Anyone still remember this?

ExxonMobil Running Pilot Project to Supply Flared Gas for Bitcoin Mining

Oil giant ExxonMobil (XOM) is running a pilot project to use what would otherwise be wasted gas from its North Dakota oil wells to power bitcoin mining operations, Bloomberg reported Thursday, citing people familiar with the matter.

The excess natural gas would have otherwise been burned off, or flared, because of the lack of enough pipelines.

https://finance.yahoo.com/news/exxonmobil-running-pilot-project-supply-192552868.html

This news is like two years ago, and it they continue to mine Bitcoin with those wasted gas, then most likely they could be in the profit now?

Or at least this is a good news for miners as bitcoin has been heavily criticize for it's mining as they say it affected the environment.

FTX to refund customers at Bitcoin's prices below $18,000

Crypto exchange FTX has decided against resuming its operations and instead will proceed with asset liquidation to refund its customers, Reuters reported on Wednesday. However, under US bankruptcy proceedings, repayments will be calculated based on Bitcoin’s value in November 2022, specifically when Bitcoin was trading below $18,000.

https://cryptobriefing.com/ftx-refund-bitcoin-customers/

Is this has been discussed already?

What are your thoughts about this one? For sure those who lost money in the FTX collapse will have to find console in getting some from FTX itself. But I don't think this is fair to their customers if they will be calculated on Value of Bitcoin in November 2022, just saying.

It should be in full and should be based on the numbers of Bitcoin they have in this exchange, in my opinion.

There were reports of another scam attack thru impersonation, but this time it's different, they uses blockchain analytics or crypto fraud investigation firms and researchers, like CertiK, ZachXBT, and Scam Sniffer to fabricate that there was such breaches on Uniswap and OpenSea.

So to impersonate, this cyber criminals a Twitter name that resembles the legit ones. For example,

ZachXBT has the account @zachxbt, while the criminals created and tweeted from @zacheryxbt.



And after you click, you will be redirected to two websites:

Code:

http://revoketokens.io/

Code:

http://revokea.sh/

Good that this website has been taken down and offline, but the criminals was able to run off initially with $50,000. And I felt sorry for those victims. So in any case that this kind of attacks resurfaces again, just be cautious though and check everything first before you go and click any link.

https://www.bleepingcomputer.com/news/security/fraudsters-make-50-000-a-day-by-spoofing-crypto-researchers/

https://twitter.com/MarathonDH/status/1707067548661928108

Not sure what kind of experiments that they are running, but it good that the network rejected it. According to them they are doing some experiments to optimized their operations.

But still though, you don't messed the network or the blockchain and it just shows that bitcoin's network architecture is so strong that it can withstand this kind of experiments and then continue to run 99.99% of the time without breaking.

What are your thoughts on this one? Do you agree that they can simple run a experiment, what if they succeed here? what will be the repercussions?

[Spain, Portugal, Italy, Canada, and Belgium]

It seems that the Android Malware has evolved again, this time using phishing page and then attracting users to update their Chrome browser and then downloading the malicious code thru sample like this.



And the scope is bigger now, not just to steal banking informations, but also expanded to other other crypto currency apps.

Highlighted in bold are the newly added targets:






It was first reported by @lovesmayfamilis here:Android malware targets 13 bitcoin wallets and 400 banks.

But this time, the threat actors has expanded including United States and more crypto currency apps depending on the demographics.

These areas include Spain, Portugal, Italy, Canada, and Belgium.

However, this latest campaign also added plenty of financial institutions from the United States, together with multiple crypto-wallet applications, totaling more than 100 different targets per sample, each one using a specifically crafted overlay to steal precious PII from the victim's infected device.

Actors have put a lot of effort into modules that support Samsung and Xiaomi devices. This makes sense, considering that these two combined make up roughly 50% of the whole Android market share, according to recent data presented in multiple recent studies.

https://www.threatfabric.com/blogs/xenomorph

So again, this is just another warning to be very careful with those androids apps that you think it is safe to download.

https://twitter.com/nansen_ai/status/1705137387838574904

I'm not sure if this has been shared in our community, but if you received this email, then it's real as it comes from their official twitter account.

"These users had their email addresses exposed, a smaller portion also had password hashes exposed, and a last, smallest group also had their blockchain address exposed."

So if you are part of those account holders that have been exposed as her Nansen, then you have to reset everything. It's not a direct data breached though, it was a  third-party vendors that has been compromised. Nevertheless, it's best for them to inform everyone and should take precautions.

[What Happened:]

What Happened: Cryptocurrency lender Celsius who filed of Chapter 11 bankruptcy in mid July 2022, and exposed thousands of it's investors to suffer a big lost.

But in the last couple of days, there have been emails circulating pretending to be be the from Stretto, the Claims Agent for the Celsius bankruptcy proceeding. And claims to offer creditors a 7-day exit window to claim their frozen funds.

Website:

Code:

 https://claims-stretto.com/

So do not enter your email address, because once you entered a email address, it will prompt you to connect your wallet. And you know that once your connect your wallet, a bot will swipe every crypto assets you have.



The website has just been registered:

Domain Name: claims-stretto.com
Registry Domain ID: 2815369272_DOMAIN_COM-VRSN
Registrar WHOIS Server: WHOIS.ENOM.COM
Registrar URL: WWW.ENOMDOMAINS.COM
Updated Date: 2023-09-19T21:45:26.00Z
Creation Date: 2023-09-19T21:45:00.00Z
Registrar Registration Expiration Date: 2024-09-19T21:45:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Domain Status: addPeriod https://www.icann.org/epp#addPeriod
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registrant Name: Whois Agent (279306283)
Registrant Organization: Whois Privacy Protection Service, Inc.
Registrant Street: PO Box 639
Registrant Street: C/O claims-stretto.com
Registrant City: Kirkland
Registrant State/Province: WA
Registrant Postal Code: 98083
Registrant Country: US
Registrant Phone: +1.4252740657
Registrant Phone Ext:
Registrant Fax: +1.4259744730
Registrant Email:
Admin Name: Whois Agent
Admin Organization: Whois Privacy Protection Service, Inc.
Admin Street: PO Box 639
Admin Street: C/O claims-stretto.com
Admin City: Kirkland
Admin State/Province: WA
Admin Postal Code: 98083
Admin Country: US
Admin Phone: +1.4252740657
Admin Phone Ext:
Admin Fax: +1.4259744730
Admin Email:
Tech Name: Whois Agent
Tech Organization: Whois Privacy Protection Service, Inc.
Tech Street: PO Box 639
Tech Street: C/O claims-stretto.com
Tech City: Kirkland
Tech State/Province: WA
Tech Postal Code: 98083
Tech Country: US
Tech Phone: +1.4252740657
Tech Phone Ext:
Tech Fax: +1.4259744730
Tech Email:
Name Server: NS1.AMSTERDAM-HOSTING.TO
Name Server: NS2.AMSTERDAM-HOSTING.TO
DNSSEC: unsigned
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.4259744689
URL of the ICANN WHOIS Data Problem Reporting System: http://HTTP://WDPRS.INTERNIC.NET/

The legitimate website is: https://cases.stretto.com/celsius/claims/

[Mode of infection:]

Another variant of crypto stealers has been discovered lately, called Statc Stealer. It is defined as a sophisticated malware that targets Windows OS for now, steals sensitive information, including web browsers, crypto wallets and other social media platform passwords. It is so sophisticated that it was developed using C++ and so has a evading skills and sandbox detection.

Mode of infection:

The Zscaler ThreatLabz team recently discovered Statc Stealer. This malicious software gains access to a victim’s data by appearing like an authentic Google advertisement. Once the victim clicks on the advertisement, their operating system is infected with malicious code that steals sensitive data like credentials from web browsers, credit card information, and cryptocurrency wallet details. Unauthorized access to a victim’s computer system can have enormous personal and professional repercussions. Victims become easy targets for identity theft, cryptojacking, and other forms of malware attacks. At the enterprise level, a Statc Stealer breach can result in financial loss, reputational damage, legal liabilities, and regulatory penalties.

Attack Chain:



So once you download it in your system, it will steal every information that it can find and then send it to a command and control server. So they will have total control of your system then.

Targeted Browsers:

 - Chrome
- Microsoft Edge
- Brave
- Opera
- Yandex
- Mozilla Firefox

Stealing auto-fill data:

- Usernames and passwords
- Email
- Credit card details
- Personal addresses
- Payment information

Crypto related wallets:

- Cryptocom-Wallet
- Petra-aptos-wallet
- exodus-web3-wallet
- bitkeep-crypto-nft-wallet
- liquality-wallet
- ethos-sui-wallet
- suite-sui-wallet
- tallsman-polkadot-wallet
- Enkrypt-ethereum-polkadot
- leap-cosmos-wallet
- pontem-aptos-wallet
- fewcha-move-wallet
- rise-aptos-wallet
- teleport-wallet
- martin-wallet-aptos-sui
- avana-wallet-solana-wallet
- glow-solana-wallet-beta
- solflare-wallet

https://www.zscaler.com/blogs/security-research/statc-stealer-decoding-elusive-malware-threat
So we should be really be careful of what we click and downloaded in the net right now specially if we are using the same pc or laptop for our crypto related activities including wallet softwares as we might be the next victim of this kind of malware.

[What happened:]

What happened: There is a fake https://10ktf.com/ out there so be careful. And if you are going to look at https://opensea.io/collection/10ktf, it's one of the biggest out there. So criminals just copy the website and will ask you to connect your wallet right away.

Website:

Code:

https://l0ktf.com/

Archive: https://web.archive.org/web/20230629213126/https://l0ktf.com/

So again, this is a warning to everyone, the real website is: https://10ktf.com/.

AS you can see if it very hard to spot as the criminals is using a known attack vector: homoglyph attack. And the this fake website is very similar to the real website:

[cryptocurrency wallets]

Anyone downloaded Super Mario 3: Mario Forever game for Windows?

If yes, then your crypto accounts are in danger right now, as the downloader has a trojan in it.

It comes in 3 executables:

Code:

 super-mario-forever-v702e.exe
java.exe
atom.exe 

Once it has been installed, it will executes them to run an XMR (Monero) miner and a SupremeBot mining client. But not only that, they've used what is commonly known as Umbral Stealer, take advantage of that program,

This stolen data includes information stored in web browsers, like stored passwords and cookies containing session tokens, cryptocurrency wallets, and credentials and authentication tokens for Discord, Minecraft, Roblox, and Telegram.

The game itself is being propagated thru gaming forums, so most likely it might have been downloaded thousand times already. And if you think you are a victim, then

- Users need to monitor their system performance and CPU usage regularly.

- Installing a reputable antivirus and internet security software package on all connected devices, including PCs, laptops, and mobile devices, is highly recommended.

- Scan your PC for any malware and remove it if detected.

- To ensure your safety, reset your passwords for sensitive accounts such as banking, financial, cryptocurrency, and email.

- Use a unique password for each account and store it in a password manager for added security.

- When downloading games or any software, only from official sources like the publisher’s website or trustworthy digital content distribution platforms.

- Always scan any downloaded executables with your antivirus software before launching them and ensure that your security tools are up-to-date.

https://www.bleepingcomputer.com/news/security/trojanized-super-mario-game-used-to-install-windows-malware/
https://gridinsoft.com/blogs/trojanized-version-super-mario-malware/

[What Happened:]

What Happened: Fake 5000 BTC Gemini Airdrop

Website:

Code:

 https://winkbit.net/gemini-giveaway/#last-news 

I saw this in my twitter feed, unfortunately, it might have been deleted already.

Nevertheless, since there is a big buzz about institutional money coming in in the last couple of days, this scammers created this kind of websites to attract and victimized unsuspecting crypto investors who think that they can double their bitcoins based on the comments by some so called "users".

So just be careful if you see this one.

There is a new nformation-stealing malware called Mystic Stealer, which targets a lot of browsers and and web browsers extension that includes, our cryptocurrencies.
So this malware extracts data from the host computer, and then it can also extracts cryptocurrency wallets, and then collects auto-fill data, browsing history, cookies and others.








Targeted Cryptocurrency Applications:

• MyMonero
• Exodus
• Binance
• Raven
• Armory
• Dogecoin
• MultiBit
• Bitcoin
• DashCore
• Electrum
• Litecoin
• BitcoinGold
• WalletWasabi
• Atomic
• Guarda
• Electrum-LTC
• MyCrypto
• Bisq
• DeFi Blockchain
• Coinomi
• TokenPocket

Mode of infection is always the same, crack softwares, torrents and warez, unsolicited emails.

So again, just a reminder to everyone just to be careful of anything you download in the web as it may contains a malware and might be too late once our crypto wallets have been drained.

https://inquest.net/blog/2023/06/15/mystic-stealer-new-kid-block

So Binance is leaving the Dutch market as well,

Notice on Changes of Services in the Netherlands
2023-06-16 16:40
Fellow Binancians,

We regret to announce that Binance is leaving the Dutch market. With immediate effect, no new users residing in the Netherlands will be accepted. Starting from 2023-07-17 at 00:00 UTC (2023-07-17 at 02:00 UTC+2), existing Dutch resident users will only be able to withdraw assets from the Binance platform. No further purchases, trades or deposits will be possible. We encourage users to take appropriate action by withdrawing assets from their Binance accounts.

Binance has been in a comprehensive registration application process as a virtual asset service provider (VASP) with the Dutch regulator. Although we explored many alternative avenues to service Dutch residents in compliance with Dutch regulations, unfortunately this has not resulted in a VASP registration in the Netherlands at this time. Binance will continue striving to obtain authorizations to provide our products and services to users in the Netherlands.

https://www.binance.com/en/support/announcement/notice-on-changes-of-services-in-the-netherlands-b5a647be31cf469b87fc3337fd461ced?

So after Canada, and most likely USA, the next country that Binance will have to leave is the Dutch market.

Not sure how big Dutch market is, but it seems to be the same problem with the regulators in that country. So it's sad for our Dutch users of Binance, but their government has made it hard for Binance to register it's services.

A new malware in the wild was spotted by trend micro. It leverage what we call runas.exe function, so they take advantage of it and can run the propagation with administrative privileges.

By using the runas.exe command, users can run programs as an administrator or any other user account with appropriate privileges, provide a more secure environment for running critical applications, or perform system-level tasks. This utility is particularly useful in situations where the current user account does not have sufficient privileges to execute a specific command or program. In the case of Bandit Stealer, this is done with the following command line:

The Bandit malware was so intelligent that it will check for several environment first, and alter itself depending on where it is running.

What's scary is that it targets the following wallets:




So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html

[The SEC will not let crypto companies “come in and register” – we tried.]

You can read Robert Kennedy's Jr stance on bitcoin, mining and other subjects regarding crypto.



https://twitter.com/RobertKennedyJr/status/1653808786577010697

I would agree on his points, specially that it seems that Biden administration is driving away this innovation. For instance, Coinbase and other exchanges are in the limelight because SEC has been sending Well's notice,

https://www.law.cornell.edu/wex/wells_notice

A "Wells Notice" is a letter sent by a securities regulator to a prospective respondent, notifying him of the substance of charges that the regulator intends to bring against the respondent, and affording the respondent with the opportunity to submit a written statement to the ultimate decision maker.

There is no legal requirement for a regulator to provide a Wells Notice, however it is the practice of the SEC and the NASD to provide such notice.  Procedurally, the SEC and NASD Staff (the people you are dealing with during the investigation) do not have the authority to commence proceedings.  They need to obtain approval to commence proceedings.  The approval process is handled without any input from the prospective defendant.

And as a response to that, Coinbase,

The SEC will not let crypto companies “come in and register” – we tried.

The U.S. crypto regulatory environment needs more guidance, not more enforcement

https://www.coinbase.com/blog/we-asked-the-sec-for-reasonable-crypto-rules-for-americans-we-got-legal

And they've also expanding with their International Exchange: https://www.coinbase.com/blog/introducing-coinbase-international-exchange

And the concern about bitcoin mining's effect, there is a good paper to read about it, Can Bitcoin Stop Climate Change? Proof of Work, Energy Consumption and Carbon Footprint (SoK).

Ok, it seems that criminals has found it's way to scam people using the latest technology that we have right now, which is AI. This is not new modus though, but this time they have take advantage of AI plus human emotions to be able to pull this one of:

You get a call. There's a panicked voice on the line. It's your grandson. He says he's in deep trouble — he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You've heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that's how.

https://consumer.ftc.gov/consumer-alerts/2023/03/scammers-use-ai-enhance-their-family-emergency-schemes

So scammers thru AI has found a way to clone and mimic our love ones voice. And then we received this calls, they they are any form in a emergencies and need money or even bitcoin at some point. And so you panic and send them the money right away without hesitation. And after that initial shock, you realized that you have been scammed already.


AI can replicate voices in high-tech phone call scams, FTC warns
So everyone just be careful out there, as AI is evolving and so is the criminals with elaborate modus to get money or crypto from us.

A new MacOS malware in the wild,



https://twitter.com/phd_phuc/status/1651001139750420480

And it will extract the victims with the following information including crypto wallets:

Desktop cryptocurrency wallets:

• Electrum
• Binance
• Exodus
• Atomic
• Coinomi

Cryptocurrency wallet extensions including:

• Trust Wallet
• Exodus Web3 Wallet
• Jaxx Liberty
• Coinbase
• Guarda
• TronLink
• Trezor Password Manager
• Metamask
• Yoroi
• BinanceChain

It's scary that threat actors are also targeting MacOS for sometime not and not just Windows or Chromium based OS.

There is a new android malware in the wild and it's called Chameleon. As far as research goes, this is new, and not related to any malware or strain of it. And it hides behind a crypto currency app CoinSpot. And it's found to be using different kind of icons to trap users in downloading them.



And the way they are spread:

-   compromised websites,
-   Discord attachments,
-   and Bitbucket hosting services.

And it has this capabilities:

-    Keylogging
-    Overlay attack
-    SMS-harvesting
-    Preventing uninstallation
-    Cookie stealer
-    Lock grabber
-    Anti-emulation technique
-    Auto-uninstallation
-    Disabling Google Play Protect

So just be careful downloading Coinspot, if you are using it, be sure you got it from reputable source.

https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/

There is a message on block 785,389.

This block was mined by a zero  emission bitcoin mining computer

https://mempool.space/block/0000000000000000000218fb4d385e6fad766de5d83313591eba6711b9621164

And probably we can lay all arguments against bitcoin mining being harmful to the environment.

And we all know that Chipmixer has been seized, but there are still a lot of clone sites in the wild that someone might fall. Testing some keywords and this is the result:



For sure there are still sites that mimic this mixing service for the purpose of stealing our BTC by this cyber criminals.

Code:

https://chipmixer.one/

And if you are looking for tumbler services, you can check this thread: 2023 List Bitcoin Mixers Bitcoin Tumblers Websites