 Show Posts
|
|
Pages: [1] 2 3 4 5 6 7 »
|
I'm not a US citizen, but just want to share you this,  https://cdn.nucleusfiles.com/be/beb1a388-1d88-4389-a67d-c1e2d7f8bedf/2024-gop-platform-july-7-final.pdfGo to page 9 and you will see what I mean, obviously, they are on the opposite side of the Biden and Democratic government so they will be against everything the current government has to say including everything related to crypto. and this issue could be the breaking point that might sway voters to Donald J. Trump. So are you willing to " Make America Great again"? |
|
|
|
The Medusa malware has re-emerge in the last couple of months, and since we are in the UEFA EURO 2024 fever, they've adjust and try to take advantage of this sporting events and uses it as a bait for download and to steal all information that they can get from their victims,  So it targets mostly countries obviously in Europe as this is the most hype as far as UEFA EURO 2024 goes. And this time the malware botnet is light, but more capabilities like screen capture, so for the victims, they think that they might safe but they are not. The recent dropper apps includes a fake streaming app called 4K, and so that's where we can be trap if we are looking for free streaming for our UEFA EURO 2024.  So for football fans out here in our community, just be very careful of looking for free streaming in the internet or in our mobile devices as we don't know if the streaming that we will access is dropping something in our device from the background and could steal our sensitive information including banking logins and our crypto wallets. https://www.cleafy.com/cleafy-labs/medusa-reborn-a-new-compact-variant-discovered |
|
|
|
Researchers was able to uncover hackers exploiting a supposedly mechanism of a known anti-virus from India, eScan and plant backdoors on it. This is a sophisticated attack and it said that it come from a well known state sponsored hacking group from North Korea. Backdoors include crypto miner and a second module scanning for stored private keys and cryptowallets on the local system. So this is a double attack from the cyber criminals. So just imagine how advance this invasion is, a anti-virus itself that they can stick their code and hijack it. Below is the infection change. Although the initial point of attack is large corporations, still they can deploy it to focus on everyone specially crypto enthusiast.  https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/ |
|
|
|
I might as well report this here, as there could be more attacks like this in the future, criminals. They are leveraging Federal Communications Commission (FCC) employees pages for Okta that appear similar to the original.  However, for us, this criminals already uses the same method to target and impersonate okta and uses phishing page for Binance, Coinbase, Kraken and Gemini.  Here is a sample message potential victims received from the groups.  And with that, I think the success of this kind of phishing attempts is very complicated but could be base on the following. - they uses well crafted phishing URL that really looks similar to the original - then the psychology of "sense of urgency", in SMS or voice calls from this threat actor. https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kitSo it's better safe than sorry, as we need to be very cautious not only in email, now the attacks is thru SMS and voice mail. |
|
|
|
According the latest report author behind Bunny Loader, has released it version 3.0, as it is more compact that ever and has the capability to again be in stealth mode and hard to detect. And it developed more sophisticated information stealer malware that includes cryptocurrencies. As a keylogger, records all keystrokes, identify when the victim authenticates to sensitive applications or services. And as a clipper module, targets the following cryptocurrencies address:   For credit cards, here is the list of the targets,  https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/So we all know how this are being spread, - emails riddled with malwares - fake software downloads - fake messages flushing in your computer like "you have been infected" and you need to click a link. |
|
|
|
There is a group of hackers right now that are abusing the Google Cloud Run. Cloud Run is a managed compute platform that lets you run containers directly on top of Google's scalable infrastructure. https://cloud.google.com/run/docs/overview/what-is-cloud-runAnd with that, hackers are using this services and include it in their emails. Mostly the originator of this emails comes from or the target is Spanish and other LAT-AM countries,  And this is a sample copy of an email that the hackers are sending to trap their victims,  And just like any other malwares and trojans, it just used to be attacking banking applications but they have evolved so much in the following years and now crypto is also in their cross hairs. Here are the list of crypto exchanges and wallets,  The malware goes by so many names now as it has been evolving and cyber groups improving it to extend their targets. Most of infection is thru email, so the basic security practice should be used here like not clicking any links from unknown sources. Find in-depth resources on: https://blog.talosintelligence.com/google-cloud-run-abuse/ |
|
|
|
On Friday, the U.S. Justice Department (DoJ) revealed the confiscation of online infrastructure utilized for distributing a remote access trojan (RAT) known as Warzone RAT.  https://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-salesWell we can call t his accomplishment by the DoJ, but there are a lot of this groups plowing around specially in the crypto sphere. And hopefully they will continue to investigate and dismantle this kind of groups so that there will be no crypto enthusiast victims. And to be honest, we are one of those being targeted by his cyber criminals because of the huge money that they can take. And they can operate undetected for years and so they rake up big profits here. And hopefully there will be justice here and long jail time for those arrested. |
|
|
|
 https://twitter.com/CryptoKingKeyur/status/1677914373614891008/photo/1In a recent news, financial records of Robert F Kennedy Jr shows that he is a bitcoin holder, and reported to have own between $100k and $250k worth. And that's why recently you will hear him to be a bitcoin supporter and attacking Biden and his cohorts for being anti-bitcoin or anti-crypto.
Sorry for the double post. It seems that the forum is very slow again. |
|
|
|
https://twitter.com/CryptoKingKeyur/status/1677914373614891008/photo/1In a recent news, financial records of Robert F Kennedy Jr shows that he is a bitcoin holder, and reported to have own between $100k and $250k worth. And that's why recently you will hear him to be a bitcoin supporter and attacking Biden and his cohorts for being anti-bitcoin or anti-crypto.
|
|
|
|
Anyone heard this news? What's your take on this? It's this the beginning of the downfall of the NFT market or can we say that it will still survived till the next bull run? OpenSea, one of the largest NFT marketplaces, has been hit particularly hard, with its valuation now facing a significant cut by one of its most prominent investors, Tiger Global. According to a recent report by The Information, Tiger Global, a $13 billion tech-focused venture fund, recently disclosed that its equity in OpenSea has dropped from $126.8 million to $30.2 million, representing a 76% drawdown. The firm became one of the largest investors in OpenSea when the NFT platform raised $300 million during a Series C round earlier last year. https://zycrypto.com/key-opensea-investor-cuts-platforms-valuation-by-75-as-global-nft-sales-plummet/For me though, I'm not surprised, we are still the bear market, although it seems that majority of the coins are bouncing back, I still one big reason for the sudden downfall of the NFT market is the obvious bearish trend. And that's how the market works as we all know it, sooner or later the hype will die down a bit, like the P2E model. So we will see if NFT can live or continue to exists till the next bull run. It will be the ultimate test for this market, in my opinion. |
|
|
|
Vladimir Dunaev, 28, was arrested in South Korea and was extradicted to the US to faced charges with his involvement to Trickbot malware: A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. https://thehackernews.com/2021/10/russian-trickbot-gang-hacker-extradited.htmlI'm sure some of us here are familiar with this malware as it leave a lot of footprints specially in crypto mining. TrickBot is capable of data exfiltration over a hardcoded C2 server, cryptomining, and host enumeration (e.g., reconnaissance of Unified Extensible Firmware Interface or Basic Input/Output System [UEFI/BIOS] firmware) (Exfiltration Over C2 Channel [T1041], Resource Hijacking [T1496], System Information Discovery.[2] For host enumeration, operators deliver TrickBot in modules containing a configuration file with specific tasks. https://us-cert.cisa.gov/ncas/alerts/aa21-076aLet's see how US will handle this case as the involved is a Russian National. And they really work hard to capture a lot of cyber criminals around the globe. They still have a Latvian national on their custody as well: Alla Witte known as Max A Latvian national was arraigned in federal court in Cleveland, Ohio, today on multiple charges stemming from her alleged role in a transnational cybercrime organization responsible for creating and deploying a computer banking trojan and ransomware suite of malware known as “Trickbot.” https://www.justice.gov/opa/pr/latvian-national-charged-alleged-role-transnational-cybercrime-organization |
|
|
|
WASHINGTON — As part of the whole-of-government effort to counter ransomware, the U.S. Department of the Treasury today announced a set of actions focused on disrupting criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement. Treasury’s actions today advance the United States government’s broader counter-ransomware strategy, which emphasizes the need for a collaborative approach to counter ransomware attacks, including partnership between the public and private sector and close relationships with international partners. https://home.treasury.gov/news/press-releases/jy0364So as part of US anti ransomware strategy, they imposed a sanctioned against a Russian based crypto exchange name SUEX who according to them are abetting criminals. Because 40% of the incoming and outgoing transactions come from ransomware "operators such as Ryuk, Conti, and Maze, and other scams involving bitcoin and other cryptocurrencies as well. Not sure how effective this is, but just maybe flexing their muscle again. And we all know that Russian government won't take any actions against such entities unless they targeted Russian citizens. |
|
|
|
Another new trojan was discovered recently, dubbed as SOVA - which is a Russian word for "Owl". It stand out from other Android malware/trojan is that it is a session cookie theft. What makes it dangerous is that the criminals can now have access to valid logged in sessions without needing your banking credentials. Functionalities of the bot, as advertised by its authors, include:
Steal Device Data.
Send SMS.
Overlay and Cookie injection.
Overlay and Cookie injection via Push notification.
USSD execution.
Credit Card overlays with validity check.
Hidden interception for SMS.
Hidden interception for Notifications.
Keylogger.
Uninstallation of the app.
Resilience from uninstallation from victims. screenshot of VirusTotal:  Clipper & Cryptocurreny wallets
Another feature that is incorporated in S.O.V.A., that we observed in other malware like Medusa, is the ability of altering the data in the system clipboard. The bot sets up an event listener, designed to notify the malware whenever some new data is saved in the clipboard. If the string of data is potentially a cryptocurrency wallet address, S.O.V.A. substitutes it with a valid address for the corresponding cryptocurrency.
The supported cryptocurrencies are Bitcoin, Ethereum, Binance coin, and TRON. The relative addresses can be found in the IOC section.
The good thing though is that no one has fallen victims so far, but who knows, maybe when it goes and scattered in the wild victims are going to come out.  You can read it here: https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html |
|
|
|
Director and Promoter of BitConnect Pleads Guilty in Global $2 Billion Cryptocurrency Scheme SAN DIEGO—Glenn Arcaro of Los Angeles pleaded guilty today in federal court for his participation in a massive conspiracy involving BitConnect, a cryptocurrency investment scheme, which defrauded investors from the United States and abroad of over $2 billion. The BitConnect scheme is believed to be the largest cryptocurrency fraud ever charged criminally.
As admitted in documents entered today before U.S. Magistrate Judge Mitchell D. Dembin, Arcaro conspired with others to exploit investor interest in cryptocurrency by fraudulently marketing BitConnect’s proprietary coin offering and digital currency exchange as a lucrative investment.
Arcaro admitted that he earned no less than $24 million from the BitConnect fraud conspiracy, all of which, according to court documents, he must repay to investors.
Maximum penalty: Twenty years in prison, $250,000 fine or twice the gross gain or loss from the offense, whichever is greater; forfeiture and restitution
https://www.justice.gov/usao-sdca/pr/director-and-promoter-bitconnect-pleads-guilty-global-2-billion-cryptocurrency-schemeI guess this is the proverbial "Justice has been served", adage. I still remember this one, many members here have issued warnings about it, but still many has fallen for it. And hopefully all the victims can be refunded so that this case can be close for good. If there is a victim here from this scam, please contact the FBI at bccinvestor@fbi.gov. |
|
|
|
Not sure if this has been shared here, OpenSea users are being targeted in an ongoing and aggressive Discord phishing attack to steal cryptocurrency funds and NFTs.
Over the past week, threat actors have been lurking in OpenSea's Discord server, pretending to be official support representatives for the site.
These fake support reps provide private "support" to OpenSea users needing help, which invariably leads to the loss of cryptocurrency and NFT collectibles stored in the victim's MetaMask wallets. https://www.bleepingcomputer.com/news/security/fake-opensea-support-staff-are-stealing-cryptowallets-and-nfts/Actually one user has already fallen for this trick a total of 4.5 ETH and more.  https://twitter.com/_jeffnicholas_/status/1430046727843717125Just not NFT's, but everything that involves crypto and you need help, don't panic and take a deep breath. Because once you don't think logically, you will fall for the scammers trip, like giving you sense of security that they will help you. |
|
|
|
Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. After months of sleuthing, his investigators identified the likely culprits: Two young men in Britain who were both minors at the time of the crime (both are currently studying computer science at U.K. universities).
A forensic investigation of Schober’s computer found he’d inadvertently downloaded malicious software after clicking a link posted on Reddit for a purported cryptocurrency wallet application called “Electrum Atom.” Investigators determined that the malware was bundled with the benign program, and was designed to lie in wait for users to copy a cryptocurrency address to their computer’s temporary clipboard.
https://krebsonsecurity.com/2021/08/man-robbed-of-16-bitcoin-sues-young-thieves-parents/And this is the actual copy of the mail the victim wrote to the parents, but it fail on deft ears.  So what he do is sue the parents themselves. What do you think of this case though, will it prosper and make the parents liable and will he able to get back his bitcoins as clearly there are enough evidence to point out that their kids really stole it from him. |
|
|
|
There is a new or at least mutated banking trojan that now targets Japan base crypto exchanges. So for now it seems that it's specific for Japan, but I think this is just the beginning as the author might released it to attack other country base crypto currency exchange. Looking into the Cinobi sample, we found that the overall functionality remained relatively the same, but the configuration had been updated to include several Japanese cryptocurrency exchange websites as part of the target list. The group started to use Cinobi to steal the credentials of its victim’s cryptocurrency account. Infection routine: The campaign’s infection routine begins when a user received malvertisements that are disguised as advertisements of either Japanese animated porn games, reward points applications, or video streaming applications. While we have observed five different themes of their malvertisements, all of them attempt to trick victims into downloading the same archive with the same malware. So there is mode of attack, I don't fall on any of the category though, but either way, it's better to stay and practice good security hygiene so that the chances of us being the victim is slim to one. You can read it here: https://www.trendmicro.com/en_in/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html |
|
|
|
Vitalik Buterin recently donated billions worth of to India, to fight the Covid-19 pandemic in the country. He gave it to https://cryptorelief.in (India COVID-Crypto Relief Fund.) Now, this is one of the biggest if not the biggest donations to India we have seen so far. And the money that he donated comes from a meme coin, Shiba Inu. Vitalik sold his trillion Shiba Inu and the profits went as donations. I do hope that it will make the big difference, as we all know we have heard horror stories as thousands of our Indian brothers are dying, as the second wave really took a tool on the country. |
|
|
|
|
