open source and cybersecurity news

June 28, 2023

Super Mario 3: Malware Edition; North Korean Hackers Tap Mics; YouTube Demands Cease and Desist; This Day in Tech History

In this Episode:

Episode Transcription:

Pokie Huang:

From Sourced Network Productions in New York City. “It’s 5:05”. I’m Pokie Huang. Today is Wednesday, June 28th. Here’s the full story behind today’s cybersecurity and open source headlines…

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Super Mario 3: Mario Forever is a free to play remake of the classic Nintendo game which was released in 2003. Playing as either Mario or Luigi, you’re running around the mushroom kingdom jumping across platforms, and on top of enemies on your way to rescue the kidnapped Princess Peach.

The game is very popular and is downloaded by millions. There is, however, a new version of Super Mario 3 making its way on gaming forums and social media groups. It’s a Trojanized version. 

An installer comes with three executables. One is the legitimate Mario game, and the other two are a crypto miner and a data stealing malware. The malicious executables are named atom.exe and java.exe and they’re installed discreetly during the game’s installation. 

If you have recently downloaded Super Mario 3: Mario Forever, make sure you scan your computer to be super sure that there are no installed malware. You should also always scan downloaded executables before running them and to keep your security tools updated.

Katy Craig: 

A hacking group tied to the North Korean government has been caught in the act using some sneaky new tactics. Dubbed APT37, this group has been flexing its hacking muscles with wire tapping malware. 

This is Katy Craig in San Diego, California. 

APT37 is taking surveillance to a whole new level. They’re using a Go-based backdoor to exploit a real-time data transform platform called Ably. And if that wasn’t enough, they’ve also unleashed an information stealer with some serious microphone wire tapping capabilities. 

South Korean cybersecurity firm AhnLab uncovered these attacks in May, 2023 sounding the alarm. Here’s how it went down. 

The hacker sent spear phishing emails disguised as password protected documents to their targets. Once the victims opened the file, the malicious script was off to the races. This PowerShell backdoor is persistent, executing commands received from the C2 server. It can exfiltrate files, download more malicious payloads, mess with registries, and even delete files.

These North Korean hackers mean business. And they’ve unleashed a little something called FadeStealer. This beast can take screenshots, steal data from removable devices, log keystrokes, and you guessed it, wire tap microphones. The cybersecurity world is a wild place and these North Korean hackers are pushing the boundaries.

Stay vigilant, protect your data, and don’t respond to those phishing emails. 

This is Katy Craig, stay safe out there.

Hillary Coover: 

Hi, this is Hillary Coover. Three weeks ago, YouTube sent a cease and desist letter to Invidious, an open source alternative front end for YouTube that allows users to watch videos without data tracking. The letter claims that Invidious violates YouTube’s API Policy and requests its shutdown within seven days. 

Invidious, which operates as a web browser and not a YouTube data API user, argues that it never agreed to YouTube’s terms and policies. The developers do not plan to make changes to Invidious and are seeking legal assistance to defend the project. 

Reddit has also introduced new fees for API usage leading to the shutdown of third party apps like Apollo.

Users are pushing back against these corporate decisions and turning to decentralized platforms like Mastodon, Lemmy, and PeerTube as alternatives. As of today, however, appears to still have its documentation available on GitHub and its website up and running.

Marcel Brown: 

This is Marcel Brown bringing you some technology history for June 28th. 

June 28th, 1955. The HMTS Monarch, the largest cable lane ship in the world at the time, launches from Clarenville, Newfoundland to begin laying TAT-1, the first transatlantic telephone cable. TAT-1 would be inaugurated 15 months later on September 25th, 1956.

TAT-1 may be best known for carrying the famous hotline between the United States and the Soviet Union during the Cold War. 

June 28th, 1965. Intelsat I, the first commercial communication satellite, is activated for service. It was nicknamed Early Bird after the famous proverb, became famous for carrying the first satellite commercial telephone call between America and Europe, as well as helping provide TV coverage of the Gemini 6 Splashdown. 

June 28th, 2005. Apple releases iTunes 4.9, the first version of iTunes to incorporate podcast subscribing and listening. Podcasting was a growing phenomenon and Apple realized it could both help build the medium and also become the defacto podcast standard, by linking it to its incredibly popular iTunes and iPod platforms.

On this date, there were 3000 podcasts available in the iTunes directory. Apple’s move paid off, and as of 2021, there were over 2 million podcasts listed in the Apple Podcast directory. 

Apple’s podcast platform is still considered the standard on which podcasters should publish their shows. 

There was an up and coming podcast directory named Odeo at the time. Given Apple’s move, Odeo suddenly became irrelevant. However, the people behind the company shifted focus and soon created a new service called Twitter. Isn’t it so interesting the way technology history weaves itself? 

That’s your technology history for today. For more, tune in tomorrow and visit my website

Pokie Huang:

That’s our updates for today, June 28th. I’m Pokie Huang. We’ll be back tomorrow… at 5:05.



Leave the first comment