discovered Android spyware, LianSpy.

New Android Spyware Targets Russian Users

A sneaky new spyware named LianSpy has been making waves since Kaspersky discovered it in March 2024. This malware has been active since July 2021, and it’s designed to capture screencasts, steal user files, and harvest call logs and app lists.

How it works:

• LianSpy cleverly uses the Russian cloud service Yandex Disk for command-and-control (C2) communications, avoiding dedicated infrastructure to stay under the radar.
• The spyware first checks if it has system app status. If not, it requests permissions for screen overlay, notifications, background activity, contacts, and call logs.
• Once permissions are granted, LianSpy hides its icon and uses various methods to capture and exfiltrate data without detection.
• Victim data is stored securely with advanced encryption, making it difficult to trace or decrypt.

The spyware can disguise itself as legitimate apps, like Alipay or system services, and bypass privacy indicators in Android 12. It even uses cloud and pastebin services to obscure its malicious activity further.

Kaspersky warns that LianSpy’s use of legitimate platforms complicates attribution, and there’s no overlap with ongoing malware campaigns.

Bypassing Outlook’s Anti-Phishing Measure with CSS Tricks

It turns out that with a bit of CSS wizardry, phishing emails can bypass one of Microsoft Outlook's anti-phishing measures. William Moody, an IT security consultant at Certitude, revealed that the First Contact Safety Tip—an Outlook feature that warns users about unfamiliar email addresses—can be effectively hidden using simple CSS tweaks.

Key points:

This is a banner added to the HTML code of an email to alert users when they receive a message from an unknown address.

Phishers can craft emails entirely in HTML and change the banner’s background and font colors to white, rendering the alert invisible to the end user.

Techniques like display: none, height: 0px, and opacity: 0 don’t work due to Outlook’s rendering engine, but color changes do the trick.

Moody notes that the alert still appears in the small preview text in Outlook's left-side pane, but this is often overlooked. Moreover, phishers can add notes to emails to make them look encrypted or signed, enhancing their legitimacy. However, this method isn’t foolproof; the formatting can look different, potentially alerting savvy users.

Microsoft was informed about this issue in February but has yet to implement a fix, stating it doesn’t meet the bar for immediate servicing, although it’s marked for future review.

Interpol Recovers $40M from Business Email Compromise Heist

In just two days, Interpol managed to recover over $40 million stolen in a business email compromise (BEC) scam. The heist targeted a Singaporean commodity company, which reported the loss of $42.3 million on July 23 after realizing the funds hadn’t reached their intended supplier.

What happened?

• Cybercriminals, aware of the business relationship between the victim and their supplier, sent a convincing email from a slightly misspelled address, requesting the payment be sent to a new account in Timor-Leste.
• The unsuspecting employee transferred the money to the fraudulent account.

Timor-Leste, a hotspot for organised crime, became the unwitting host of these stolen funds. Despite its ongoing struggle with cybercrime legislation, local police worked with Singaporean authorities and Interpol to track and intercept $39 million in the scammers' account. Seven arrests were made, and an additional $2 million was recovered.

Although the company hasn’t received its funds back yet, steps are being taken to ensure their return. Isaac Oginni, director of Interpol's Financial Crime and Anti-Corruption Center, highlighted the importance of speed in intercepting proceeds from online scams, praising the cooperation between international authorities.

In 2023 alone, over 21,000 BEC complaints were filed with the FBI, leading to losses exceeding $2.9 billion. This far outweighs the reported losses from ransomware, demonstrating the significant financial threat posed by these scams.