Hello and welcome to the Tuesday, January 2, 2020, 24 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Over the holiday week, we had a couple of interesting diaries, so let me just quickly summarize them.

First of all, Xavier looked at more Python scripts

with actually a user interface. And one interesting script, Xavier came across, was a little

bounce ball game, as it calls itself. It's sort of one of those arcade game remakes, but well, it's

actually much more than a game while you're playing the game, and the game appears to be fully

functional. You are also exfiltrating data from your system. The main goal here appears to be

exfiltration of Discord credentials,

and yes, they are being

infiltrated to Discord itself.

And Xavier also came across

another Python script that used

mailtrap.io in order to infiltrate data. Maililtrap.io in order to

infiltrate data.

MailTrap.io is a service that will allows you to send

emails, but also to receive email, in particular for debug

purposes.

That part of the service is free and offers an SMTP server on port 25, 25 instead of just 25, which of course

can be used to bypass some firewalls. Always important to block outbound emails, no matter what

port is being used, they should be going through your authorized mail relay.

We've got two more diaries, one guest diary by one of our Sands.edu interns, Elias Boussate, and this

...