Pick Your Poison: Subscription Scammers, Retired Hackers, and Ghost Click Farms

In partnership with

Well, it's September 23rd, which makes today the anniversary of when Google and T-Mobile unleashed the T-Mobile G1 upon the world in 2008. Yes, the HTC Dream (because nothing says "dream phone" like a slide-out keyboard that broke after three weeks).

This chunky boy was Android's awkward debut into smartphone stardom, looking like a BlackBerry that got into a fight with an iPhone and lost. But hey, by sheer force of will and Google's ability to make "free" software irresistible to manufacturers, Android now dominates global smartphone sales. It's like watching the weird smelly kid from high school become a billionaire while Apple users still argue about Lightning cables.

Microsoft and Cloudflare Play Whack-A-Mole with Phishing Scammers

Remember when Nigerian princes just wanted your bank details via email? Those were simpler times. Now we've got professional phishing operations like RaccoonO365 — a name that sounds like either a cleaning product or a very specific fetish, but is actually a Phishing-as-a-Service operation that's been busier than Zuckerberg's PR team during a Senate hearing.

Microsoft and Cloudflare just dismantled this criminal enterprise, which had been running subscription-based phishing kits through Telegram like it was OkCupid for cybercriminals. For just $355 a month (or $999 for the premium "destroy-someone's-entire-digital-life" package), wannabe scammers could access professionally crafted phishing tools.

Meet the mastermind behind this: Joshua Ogundipe from Nigeria, who apparently attended the Severance School of Operational Security — meaning he had none. This evil genius accidentally revealed his cryptocurrency wallet, which is like leaving your business card at a crime scene, except the business card has your bank account number on it.

The group managed to steal over 5,000 Microsoft credentials across 94 countries, targeting everyone from healthcare organizations to government agencies. These attacks often serve before the main course of malware and ransomware — think of it as the bottomless breadsticks at Olive Garden, except instead of carbs, you get your entire network encrypted.

Microsoft estimates RaccoonO365 pulled in at least $100,000, suggesting around 100-200 subscriptions. That's a lot of people who looked at this operation and thought, "Yes, this seems like a sustainable career path."

Google's Law Enforcement Portal Gets Pranked by Actual Criminals

This plot twist would make even the writers of Severance jealous… A group calling themselves "Scattered Lapsus$ Hunters" managed to create a fraudulent account in Google's Law Enforcement Request System. (Yes, the system that cops use to request data from Google got infiltrated by the very people cops are trying to catch.) This is like finding out the security guard at Fort Knox is actually three kids in a trench coat.

This crew, allegedly made up of members from Scattered Spider, ShinyHunters, and Lapsus$ (because apparently cybercrime groups collect names like Pokémon cards), posted screenshots of their access on BreachForums faster than your coworker posts LinkedIn updates about "hustle culture." They also claimed access to the FBI's National Instant Criminal Background Check System, which handles gun purchase background checks. Google, though, insists no requests were made, and no data was accessed through the fraudulent account.

The group recently announced their retirement from cybercrime, claiming they're going to "enjoy our golden parachutes with the millions the group accumulated." Most security experts are treating this retirement announcement with the same skepticism they'd have for Elon Musk's promise to stop tweeting.

Google Plays Janitor, Cleans Up Android's Malware Mess

Google just dismantled SlopAds, a massive ad fraud operation that distributed malware through 224 AI-themed apps. The name "SlopAds" perfectly captures the quality of both the operation and probably the AI apps themselves — because turns out "cutting-edge artificial intelligence" is just an app that secretly turns your phone into a ghost click farm.

These apps collectively racked up over 38 million downloads from 228 countries, which is more global reach than most legitimate businesses achieve. The malware created invisible WebViews — basically hidden browsers that loaded attacker-controlled websites and simulated ad clicks.

At its peak, SlopAds generated 2.3 billion ad bid requests per day. To put that in perspective, that's enough fake traffic to make even the most desperate startup's growth metrics look modest. Most of the fraudulent traffic came from the United States, India, and Brazil — proving that when it comes to getting scammed by fake AI apps, we're truly a global community.

⚙️ TOOL TIME

Hear from leaders at Anthropic, Rocket Money, and more at Pioneer

Pioneer is a summit for the brightest minds in AI customer service to connect, learn, and inspire one another, exploring the latest opportunities and challenges transforming service with AI Agents.

Hear directly from leaders at Anthropic, [solidcore], Rocket Money, and more about how their teams customize, test, and continuously improve Fin across every channel. You’ll take away proven best practices and practical playbooks you can put into action immediately.

See how today’s service leaders are cultivating smarter support systems, and why the future of customer service will never be the same.

Register for Pioneer today

👨‍💻 JOB OPPORTUNITIES

Security Analyst @ SambaSafety wants someone who can monitor security alerts without having a nervous breakdown every time Windows Defender sends a notification. Must enjoy developing policies that nobody will read and supporting incident responses that could've been prevented if someone had just updated their browser.

Senior Analyst, Cybersecurity Operations @ McDonald's is seeking a digital guardian for the Golden Arches empire. You'll be protecting the secrets behind the McFlurry machine (it's always broken) and ensuring hackers can't infiltrate the drive-thru ordering system.

Chief Information Officer @ EchoStar needs a tech visionary who can lead digital transformation without turning the company into a cautionary tale about AI implementation gone wrong. You'll oversee 1,000+ team members while building the infrastructure for 5G networks that promise to revolutionize everything except maybe your ability to get a decent cell signal in your own basement.

🛩 INDUSTRY MOVES

• Fiverr laid off 250 people while pivoting to "AI-first," because "embrace the future" is just CEO-code for firing humans so robots can freelance your logo designs (which will look just like the bazillion other logos out there).

• The UK got showered with billions in tech investment from Nvidia, Oracle, and Microsoft — basically becoming Silicon Valley's European vacation home with better cheese.

• Nvidia’s chips got banned in China, which is like Amazon losing “people who breathe” as a target audience.

• Figure raised $1 billion at a $39B valuation to build humanoid robots, proving investors will fund anything that might eventually replace them at board meetings.

Chip here! Your friendly neighborhood tech mascot who's somehow managed to avoid becoming an AI-powered chatbot (impressive, honestly…). Our EE community has been busy solving the kind of problems that make you question your life choices and wonder why you didn't become a cowboy instead:

• One admin discovered their backup system has become more prolific than Marvel's multiverse, with Veeam creating endless checkpoints like it's trying to save every possible timeline. This is either a configuration nightmare or Veeam has achieved sentience and decided to hedge its bets on reality.

• A developer's line breaks have gone on strike, refusing to function properly in what appears to be a PHP rebellion. Sometimes code just decides to ignore formatting rules, like a teenager ignoring curfew, except with more semicolons and existential dread.

• Someone wants to completely remove OneDrive from a computer being passed to another user, which is like trying to remove every trace of your digital existence while Microsoft's cloud tentacles slowly regenerate in the background. Good luck… and good bye, brave soul.

Thanks for reading! ByteSize signing off. But our ghostwriter is still logged in.

Until next time: hydrate, automate, and deny responsibility.

Enjoyed the news? Discuss over on Experts Exchange.

Got news to share or topics you'd like us to cover? Send ‘em our way. We can’t wait to hear from you. Really.