Hello and welcome to the Wednesday, February 18th, 2006 edition of the Sands Internet Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida. And this episode is brought you by the sands.edu credit certificate program in incident response.

This is a quick note for those of you are watching this on YouTube, sorry, no camera today,

having some little technical issues. Today's diary is coming from Xavier again. He's on a row

lately, and this latest one is a little bit of different fishing campaign.

One of the goals of fishing campaigns is always to create some urgency to make you do something quickly

because, well, there is some kind of emergency.

And what they're doing here is essentially pretending that there was an incident,

some odd login to your crypto

wallet that would cause you to now implement two-factor authentication. Not sure if they just

assume that you didn't do it or if they think that you may ignore if you already have two-factor

authentication enabled. This particular phishing email did affect Metamask users.

No indication here that Metamask is that all involved this.

So this is not a Metamask breach or anything like this.

They're just sending this to random people on the internet,

hoping that they will get some actual Metamask users

that will then fall for this phishing email. And as usual, cryptocurrency wallets are still

one of the top targets of these kind of phishing emails. And the Android ecosystem continues to be haunted by devices that come

reinstalled with malicious firmer. Kaspersky has the latest document incident of this.

They call it the Kinato Big Door and apparently it was preinstalled on these affected devices and was added during

the build phase for the firmware. Now, we have seen sort of various picture frames and such

with compromised firmware in the past, and what often happens is that systems on the production

lines or so are getting infected and then being used to

...