Fraudulent apps, botnet for hidden mining, and other cybersecurity developments

We have gathered the week’s most important cybersecurity news.

The FBI reports on fraudulent apps targeting crypto investors

The Federal Bureau of Investigation (FBI) warned about activity by cybercriminals creating fraudulent apps for cryptocurrency investments.

According to the agency, the criminals convinced victims to install apps under their control, which were used to steal funds. The FBI identified more than 240 victims and estimated losses at $42.7 million.

Often, fraudsters posed as representatives of well-known companies.

Between October 4, 2021 and May 13, 2022, the cybercriminals operated in the name of YiBit, convincing victims to download a fake app and deposit cryptocurrency. Victims subsequently received letters demanding to “pay taxes” on their investments to withdraw funds. In this way, they obtained about $5.5 million from victims.

The FBI advised investors:

• Do not install unverified investment apps — verify that they really belong to the company behind their distribution;
• Do not trust apps with limited functionality;
• Check information about individuals providing investment advice before sharing personal information.

Experts describe the spread of a botnet aimed at covert mining

SentinelOne, the cybersecurity company, identified a botnet distributed by the 8220 gang and used for covert mining.

😈 Over the last month, the 8220 Gang expanded their botnet activity, targeting common cloud application vulnerabilities and poorly secured configurations. By @TomHegel. To learn more:https://t.co/XSSyy2sUpp#cloud #docker #threatintelligence #threatlandscape #xdr

— SentinelOne (@SentinelOne) July 18, 2022

Hackers compromised around 30,000 hosts worldwide due to vulnerabilities in Linux and cloud applications.

The alleged creator of the Gozi malware extradited to the United States

The suspect in distributing the Gozi trojan, Mihai Ionut Paunescu, was extradited to the United States, The Register reports.

U.S. authorities say he is one of the creators of the malware that infected more than a million computers worldwide, resulting in victims suffering losses “tens of millions of dollars”.

According to U.S. law enforcement, Paunescu also provided infrastructure for various hacking operations.

Yuga Labs warns of an impending attack on the NFT community

The team behind the NFT collection Bored Ape Yacht Club says it has identified a “persistent threat group” targeting the NFT community.

Our security team has been tracking a persistent threat group that targets the NFT community. We believe that they may soon be launching a coordinated attack targeting multiple communities via compromised social media accounts. Please be vigilant and stay safe.

— Yuga Labs (@yugalabs) July 18, 2022

The project team believes a coordinated attack targeting multiple communities via compromised social media accounts may soon occur.

Mandiant names two hacker groups attacking Ukraine

Experts from Mandiant described two hacker groups attacking Ukrainian organizations.

The UNC2589 hackers conduct phishing campaigns, sending emails carrying malware. The topics of the emails can vary; at times attackers distribute them from compromised mailboxes.

The UNC1151 group is also actively attacking Ukrainian organizations. Mandiant researchers link the hackers to Belarus.

Also on ForkLog:

• Roskomnadzor unblocked the Tor site.
• U.S. authorities seized $500,000 from North Korea-linked ransomware operators.
• A cybersecurity-focused startup Halborn raised $90 million.

What to read this weekend?

Can central bank digital currencies become a tool for mass surveillance? We explore in an exclusive.

Read ForkLog’s bitcoin news on our Telegram — crypto news, prices and analytics.