hpr-knowledge-base/hpr_transcripts/hpr3714.txt

Episode: 3714
Title: HPR3714: The News with Some Guy On the Internet
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3714/hpr3714.mp3
Transcribed: 2025-10-25 04:31:52

---

This is Hacker Public Radio Episode 3,714 for Thursday, the 27th of October 2022.
Today's show is entitled, The News with some Guy on the Internet.
It is hosted by some guy on the Internet, and is about 10 minutes long.
It carries a clean flag.
The summary is Threat Analysis.
Hello and welcome to another episode of Hacker Public Radio.
I'm your host, some guy on the Internet.
I'm testing out something new.
You guys let me know if you like it, but I want to do a news show.
And that's what this is.
For the first segment of the show, it's what I'll call Threat Analysis.
Our first article is going to be coming from the Hacker News.
New Chinese malware attack, named Framework, targets, Windows, Mac OS, and Linux systems.
It previously undocumented command and control C2 Framework, dubbed Alchemist, is likely
being used in a while to target the three platforms.
This thing has an interface online written in simplified Chinese.
It can generate payloads, establish remote sessions, deploy the payloads to the remote
machines, capture screenshots, you know, all the things you don't want to happen.
And apparently it's written in GoLang.
Oh no, oh no.
Since the Alchemist is a single file based, ready to go C2 Framework, it is difficult to
attribute.
It's used to a single actor such as authors, APIs, or crime wave syndicates.
The Trojan, for its part, is equipped with features typically present in backdoors of
its kind.
Enabling the malware to get system information, capture screenshots, run arbitrary commands,
and download remote files among other things.
The Alchemist C2 panel further features the ability to generate first stage payloads, including
PowerShell and WGit code snippets for Windows and Linux, potentially allowing the attacker
to flesh out their infestation chain to distribute the insect RAT binary.
So it seems like they're going to be delivering this thing, usually with phishing emails, you
know, they'll have a malicious document in there, you launch the document, it then reaches
out, pulls down the package, infect your computer, and then your host.
My guess is that the Alchemist C2 is also capable of gaining root access because it can also
modify your authorized keys and your SSH folder.
So it's going to continue the remote access even after using SSH.
For our next headline, and this is for our U-Android users out there, hackers using
vishing, not phishing, with a V-Vishing, to trick victims into installing Android banking
malware.
Good heavens, malicious actors are resorting to voice phishing, known as vishing tactics
to duke victims into installing Android malware on their devices.
A Dutch mobile security company said it identified a network of phishing websites targeting
Italian online banking users that are designed to fish contact details.
Are you guys going to love this one?
Telephone-oriented attack delivery, known as Toad, involves calling the victims using
previously collected information from the fraudulent websites.
Yep, to be honest with you guys, that's the moment where I contact the Dutch security
guys and just go and ask them what's going on over there.
Toad, really?
Toad.
The caller, who's basically a fraudster, pretending to be from the bank, contacts the victim,
informs them that, hey, I'm from the bank, you have a security issue, you should download
the security app that we have.
So the person, you know, downloads the security app, and then that's when the app launches
all the malicious stuff gaining access to the financial credentials and they commit financial
fraud this way.
Once the victim falls for the security app malware, it then reaches out and pulls down
a second piece of malware called SMS Spy, which enables the ability to monitor SMS messages.
What that will do is intercept the one-time password, you know, the TLTP codes.
Yep.
They'll just gain access to everything once they have that.
Yeah, so if you're an android, just look out there.
They mentioned further on an article that there's a new wave of scams being launched on
the Android platform through the Google Play Store.
Another attack type is called Smashing with an S.
Yeah, so it's pretty bad out there on the Google Play side.
What's the next article from the hacker news once more?
It's about OmniCell.
They had a data breach and 6,4,000 patients were impacted by this.
Go ahead.
Founded in 1992, OmniCell is a leading provider in medical management solutions for hospitals,
long-term care facilities, and retail pharmacies.
But on May 4th of 2022, OmniCell's IT systems and third party
cloud services were affected by ransomware attacks which may have led to data security
concerns for employees and patients.
While it's still early in the investigation, this appears to be a severe breach with potentially
significant consequences for the company.
Yeah, so the IT learned of it on May 4th, 2022, OmniCell began in a farming people on
August 3rd, 2022.
Yeah, if you've been visiting any hospitals or whatever lately, just go ahead and get
yourself some of those identity monitoring programs like Life Lock or whatever it's
available in your country because healthcare is a major target for ransomware.
I mean, they're just getting knocked over year after year.
Now, a little bit more details in the article talk about the OmniCell data that may have
been exposed from the attack, which includes but is not limited to credit card information,
financial information, social security numbers, driver's license numbers, and health insurance
details.
Basically, everything it takes to identify you as an individual in your nation was exposed.
They can run around and completely pretend to be you opening up accounts and whatever
else they need to with that information.
Wow.
Now, with all that said, healthcare is not the only area of our system that's under
attack by ransomware.
Schools, colleges, the entire education sector is also under attack by these ransomware
attacks.
He's an article from the Washington Post.
How to protect schools getting whacked by ransomware?
Ransomware gangs are taking American schools.
So far this year, hackers have taken hostage at least 1700 schools in 27 districts.
The massive Los Angeles unified school district is their latest target.
Yeah, so basically ransomware hackers will deploy ransomware inside of these schools,
their organizations, it'll lock up all of their servers, locking the administrators out,
and in order for the administrators to gain access to their services again, they have to
pay the ransom.
The Department of Treasury has released guidance on paying these global criminal organizations.
Basically, they don't want you to pay them, but I'm pretty sure that the moment the
Department of Treasury steps out of the door, the school is going to be like, pay them.
Also like to quote down an article, apparently they spoke to these gangs, ransomware gangs
and asked them, you know, why are you targeting these groups?
And the quote was very simple because we can.
So with all the money coming into schools and them making the students carry around
Chromebooks and tablets and all this other stuff to, you know, do their schoolwork.
They're not maintaining any of the back and they don't have proper backups.
That's why they're forced to pay these guys because they don't have any other way to
get the data back or access to the data for all you young hackers out there getting ready
to go to university or high school or whatever out there.
Make sure you maintain your own backups.
Don't listen to the school about just uploading to their cloud services or whatever.
Clearly, if their work is jacked up, you want to make sure that you're able to still
turn in your work.
You need to be able to understand file systems, local storage and all of that other cool
and XC stuff.
Alrighty.
So our next article comes from CTNet News.
It's Verizon Alerts Prepaid Customers to Recent Security Breach.
All right, I'm going to breeze through this one.
Verizon's Prepaid Customers, only about 250 of them from what they put in the article
on October 10th.
Well, it occurred October 6th through October 10th.
So they say the breach exposed a little bit of data, the last four of the credit card
numbers and some of the people may have had their accounts jacked with a method call
sim swapping.
I, of course, being a Verizon customer, had to quickly jump on the line and figure out
whether or not I'm good.
Hello.
Yes, is this Verizon?
Yes, I'm a customer there.
Am I good?
I heard about the breach.
Am I okay?
Apparently, the breach only affected the rebate customers and not the rest of us, so I
good.
Okay, so that's going to conclude our news for today.
This is just a test.
If you guys really enjoy this, please leave a comment down below.
Let me know what you think.
I'll definitely do more, add some more segments into it and not just the threat analysis.
And for now, I just wanted it to be something simple and easy for everybody to grasp.
What's this?
What do we have here?
Breaking news, ladies and gentlemen, I just got breaking news.
Oh my goodness.
I'm so excited about this.
If you, too, want to become a contributor here on hacker public radio, all you have to
do is go over to the hackerpublicradio.org website and click on the contribute link.
There will be information there to help you on your journey.
All right, that's all I got for you today, ladies and gentlemen, thank you for coming
on over to hackerpublicradio and listening to this fine, fine broadcast we got going
on over here.
Please leave a comment down below and I'll see you guys in the next episode.
You have been listening to hackerpublicradio.com at hackerpublicradio.org.
Today's show was contributed by a HBR listener like yourself.
If you ever thought of recording podcast, click on our contribute link to find out
how easy it really is.
Hosting for HBR has been kindly provided by an honesthost.com, the internet archive and
our things.net.
On this advice status, today's show is released on our creative comments, attribution 4.0
international license.