Aggregator

You must login to view this content

When I was speaking to a group of Bank Security people in New York City yesterday, I mentioned "machine rooms" -- which are rooms full of Apple iPhones that are used to send iMessage phishing spam. Someone in the audience asked "Where would they get that many phones?"

The kids like to use the acronym "IYKYK" (If You Know You Know).  I learn new IYKYK phrases in Chinese Telegram every day. 

Today's new favorite phrase? 水果机 - Shuǐguǒ jī - "Fruit machine." 

 Example usage: 🔥低价出正品水果机 ("Genuine fruit machines at low prices") 

Fruit machine is coded language for Apple iPhones.

This advertiser pays HuionePay's Haowang Guarantee for the right to share an ad for their group once each hour in Huione, their highest rate, so that one line advertisement is posted 24 times per day to Haowang Guarantees "buy and sell" group. 

What? You thought Telegram had banned HuionePay? hahahahahaha ... but they do try to hide their traffic by rebranding their "Crime As A Service" vendors to be "Potato Guarantee" rather than Haowang Guarantee.

Links shared by this advertiser go to a 38,438 member "Potato Guarantee" group called "Yongle smuggles Apple phones" and share that Yongle has deposited "208,000 USDT" in order to insure that your transactions are safe. (The "Trust Model" of the Chinese Guarantee Syndicates is that vendors make a deposit to be listed in the vendor directory and the Syndicate promises that any transaction up to the level of the deposit will be backed by the Syndicate should anything go wrong.)

The welcome message for the group says:

"Various models of iPhone are available, all smuggled into the country as brand new, unopened, and unactivated official Chinese versions, suitable for personal use or resale." They go on to say that your phone will be delivered within 72 hours and that if it is shown to be used, they will refund 10x your purchase price!

Another September ad using the "Fruit machine" language in a major HuionePay group also now goes to a "Potato Guarantee" group with 12,154 members. (Group 2851, with a 38,000 USDT Deposit) The translated "welcome" message when joining the group calls the group "Xili Smuggles mobile phones and digital products" and promises "Various models of iPhone are available, all smuggled into the country as brand new, unopened, and unactivated national versions, suitable for personal use or resale."

Xili, who prefers to call himself "Heineken," is currently taking deposits for iPhone 17s. He also will throw in an Apple watch if you pay 1000 Yuan extra. Currently he charges 5999 Yuan for an iPhone 16 ProMax 1TB, or approximately $850. 

If that whole thing sounds insane, I would encourage you to read the book "Apple in China" by Patrick McGee. Smuggling iPhones is an EXTREMELY lucrative organized crime business in China!

There are of course many more Guarantee Syndicates, with many thousands of vendors who have paid to advertise their "Crime As A Service" offerings, from Gift Card and Cash Pickups, SMS/iMessage/RCS Phishing, Credit Card Theft, Trade-based Money Laundering and anything else you can imagine, from Human Trafficking to Cigarette smuggling.  

Here are a few that we are tracking ... 

#HuionePay #CMLO #Apple #iPhones #Guarantee #Danbao #Haowang #iMsgSpam #SMS #Smishing

The post Chinese Guarantee Syndicates and the Fruit Machine appeared first on Security Boulevard.

ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from Poland to the malware-scanning platform VirusTotal, and ESET telemetry shows no signs of the malware being used in the wild yet. About HybridPetya “Late in July 2025, we encountered suspicious ransomware samples under various filenames, … More →

The post HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot appeared first on Help Net Security.

You must login to view this content

Since its first appearance earlier this year, the ToneShell backdoor has demonstrated a remarkable capacity for adaptation, toyed with by the Mustang Panda group to maintain an enduring foothold in targeted environments. This latest variant, discovered in early September, arrives concealed within sideloaded DLLs alongside legitimate executables. Delivered via compressed archives purporting to contain innocuous […]

The post New ToneShell Backdoor With New Features Leverage Task Scheduler COM Service for Persistence appeared first on Cyber Security News.

Creator, Author and Presenter: Reed Loden

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Closing Remarks appeared first on Security Boulevard.