Search This Blog

Showing posts with label Bitcoin. Show all posts

A Crypto Mining Botnet is Abusing Bitcoin Blockchains

 

Security experts from Akamai have detected another botnet utilized for illegal cryptocurrency mining exercises that are abusing Bitcoin (BTC) transactions to remain under the radar. This procedure permits botnet operators to make their infrastructure resilient to takedown led by law enforcement. 

“A recent piece of malware from a known crypto mining botnet campaign has started leveraging Bitcoin blockchain transactions in order to hide its backup C2 IP address. It’s a simple, yet effective, way to defeat takedown attempts.” reads the post published by Akamai. “Recent infection attempts against Akamai SIRT’s custom honeypots uncovered an interesting means of obfuscating command and control (C2) infrastructure information. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.” 

The infection chain starts the exploitation of Remote Code Execution (RCE) vulnerabilities affecting Hadoop Yarn, Elasticsearch (CVE-2015-1427), and ThinkPHP (CVE-2019-9082). Botnet operators utilized Redis server scanners to discover installs that could be undermined to mine cryptocurrencies. The experts assessed that botnet operators have mined more than $30,000 in Monero in public pools since 2018. Experts distinguished various variations over time, using different techniques and tools. 

The more seasoned variants were utilizing a shell script to do the main functions, for example, disabling security features, killing off competing infections, establishing persistence, and in some cases, propagating within the compromised network. Newer variations of the shell script leverage binary payloads for handling more system interactions, like killing off competition, disabling security features, modifying SSH keys, downloading, and starting the miners. Botnet operators use cron jobs and rootkits to accomplish persistence and re-infect with the most recent rendition of the malware. 

In December 2020, the researchers found a BTC wallet address that was included in new variations of the miner, alongside a URL for a wallet-checking API and bash one-liners. The experts found that the wallet information was being fetched by the API and used to figure an IP address used to maintain persistence. By fetching addresses through the wallet API, botnet operators are able to obfuscate and backup configuration data on the blockchain. Experts noticed that by pushing a modest quantity of BTC into the wallet, operators can recuperate infected systems that have been orphaned.

Bitcoin Surpasses $50,000 Mark For The First Time Ever

 

The cost of Bitcoin on Tuesday hopped above $50,000, carrying its year-to-date gain to 74%. Ongoing interest from Wall Street institutions has added to the momentum. Bitcoin rose by as much as 4.9%, to $50,547.70. The cryptocurrency at that point pared gains slightly, exchanging at $48,853.99 as of 9 a.m. ET. After ending last year with a fourth-quarter surge of 170% to around $29,000, Bitcoin token leaped to $40,000 seven days after the fact. It took just nearly a month and a half to breach the latest threshold, buoyed by endorsements from the likes of Paul Tudor Jones, Stan Druckenmiller, and Elon Musk. Bitcoin exchanged for a few cents for quite a long while after its introduction more than a decade ago. 

Tesla Inc's. declaration that it added $1.5 billion in Bitcoin to its balance sheet was the most noticeable recent impetus, sending the cost up 16% on Feb. 8, the greatest one-day acquire since the Covid-19 inspired financial markets volatility in March. Optimism grew after Mastercard Inc. furthermore, Bank of New York Mellon Corp. moved to make it simpler for clients to utilize cryptocurrencies, while Bloomberg reported on Saturday that Morgan Stanley may add Bitcoin to its rundown of possible bets. 

Sustained interest from organizations decidedly affects Bitcoin's value, pushing it on an upward bend. In December of 2020, it touched an all-time high crossing $24,000 in valuation. This was a 224% expansion from where it began its excursion toward the start of the year. By the start of 2021, BTC had leaped to a $40,000 valuation. In the second seven-day stretch of May 2020 Bitcoin saw its third halving occurred since its inception, in this way getting a further drop in its assessed future supply, Sumit Gupta, CEO, and Co-Founder, CoinDCX said. 

The interest from huge players has upheld the narrative that institutional investors are increasingly interested in Bitcoin. This conviction has been a critical driver of the bewildering rally in the cost of Bitcoin. It has likewise helped other cryptocurrencies, for example, ether, the coin on the Ethereum network. Its cost was roughly flat on Tuesday, at $1,793, in the wake of hitting a record high above $1,870 over the course of the weekend.

Discord Cryptoscam: Scammers Lure Players to Fake Cryptocurrency Exchange Site

 

Experts at Kaspersky have issued a warning alarming that hackers are attacking Discord users, with a scam that focuses on counterfeit cryptocurrency transactions and using the bait of free Ethereum cryptocurrency or Bitcoins to steal user data and money. The cyber scam fools victims on cryptocurrency servers of Discord by sending users a message that looks like a legit ad of an upcoming trading platform that is doing cryptocurrency giveaway. The scammer then deploys social engineering techniques to generate sign-ups, as per the Kaspersky report.  

Experts believe that the ad offers such generous offers to get user interest, the offer depends on the message to message. However, the gist always remains the same, for instance, if the exchange will help the traders in dire times or is it just trying to lure new users. In this case, says Kaspersky, there'll be a lucky user who'd be chosen for the reward of free Ethereum cryptocurrency or Bitcoins. As we all know, the Discord platform was built solely for gamers, but various users, varying from study groups to cryptocurrency enthusiasts, use Discord's handy servers, channels, and private messages for communication. 

The user diversity becomes an easy target for hackers to scam. In this particular incident, the scammer first tried to send the victim a fake message with emojis and added details that contained a code to free cryptocurrency gifts. The message contained a malicious link that led the user to a fake cryptocurrency exchange domain. When the victim clicks the given link, he's redirected to a website (fake of course). The cryptocurrency exchange site has details like trading info, charts, and trading history (to make it look more genuine). 

"The attention to detail even extends to offering victims two-factor authentication to secure their accounts, plus antiphishing protection. Here, of course, the purpose is purely to add plausibility; the site’s true purpose is to transfer money from victim to criminal," reports Kaspersky. "The scammers claim to need a top-up — in our case, 0.02 BTC or an equivalent amount in Ethereum or US dollars. The scammers appear to be collecting a database to sell; many legitimate services, including financial ones," it further says.

DDoS Attacks increase by 154% in 2020 states Neustar

 

DDoS- Distributed Denial of Service is a cyber attack on a specific server or network. It attempts to disrupt the normal functioning of operations. DDoS attacks do all this by flooding the targeted network or server with constant traffic, such as fraudulent requests which overwhelm the system, causing a disruption or denial of service to legitimate traffic. 

In the past few years, the DDoS attacks have doubled showing a significant hike in the attempts by the attackers to threaten the victim of such attacks unless the required ransom is paid to them. Security analysts in Neustar (a global information services and technology company and leader in identity resolution) studied cyber threats and illegal activities and it was found that the number of DDoS attacks between 2019 and 2020 rose by 154 percent. The areas that took a major hit are financial services, telecommunications, and government departments. This figure indicates the rising number, frequency, and severity of cyber-attacks of network sort as remote operations moved companies and grew employee dependency on the internet.

DDoS attacks are emerging, even more frequently now. One important factor why the DDoS attacks have become more common is that even for low-level cybercriminals they are fairly easy to carry out. The rise in smaller DDoS attacks has been largely linked with the rising attack sophistication and intensity. 

Instead of relying on ransomwares or other viruses to take a network-related hostage, DDoS attackers literally threaten DDoS victims if the payment – usually requested in bitcoin –is not received in time. In order to convince the victim to pay, offenders frequently present an assessment of what could come with a short-lived DDoS attack. All that the DDoS attackers require is a botnet to flood traffic to target networks – which can be recruited at cheap underground forums.

"Organisations should avoid paying these ransoms. Instead, any attack should be reported to the nearest law enforcement field office, as the information may help identify the attackers and ultimately hold them accountable," said Michael Kaczmarek, vice president of security product management at Neustar. 

Yet amid warnings of going off-line, it is advised to refrain from reacting to the demands of cybercriminals, so that ransom-led DDoS attacks can be contained to some extent.

3 Unique Procedures to Counter Money Laundering in India

 

The main weapon used by money launders to launder cash is bitcoin and other cryptocurrencies alternatives. India’s cryptocurrency exchanges deployed their own KYC regulations and anti-money laundering protocols for users.

Nishal Shetty, CEO of India’s largest cryptocurrency exchange WazirX said we follow all the necessary protocols such as asking users for ID and address proof like Aadhar and PAN Card. Our platform also emphasizes that money must come from the concerned customers' bank account and not from the third party bank account.

Cryptocurrency exchanges use various procedures to conduct KYC, one such method is penny drop. Penny drop method helps in verifying the user’s personal information and bank details, for example, a token of 10 rupees is transferred to the user’s account to confirm bank account details. This method confirms the account holder’s name as registered with the bank, to the transferor.

Neeraj Khandelwal, co-founder of CoinDCX stated that “for corporate clients who are given higher trading limits, more documents like articles of association, board resolutions authorizing crypto investment, etc. are needed”.

Chainlink is one of the most familiar software among cryptocurrency exchanges which helps in identifying rogue addresses. Khandelwal further stated “we use a globally renowned crypto AML tool to check for blacklisted crypto addresses. If a legitimate user has got crypto from such an address, maybe through peer-to-peer and he or she wants to transact on our exchange, we ask for additional KYC such as source of funds and profession”.

Bitcoins and other cryptos are not held in bank or demat accounts contrary to other financial assets such as stocks, bonds, and FDs. The cold wallet is the method that can be used for holding on to the bitcoins and other cryptos, it is the hardware device or even paper that is not linked to the internet. Therefore, cold wallets cannot be easily seized by law enforcement authorities.

Bitcoin Scammers Tricked People by Using Elon Musk’s Name

 

Security researcher MalwareHunter team exposed a cryptocurrency scam through which scammers were targeting the users on Twitter, this scam was running in the name of TESLA CEO Elon Musk. Scammers were tricking people by hacking verified Twitter accounts and swapping the name to ‘Elon Musk’ and responding to the tweets of real Elon Musk.

The scammers were successful in tricking the users on Twitter by requesting them to send cryptocurrencies in exchange for collecting a huge amount later. The threat actors have managed to earn $587,000 in bitcoin through a scam promoting fake Elon Musk cryptocurrency giveaway.

MalwareHunter team stated that scammers hacked the inoperative accounts, “big % but not all. At least 2-3 was active within a few weeks to few days, of those one looked possible the last activities were not from the original owner but of course couldn’t verify”. This is not the first time that scammers have tricked Twitter users in the name of Elon Musk giveaway, in 2018 scammers successfully managed to earn $180,000 by running an Elon Musk giveaway promotion. 

Cybersecurity organization Adaptiv assembled the data in June 2020 which showed that Bitcoin scammers have managed to earn nearly $2million over a period of two months and no surprise, scammers have used the name of Elon Musk. Elon Musk gave concerning remarks on these scams in February 2020 by stating “the crypto scam level on Twitter is reaching new levels, this is not cool”.

Threat actors targeted the verified Twitter accounts and took advantage of Twitter’s new protocol as Twitter shut down the feature to verify an account in July due to the company was targeted by the scammers in a major cryptocurrency scam.

Worst Plunge Since March Shakes Faith in Bitcoin

 

Bitcoin ride took another twist on Monday, as the worst two-day tumble in the digital currency since March stirred up worry that the polarizing crypto-currency boom may run out of steam. Bitcoin slid as much as 21% over Sunday and Monday in the greatest two-day slide since March. While the digital token recuperated a portion of the misfortunes during the European meeting, it was still down for most of the time.

"Time to take some money off the table," Scott Minerd, chief investment officer with Guggenheim Investments, said in a tweet from his Twitter account. "Bitcoin's illustrative ascent is impractical in the near term." In late December, Minerd anticipated Bitcoin could at last reach $400,000. 

Bitcoin has more than quadrupled in the previous year, bringing out recollections of the 2017 mania that originally made cryptocurrencies a commonly recognized name before costs fell just as quickly. Costs nearly came to $42,000 on Jan. 8 with retail traders and Wall Street investors clamoring for a slice of the pie. 

"It's to be determined whether this is the beginning of a bigger correction, but we have now seen this parabola break so it may very well be," said Vijay Ayyar, head of business development with crypto exchange Luno in Singapore.

People who believe in Bitcoin contend the rally this time is not quite the same as past win fail cycles in light of the fact that the asset has matured with the passage of institutional investors and is progressively seen as authentic support against dollar weakness and inflation risk. Others stress that the rally is untethered from reason and powered by huge swathes of fiscal and monetary related boost, with Bitcoin improbable to actually fill in as a feasible currency alternative. 

"Putting resources into crypto assets, or investments and lending linked to them, for the most part, includes facing extremely high challenges with investor’s money," the Financial Conduct Authority said in a statement. The FCA's concerns incorporate price volatility, the multifaceted nature of items offered, and the absence of customer protection regulation around a significant number of the products. 

With such countless investors wanting to get rich on Bitcoin, the asset is drawing the attention of regulators. On Monday, the UK's financial watchdog gave a distinct admonition for consumers hoping to benefit from crypto: be prepared to lose everything.

Pavel Durov's team advised the Ministry of Finance of Ukraine on cryptocurrencies.

 The Minister of Digital Transformation Mikhail Fedorov said that his department is in contact with the team of the developer of the Telegram messenger Pavel Durov.

According to Fedorov, he is familiar with Durov's team. Employees of the Ministry of Digital Transformation received advice on bills related to virtual assets and cryptocurrency

"I know Durov's team. I know all its management, we communicate, consult even on bills related to cryptocurrency, virtual assets, and so on."

The Minister said that he actively uses the Telegram messenger for fast communications. However, the information exchanged by officials is protected as much as possible, and all documents pass through electronic document management.

"Of course, questions of national importance do not need to be sent in messengers, this is understandable," added Mikhail Fedorov.

Answering the question about which of the messengers is the safest for him, the head of the Ministry of Digital Transformation noted that he most often uses Telegram and WhatsApp.

Recall that on December 2, the Verkhovna Rada of Ukraine in the first reading adopted as a basis the draft law "On virtual assets" regulating operations with cryptocurrencies in the country. The bill classifies virtual assets (VA) as an intangible good.

The function of the market regulator is assigned to the Ministry of Digital Transformation, and in some cases to the National Bank and the National Commission on Securities and Stock Market.

According to experts, the daily volume of cryptocurrency transactions in Ukraine is about $150-200 million. One of the authors of the document, Deputy Oleksiy Zhmerenetsky, noted that the bill will allow cryptocurrency companies to pay taxes and allow specialized foreign firms to cooperate with Ukrainian banks and invest in the industry.

Ukraine did not follow the Russian path of banning virtual assets, because this market is a growth point for Ukraine's GDP and an opportunity to become one of the world's technology leaders. In addition, it makes no sense to prohibit something that is technically impossible to control, as we have already seen in the case of blocking Telegram in Russia.

Recall that Roskomnadzor has added the site of the Binance crypto exchange to the list of banned sites in Russia.

New Wave of Cryptocurrency Misappropriation, Hacking, Theft and Fraud Targeting Users Massively in 2020


Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies – 46,000 bitcoin, 2.04 million ethereum, 56,000 bitcoin cash, 292,000 litecoin, and 684,000 EOS.

Cryptocurrency is a virtual or digital currency that uses cryptographical functions to make financial transactions. In order to gain transparency and immutability, it makes use of blockchain technology. It is decentralized in nature as there is no central authority controlling or interfering in the processes that include making cryptocurrency exchanges directly between two parties using private and public keys. Equating to money in the real-world it attracts a large possibility of cyber fraud.

On June 2, 2020, CipherTrace released its Cryptocurrency Crime and Anti-Money Laundering Report covering the global trends and latest developments to fight money laundering, terrorism financing, and sanctions evasion. It highlighted the need for regulation and compliance while reporting that 74% of bitcoin in exchange-to-exchange transactions was the cross border and 88% of funds sent to exchanges in 2019 by US Bitcoin ATMs were offshore. Researchers also noted that phishing sites are the most popular COVID-19 related products marketed on the dark web.

“While only 9.8% of the dark market’s one-hop (direct) interactions went directly to exchanges, 30.7% of its two-hop (once removed) interactions went to exchanges—more than tripling the risk exposure to exchanges,” the report read.

In addition, cryptocriminals are also employing several new malware to target cryptocurrencies, an undocumented Trojan called ‘KryptoCibule’ has been found targeting various cryptocurrencies by replacing wallet addresses and stealing cryptocurrency-related files. Previously reported P2P botnet, FritzFrog attempted to brute-force SSH servers of government, education and medical institutions, and telecom players, with an objective of mining cryptocurrency via XMRig miner. Over two weeks ago, a new botnet, dubbed as TeamTNT was observed stealing AWS credentials from affected servers.

With the old techniques being upgraded and the new ones being continually introduced to mine illicit financial gains, cryptocurrencies have become one of the most increasingly targeted areas at present. Users are advised to stay perceptive to indicatives of criminal behavior.

The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations' Networks


Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”.

The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect.

Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”.

After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous crypto-currency mining application particularly for the “Monero (XMR)” crypto-currency.

As per reports, if the public-facing IIS servers are linked with a company’s internal network, the malware group has a probability of trying to expand internally through an improperly-secured Server Message Block (SMB) connections or Remote Desktop Protocol ((RDP).

The exact number of infections that the botnet has caused isn’t all too clear but if an estimate was to be made the operations include 1,000 infections at the least. There also doesn’t seem to be a way to find the intensity of the threat.

Not many organizations out of the ones that were being observed by the researchers have been hit with this particular threat. And over a really little amount of time that they were tracked the above-mentioned number of infections surfaced.

Nevertheless, all companies alike are susceptible to this attack, even the ones that think they are safe and the number of infections could be more than estimated.

As per sources, the Telerik UI component which is allegedly vulnerable is a part of ASP.NET applications that run on their latest versions, even then the Telerik component may have versions that are out-dated but harmful to organizations, nonetheless. This component could exist in the applications used by a company and they might not even know about it leaving them endangered.

The Telerik UI CVE-2019-18935 vulnerability, per reports, has been widely let known as the one that is employed to embed web shells on servers. Another mentioned that this vulnerability is the most exploited and organizations need to better their firewalls to fight it. If for some reason the organizations don’t happen to have a web firewall they could always look for warning precursors in the server and workstation, reports cite.

Russia puts cryptocurrency under a ban


Russian parliamentarians have developed a package of bills that assume administrative and criminal responsibility for the use of cryptocurrencies. Experts believe that such measures can lead to the destruction of the blockchain industry in Russia.

"People who currently own cryptocurrency will be forced to get rid of it before the law comes into force, or risk "going underground", and this is a loss or risk," said Dmitry Kirillov, a senior tax lawyer at Bryan Cave Leighton Paisner. Based on the amendments, mining or exchanging 3.5 bitcoins will lead to criminal liability.

Penalties are provided for any use of digital assets, from the organization of a crypto exchange and mining farm, attempts to pay with cryptocurrency on the Internet.  Fines range from 500 thousand rubles ($7,000) for individuals and up to 2 million rubles ($28,000) for legal entities.

Founder of the stable cryptocurrency platform Stasis.net Gregory Klumov called the new amendments "putting nails in the coffin of financial innovation and technological progress."
"In fact, it is proposed to build a new iron curtain in the digital economy with their own hands," said Yuri Pripachkin, president of the Russian Association of Cryptoeconomics and Blockchain.

Currently, in the Russian Federation, in addition to software, the hardware is being actively developed - means for storing tokens, cryptocurrencies. Many young specialists from the Russian Federation are already involved in this industry, and experts are worried that the adoption of this bill will put an end to the innovative economy.

Earlier, E Hacking News reported that, according to First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

Phishing Attacks Can Now Dodge Microsoft 365's Multi-Factor Authentication


Of late a phishing attack was found to be stealing confidential user data that was stored on the cloud.
As per sources, this is the work of a new phishing campaign that dodges the Office 365 Multi-Factor Authentication (MFA) to acquire the target’s cloud-stored data and uses it as bait to extract a ransom in Bitcoin.

Per reports, researchers discovered that the campaign influences the “OAuth2 framework and OpenID Connect (OIDC) protocol”. It employs a malicious “SharePoint” link to fool the targets into giving permission to “rogue” applications.

MFAs are used as a plan B in cases where the users’ passwords have been discovered. This phishing attack is different because it tries to fool its targets into helping the mal-actors dodge the MFA by giving permissions.

This campaign is not just about gaining ransoms via exploiting the stolen data it is that and the additional threat of having sensitive and personal information at large for others to exploit as well. Extortion and blackmail are among the first things that the data could be misused for.

Sources mentioned that via obtaining basic emails and information from the target’s device, the attacker could easily design “hyper-realistic Reply-Chain phishing emails.”

The phishing campaign employs a commonplace invite for a SharePoint file, which happens to be providing information regarding a “salary bonus”, which is good enough for perfunctory readers to get trapped, mention reports.

The link when clicked on redirects the target to an authentic login page of Microsoft Office 365. But if looked on closely, the URL looks fishy and created without much attention to detail, thus say the security experts.

Reportedly, access to Office 365 is acquired by getting a token from the Microsoft Identity Platform and then through Microsoft Graph authorizations. OIDC is used to check on the user granting the access if authentication comes through then the OAuth2 grants access for the application. During the process, the credentials aren’t revealed to the application.

The URL contains “key parameters” that explain how targets could be tricked into granting permissions to rogue applications on their account. Key parameters signify the kind of access that is being demanded by the Microsoft Identity Platform. In the above-mentioned attack, the request included the ID token and authentication code, mentioned sources.

If the target signs in on the SharePoint link that was delivered via the email they’ll be providing the above-mentioned permissions. If the target doesn’t do so, it will be the job of the domain administrators to handle any dubious activities.

This phishing campaign is just an example of how these attack mechanisms have evolved over the years, to such an extent that they could now try to extort sensitive data out of people seemingly by tricking them into providing permissions without an inkling of an idea of what is actually up.

The database of Russian car owners is sold for bitcoins


According to the description of the database, it contains 129 million leads obtained from the traffic police register. This is information about vehicles registered in Russia: the place of registration, make and model of the car, date of initial and last registration.

An employee of the car-sharing company whose vehicle data is contained in the registry confirmed the authenticity of the data.
Moreover, cybersecurity experts have already verified the authenticity of the documents. They also noted that this database was most likely stolen from the traffic police or insurance companies.

"Most often leaks occur in the traffic police and insurance companies", said Ashot Hovhannisyan, founder and technical director of DeviceLock, said that the database of motorists is regularly sold on the Darknet.

According to him, now this database is unique, as it contains information about the initial registration of cars since the 1990s.
For an additional fee, sellers offer to provide personal data of car owners, including last name, first name and patronymic, address, date of birth, passport number, and contact information. They also sell the TIN of legal entities where the car is registered.

The full version of the database with all data costs 0.3 bitcoin (approximately $2.8 thousand). 1.5 bitcoins (about $14 thousand) will cost the transfer to exclusive use.

Mikhail Firsov, Technical Director of Information Security Systems, believes that companies that buy such databases can use them to conduct illegal financial transactions, execute transactions, and fake legal documents.

Earlier, E Hacking News reported about the sale of data of 9 million customers of the Express transportation service CDEK in the Darknet. This is the largest leak of personal data in Russian delivery services.

Attention! Fake Extensions on the Chrome Web Store Again!


Reportedly, Google was in the news about having removed 49 Chrome extensions from its browser’s store for robbing crypto-wallet credentials. What’s more, after that, there surfaced an additional set of password-swiping “extensions” aka “add-ons”, which are up for download even now.

Per sources, the allegedly corrupt add-ons exist on the browser store disguised as authentic crypto-wallet extensions. These absolutely uncertified add-ons invite people to fill in their credentials so as to make siphoning off them easy and the digital money accessible.

Reports mention that the security researchers have affirmative information as to 8 of the 11 fake add-ons impersonating legitimate crypto-wallet software being removed including "Jaxx Ledger, KeyKeep, and MetaMask." A list of “extension identifiers” which was reported to Google was also provided.

Per researchers, there was a lack of vigilance by the Google Web Store because it apparently sanctions phisher-made extensions without giving the issue the attention it demands. Another thing that is disturbing for the researchers is that these extensions had premium ad space and are the first thing a user sees while searching.

According to sources, much like the Google Play Store with malicious apps, the Google Web Store had been facing difficulty in guarding itself against mal-actors. There also hadn’t been much of a response from their team about the issue.

One solution that was most talked about was that Google should at the least put into effect mechanisms in the Chrome Web Store that automatically impose trademark restrictions for the store and the ad platforms in it.

Per sources, Google’s Chrome Web Store “developer agreement” bars developers from violating intellectual property rights and also clearly mentions “Google is not obligated to monitor the products or their content”. Reports mention that as per the ad policy of Google, it could review trademarks complaints from trademarks holders only when it has received a complaint.

Google heeding all the hue and cry about the extensions did herald more restrictions with the motive of wiping away traces of any fake extensions and spammers creating bad quality extensions that were causing people trouble.

The alterations in the policy will block the spammers and developers from swarming the store with similar extensions and elements with questionable behavior. Word has it that because of hateful comments the Chrome Web Store was “locked down” in January.

But, as promising as it may be, allegedly Google has been making such promises about the Chrome Web Store security strengthening for more than half a decade. So no one can blame researchers for their skepticism.

Double Extortion- A Ransomware Tactic That Leaves The Victims With No Choice!


In addition to all the reasons ransomware were already dangerous and compulsive, there’s another one that the recent operators are employing to scare the wits out of their targets.

Cyber-criminals now tend to be threatening their victims with publishing and compromising their stolen data if the ransom doesn’t get paid or any other conditions aren’t followed through with.

The tactic in question is referred to as “Double Extortion” and quite aptly so. Per sources, its usage emerged in the latter half of 2019 apparently in use, by the Sodinokibi, DopplePaymer and Clop ransomware families.

Double extortion is all about doubling the malicious impact a normal ransomware attack could create. So the cyber-criminals try and stack up all sorts of pressure on the victims in the form of leaked information on the dark web, etc.

They just want to make sure that the victims are left with no other option but to pay the ransom and meet all the conditions of the attack, no matter how outrageous they are.

The pattern of Double Extortion was tracked after a well-known security staffing company from America experienced the “Maze ransomware” attack and didn’t pay up the 300 Bitcoin which totaled up to $2.3 Million. Even after they were threatened that their stolen email data and domain name certificates would be used for impersonating the company!

Per sources, all of the threatening wasn’t without proof. The attackers released 700 MB of data which allegedly was only 10% of what they had wrested from the company! And what’s more, they HIKED the ransom demand by 50%!

According to sources, the Maze ransomware group has a website especially fabricated to release data of the disobliging organizations and parties that don’t accept their highly interesting “deals” in exchange for the data.

Reportedly, ranging from extra sensitive to averagely confidential data of dozens of companies and firms from all the industries has found its way to the Maze ransomware website.

Clearly impressed by it many other operators of similar intentions opened up their own versions of the above-mentioned website to carry forward their “business” of threatening companies for digital currency and whatnot! They sure seem to have a good sense of humor because per sources the blog names are the likes of “Happy Blog”.

Per reports, the Sodinokibi ransomware bullied to leak a complete database from the global currency exchange, Travelex. The company had to pay $2.3 Million worth Bitcoin to get the attackers to bring their company back online.


Per reports of the researchers, the attackers would always release some kind of proof that they have the extremely valuable data of the company, before publishing it, to give the company a fair chance at paying up the ransom demanded.

Usually, these attacks are a win-win for the attackers and a “lose-lose” for the victims because if they decide not to pay up they would be putting their company in a very dangerous situation with all the valuable data compromised online for anyone to exploit, they would have to report the breach and they would have to pay a considerably high fine to the data privacy regulator. And if they pay up, they would be losing a giant plop of money! And sadly the latter feels like a better option.

Hospitals happen to be the organizations that are the most vulnerable to these attacks because of all the sensitive health-related data their databases are jam-packed with on any other day and additionally due to the Coronavirus outbreak.

The organizations could always follow the most widely adapted multi-layered security measures for keeping their data safe obviously including updating systems, keeping backups and keeping data protected in any way they possibly can.

The most conscientious gangs of the many ransomware families, per sources, have promised to not attack hospitals amidst this pandemic. But that doesn’t stop the other mal-actors from employing cyber-attacks.

The cyber-crime forecasters have mentioned that the year 2020 would be quite a difficult year for these organizations what with the lock-down and no easier (malicious) way to earn money, apparently? Food for thought!


Meghan Markle and Prince Harry's Names Used for Fake Celebrity Endorsement of Bitcoins?


While the Coronavirus pandemic has practically driven people to stay locked up in their homes and spend a lot more (in some cases almost all) of their time online, the possibilities for cyber-criminals have only flourished.

Cyber-security experts have realized this and made a note out of it that everyone knows the kind of danger is lurking in their cyber-world.

From elaborate scams to phishing attacks that target the victim’s personal information, there is a lot of people who need to be cautious about it.

The Cryptocurrency industry is going through a lot due to the current crisis the world is in. The 'crypto-partakers" are being particularly on the hit list with something as attention-grabbing as purportedly “celebrity endorsement”. The latest bait names for this attempt happen to be that of charming Meghan Markle and Prince Harry.

Well-known personalities’ names like Bill Gates, Lord Sugar and even Richard Branson have been misused to lure people in as a part of similar scams. It is not necessary for the people mentioned to belong to a particular industry. They could be anyone famous for that matter.

The scams are so elaborate that once fooled the victims can’t even trace the mal-agent and. The latest scam, per sources, employs a fake report from the “BBC” mentioning how Prince Harry and Meghan Markle found themselves a “wealth loophole”.
Per sources, they also assure their targets that in a matter of three to four months they could convert them into millionaires. Further on, allegedly, it is also mentioned that the royals think of the Cryptocurrency auto-trading as the “Bitcoin Evolution”. It reportedly also includes a fake statement to have been made by Prince Harry.

The overconfident scammers also declare that there is no other application that performs the trading with the accuracy like theirs. Reportedly, on their website, there are banners with “countdowns” forcing people to think that there are limited period offers.

According to researchers this is one of the many schemes desperate cyber-criminals resort to. People not as used to the Cryptocurrency industry and the trading area, in particular, are more vulnerable to such highly bogus scams and tricks that the cyber-criminals usually have up their sleeves.

Bitcoin Prices Are Off The Charts!


Bitcoin, our favorite digital currency has experienced a certain kind of unbelievable hike, all of a sudden. It has profited across several markets with a spike of 12% in its price solely in the last week, mention sources.

Word has it that the Bitcoin price has risen around 6% in the last 24-hour trading duration, overtaking next to all main indices, even the stocks throughout Asia and Europe.

Bitcoin and other forms of digital currency including cryptocurrency have escalated around the globe owing it to the Coronavirus lockdowns.

Per sources, The Bitcoin price has outgrown the $7,000/Bitcoin level and is ascending to “$7,170 on the Luxembourg-based Bitstamp exchange”.

As if they knew things were going to go south, the Bitcoin investors were up and about right from the start of this year. In fact, surveys indicate that the Bitcoin price has a high probability of rocketing up to $20,000/Bitcoin in 2020.

The basic foundational facets for a better Bitcoin system exist today owing to various developmental projects in the crypto industry. An in case of such massively unprecedented crisis investors would want to fall back upon digital currency

Asian and European markets furthered their reserves by 3% and 2-4%. Researchers mention that Bitcoin purchases could have a positive effect on the stock markets.

History has it that the Bitcoin price has seen a major upswing before from a low $1,000 to a high $20,000 in a matter of a year.

Investors are in genuine awe with this ascent in the prices of Bitcoin and see this as a new opportunity for cryptocurrency in general because of the fresh interest the market has shown for it.

Per analysts, this year investors may need to rethink their current cryptocurrency store and even pile up more of it in case of increased demand because of risk assets.

Everyone understands that if the things were to stay the way they are there is a strong chance for a longer period of intense recession.

This has given birth to questions regarding the effect of COVID-19 on the economy and the part Bitcoin could play in it.



First Deputy Chairman of the Bank of Russia: Blockchain is not a panacea, and cryptocurrency is not money


First Deputy Chairman of the Bank of Russia Olga Skorobogatova said that blockchain is perfect for letters of credit and guarantees because it solves the problem of trust. However, this is not a universal technology for all occasions.

According to her, many people overestimate the advantages and prospects of blockchain technologies. As negative aspects of cryptocurrencies, the banker noted their high level of volatility, lack of guarantees for saving investments, and the possibility of their use for money laundering and terrorist financing.

This position of the Central Bank of the Russian Federation was one of the reasons for the delay in the adoption of the bill on digital financial assets, which should become the main legislative act regulating the cryptocurrency industry. Recently it became known that the adoption of the law is being postponed due to the coronavirus pandemic.

Despite the rejection of cryptocurrencies, Olga Skorobogatova spoke positively about stablecoins.
“We believe that this is a more reliable type of crypto-assets since they are provided with real assets and give users certain guarantees,” she said, adding that in order to protect consumers, it is necessary to effectively regulate this sector at the global level.

The Central Bank is actively collaborating with other regulators regarding stablecoins and coins such as Libra. According to Skorobogatova, many Central Banks are actively studying the possibility of creating a national digital currency, and the Central Bank of the Russian Federation is no exception in this regard, but at this stage, the authorities have more questions than answers.
In particular, she does not yet see what real benefits the digital currencies of the Central Banks (CBDC) will bring to the economy, people and business.

It is worth noting that the beginning of the pandemic of coronavirus infection served as a kind of trigger for the introduction of remote voting. This was recently stated by the political party United Russia" For this purpose, an electronic voting system based on blockchain technology has been developed. Experts believe that this will reduce the negative effect of the quarantine regime, which has somehow slowed or stopped the political activities of most other parties, not only in Russia but also in the world.

Cryptocurrency Profit Reaches $182.62 Billion, Bitcoin Rises upto 10% in 24 Hours


According to data by Coindesk, the cryptocurrency value suddenly increased on Tuesday. And this comes as a matter of surprise as the whole trade market is suffering heavy losses due to coronavirus pandemic. Witnessing this sudden increase in the Cryptocurrency's value, Bitcoin eventually rose up to 10% in a single day, as trading prices reached $6,569.17 around noon, Singapore time.


Meanwhile, Ethereum's value has increased by 7%, whereas XRP witnessed a jump rate of over 5% in its prices.

The total value of the cryptocurrency trading market- Market Capitalization, recorded a surprising leap of $14 Billion to $182.62 Billion within a mere 24 hours at 11:47 am Singapore time, says the data of the website Coinmarketcap.com.

The entire Cryptocurrency market suffered severe losses at the start of March. On 8th March, the whole business failed when oil prices took a hard fall. Furthermore, on 12th March, the Cryptocurrency lost $93.5 of its value within a day, and even worse, Bitcoin suffered a 48% fall in its prices.

As observed, the growth of Cryptocurrency is marching foot by foot with the Equity market. Since recent years, people have started viewing Bitcoin as 'digital gold,' having complete faith that investing in it even under times of economic slowdown can be profitable. Unfortunately, Bitcoin, like the Equity market too, started suffering losses and became a risk asset, especially since the start of this year.

"We're seeing some bullish bitcoin price action today along with other asset classes after the Fed announced unprecedented measures yesterday to shore up the economy. It will be interesting to see how bitcoin fares in such an environment. Given this is its first test as a haven asset in a market downturn and is yet to be proven," says Vijay Ayyar in a conversation with CNBC.

 Key takeaways:
  • Bitcoin rose over 10% in 24 hours, earlier exchanging at $6,569.17. 
  • Ethereum and XPR also witnessed an increase in their prices. 
  • The market value rose from $14 Billion to $182.62 within a day.
  • The cryptocurrency market took a hard beating at the start of March due to the coronavirus outbreak.

The issue and circulation of cryptocurrencies will be banned in Russia


On March 16, a Representative of the Bank of Russia, Alexey Guznov, announced a possible ban on the issue and organization of cryptocurrency circulation in the territory of the Russian Federation. As noted in the bill on digital financial assets, the issue and circulation of cryptocurrencies in Russia carry an unjustified risk. The bill prohibits the issue and circulation of cryptocurrency in Russia and introduces responsibility for violating the ban.

Mister Guznov noted: "The position of the Bank of Russia remains unchanged. We believe that there are great risks when legalizing the circulation of cryptocurrencies." Risks arise for financial stability and the anti-money laundering system, and consumer protection will also suffer.
The Central Bank objected to legalizing cryptocurrency as a "tool" and an object of circulation, said mister Guznov.

Some experts suggested that cryptocurrency should be treated as a foreign currency and its issuance and circulation should be regulated in the same way.

The authorities replied that they did not intend to ban the ownership of the digital currency. The bill only prohibits the issuance and circulation of cryptocurrencies and introduces liability for violation of this ban.

It is absolutely impossible to ban cryptocurrencies and mining, said Yuri Brisov, a member of the Commission for the Legal Support of the Digital Economy. He is sure that such measures will become an obstacle to the development of the blockchain industry in the Russian Federation.

"The ban on mining and cryptocurrencies will lead to the complete decline of the blockchain industry. For this reason, all developed countries, although they understand the risks associated with money laundering, tax evasion, do not ban cryptocurrencies and mining; to ban today means to limit the potential for economic growth and technological development of their country," said Brisov.

It is important that legal regulation in Russia does not hinder the development of new technologies.
Earlier EhackingNews reported that Russian law enforcement agencies, together with the Ministry of Internal Affairs, to prepare proposals for the arrest of cryptocurrencies by 2021.

Recall that in 2018, President Vladimir Putin said that Russia should "carefully and cautiously" monitor the sphere of cryptocurrencies. At the same time, the position of the Central Bank of Russia was that electronic money can not be a means of payment.