New Bitcoin-scam schemes, Trump’s social network flop and other cybersecurity events

We have compiled the most important cybersecurity news from the past two weeks.

Hacker steals database of identity documents of all Argentinian residents

Unknown hacker breached Argentina’s RENAPER and stole data on identity cards of all residents, The Record reports.

Initially, news of a possible breach at RENAPER emerged in early October, when Twitter users posted photos of identity cards and data of 44 Argentine celebrities. Subsequently the attacker posted an advertisement for selling data of any Argentine citizen on a hacker forum.

Authorities deny the breach. However, media contacted the database seller, who provided data for a random resident of the country, pre-selected by journalists.

MyKings botnet operators steal cryptocurrencies by substituting wallet addresses

More than $24.7 million in Bitcoin, Ethereum and Dogecoin have been transferred to the wallets of the MyKings botnet operators, also known as Smominru and DarkCloud, according to Avast researchers who studied the botnet’s operation.

The attackers infect the victim’s device with malware and monitor the clipboard. Once the malware detects a cryptocurrency wallet address in the clipboard, it replaces it with the fraudsters’ address. In addition to stealing crypto assets this way, the intruders also engage in covert mining.

Most attacks have been recorded in Russia, India and Pakistan.

REvil sites go offline again

The darknet sites of the hacker group REvil again stopped working after unknown individuals took control of their payment portal and the data-leaks blog on October 17.

According to Reuters, US law enforcement breached REvil’s infrastructure and gained access to several hacker servers earlier this summer. Then, on the night of July 13, REvil’s sites suddenly went offline.

In September, the hackers began to resume operations. According to Reuters sources, the attackers restored the sites from backups and “inadvertently restarted some internal systems that were already under law enforcement control”.

Earlier it was reported that the FBI had possessed the decryption key for almost three weeks for files compromised by REvil before sharing it with affected companies. Law enforcement planned to carry out an operation to dismantle REvil and kept the fact of possessing the key secret to avoid revealing investigation details to the criminals.

Database of Moscow-registered drivers circulates on the dark web

Unknown attackers stole personal data of drivers registered in Moscow and the Moscow region from 2006 to 2019, writes Kommersant.

In the database of 50 million rows there are records of names, dates of birth, phone numbers, and information about vehicles.

According to Kommersant, the information appears to be an archive of the GIBDD database. However, according to the channel InfoLeaks, this is not a direct dump from the GIBDD, but a long-traversed insurers’ database that has circulated on trading platforms and forums in various formats.

Trump announces launch of his own social network. It was hacked immediately

Former U.S. President Donald Trump announced the imminent launch of his social network TRUTH Social. He says he aims to counter the ‘tyranny of big tech’.

Earlier this year, Trump’s profiles were banned on several social networks, deeming that his statements could provoke violent actions by his supporters.

TRUTH Social had barely become available to users when it was hacked. Within hours of the launch announcement, hackers created several fake celebrity accounts via the beta version of the network and began posting as them.

Earlier, former aide and spokesperson Jason Miller launched Gettr, but it too suffered a similar fate — user data leaked online a few days after launch.

Fraudsters steal money from Tinder users through fake Bitcoin trading apps

Cybersecurity researchers from Sophos described a scheme targeting users of dating apps.

The attackers approach victims and then persuade them to start trading cryptocurrency via a trading app developed by the scammers themselves. Most victims were iPhone users.

Besides stealing funds, the app also gives hackers access to the victim’s device and allows remote control.

Authorities to intensify crackdown on cryptocurrency usage by ransomware operators

The total value of ransomware-related transactions in the first half of 2021 stood at $590 million, according to a report from the US FinCEN.

The document notes Bitcoin as the ‘most common’ method of payments for ransomware operators.

Countries participating in the US-hosted summit stated they will strengthen efforts to curb the use of cryptocurrency in ransomware attacks, and in Australia will tighten penalties for the hackers behind such malware.

Ukraine uncovers operator of a large botnet

The Security Service of Ukraine thwarted the botnet administrator — a network of more than 100,000 fake accounts. Through it, the hacker carried out DDoS and spam attacks, hacked sites and performed brute forcing.

The suspect is a resident of Ivano-Frankivsk Oblast. During searches, investigators seized computers with evidence of wrongdoing.

Also on ForkLog:

• Roskomnadzor reported successful drills under the sovereign internet law.
• Hackers stole $1.9 million from DeFi protocol PancakeHunny.
• Google prevented a major YouTube channel hack for Bitcoin fraud.
• The National Security and Defence Council of Ukraine said that within three months, ransomware operators attacked at least six times a large Ukrainian business.
• DeFi project Indexed Finance lost $16 million due to a hacking attack. The team said it found the hacker.
• Employees of Beltelecom were accused of selling data of law-enforcement personnel for cryptocurrency.
• A major Ukrainian pharmacy chain was attacked by Bitcoin criminals.
• Data of nearly 8 million Russian users of a betting platform was leaked.

What to read this weekend?

Countries around the world are examining the possibility of launching central bank digital currencies (CBDCs). However such money could expand regulators’ ability to monitor citizens’ transactions and enable mass surveillance. Read more about CBDC privacy risks in ForkLog’s exclusive.

Follow ForkLog’s Bitcoin news on our Telegram — crypto news, prices and analysis.