Kamikaze USB drive explodes, a popular hacking forum shuts down, and other cybersecurity events

We have compiled the week’s most important cybersecurity news.

Ecuadorian journalists receive ‘hexogen-filled’ USB drives

At least six journalists in Ecuador received USB drives in packages from unknown individuals. One exploded after being connected to a computer.

WE REPORT

Details on the investigative proceedings of @PoliciaEcuador, regarding attacks (explosive devices) on media outlets in #GYE.

LIVE?https://t.co/MsF8aeDjGe pic.twitter.com/EGdykKsKPr

— Policía Ecuador (@PoliciaEcuador) March 20, 2023

According to Ars Technica, citing Agence France-Presse, the journalist from local channel Ecuavisa sustained minor injuries to his arms and face as a result of the incident.

According to law enforcement, the detonated USB drive “had a 5-volt charge and was allegedly packed with hexogen.” Police managed to intercept one USB drive and carry out a “controlled detonation”.

The Ministry of Internal Affairs of Ecuador confirmed that all cases used the same type of USB device. The ministry said the incidents sent “an absolutely clear signal to silence journalists.” The investigation continues.

Trojanised version of ChatGPT for Chrome downloaded more than 9,000 times

Researchers at Guardio Labs uncovered a counterfeit ChatGPT extension in the official Chrome Web Store aimed at stealing account credentials.

The malware offered integration of ChatGPT with search results, while stealing Facebook session cookies.

This enabled attackers full access to the victim’s profile. Subsequently, the stolen accounts were used to spread malicious advertising and promote prohibited materials, including propaganda for terrorist organisations.

Typically, the name and image of the compromised profiles were changed to a fake persona named Lilly Collins.

The extension was uploaded to the Chrome Web Store on February 14, 2023, but the author began promoting it with Google search ads only on March 14. In that time, it had been downloaded more than 9,000 times.

Google has since removed the malware from the store.

Bitcoin scammers hacked Linus Tech Tips YouTube channel with 15 million subscribers

On March 23, the popular tech YouTube channel Linus Tech Tips with 15 million subscribers was hacked to promote crypto fraud.

The attackers launched a live stream of The ₿ Word conference from 2021 featuring ARK Invest’s Cathie Wood, former Twitter CEO Jack Dorsey and the current owner of the social network, Elon Musk. The link in the video description led to a site allegedly distributing coins worth $100 million.

Hackers also managed to launch similar streams on two other channels of the victim — Techquickie and TechLinked. To attract attention they used keywords: Tesla, AI, GPT-4 and OpenAI.

Yes I know -_-

— Linus LinusMediaGroup (@linusgsebastian) March 23, 2023

The takeover occurred via malware that stole cookies and granted attackers remote access to the victim’s computer.

Following complaints from the channel owners, YouTube blocked the compromised accounts, and later restored access.

The Linus Tech Tips team is now working to strengthen the security of their accounts.

The BreachForums hacker forum became unavailable after the arrest of its chief admin

The popular BreachForums hacker forum closed after the arrest of its founder and administrator, Conor Brian Fitzpatrick, aka Pompompurin. This was reported by Bleeping Computer.

FBI arrested Fitzpatrick on March 15 on charges of conspiracy to commit fraud with access devices. He has since been released on $300,000 bail and is due to appear in court.

The new BreachForums admin, going by Baphomet, initially promised to move the site to secure infrastructure. However, recently he observed third-party authentication on one of the old CDN servers.

“This suggests that someone may have gained access to Pompompurin’s device. As a result, nothing can be considered safe, whether it’s our configurations, source code, or user data,” wrote Baphomet in a statement.

He decided to shut the site down and explore moving the community to a new platform.

Launched in 2022, BreachForums gained popularity among hackers and extortionists who used it to publish stolen data.

In its capacity as admin, Pompompurin was involved in various high-profile incidents, including compromise of the FBI’s corporate portal, theft of Robinhood customer data and a Twitter leak.

ForkLog also lists:

• Hackers stole $500,000 from Arbitrum users via vanity address hacks.
• 3299 bitcoins were moved, linked to BTC-e.
• Founder and CEO Do Kwon was arrested in Montenegro. Later the US prosecutor’s office charged him with fraud.
• SEC filed a lawsuit against Justin Sun.
• Unknown hacked Twitter executive at Circle to promote scam.
• The head of OneCoin’s compliance faces up to 40 years in prison.
• In Ukraine, a platform was launched to detect crime-linked cryptocurrency.
• Users, due to bugs lost more than $1 billion in Ethereum.
• The Euler Finance hacker reached out to the developers.
• Arkham warned of potential loss of funds during the Arbitrum airdrop.
• Clippers learned to recognize seed phrases from screenshots.
• CertiK experts suspected Harvest Keeper of stealing $1m amid the AI hype.
• The community warned of hundreds of fake Arbitrum airdrops.
• The Bitcoin ATM maker General Bytes was again attacked by hackers.

What to read this weekend?

We explain why Telegram does not guarantee the privacy of messages and analyse the top five alternative messaging apps.

What to read this weekend?