We have compiled the most important cybersecurity news of the week.
- 40% of cryptocurrency investment posts on Telegram were found to be fraudulent.
- Over 40,000 systems were infected with miners through pirated software.
- Swiss media uncovered mass surveillance of citizens.
- A 15-year prison sentence was requested for Pompompurin.
40% of Cryptocurrency Investment Posts on Telegram Found to Be Fraudulent
Experts from AngaraSecurity examined around 22,000 posts in public Telegram channels on cryptocurrency topics in 2023 and discovered that nearly 9,000 of them (over 40%) were marked as suspicious and subsequently removed.
In most messages, authors urged users to invest in the crypto market by transferring money to a bank card.
Researchers noted the aggressive names of the specialized Telegram channels: “Earn Now,” “Path to Success,” “Financial Independence,” “Smart Investments,” “Crypto Farm,” “Crypto Bucks.”
Their main content includes courses on earning from cryptocurrencies, offers to purchase digital assets, advertisements for investor groups, platforms, and wallets offering discounts and bonuses for registration.
For phishing schemes, scammers develop special mobile applications and websites. In 2023, nearly 1,500 investment-related domains were registered in the Russian internet. Some of them referenced exchanges like Binance and CommEX.
Over 40,000 Systems Infected with Miners via Pirated Software
Analysts at Doctor Web have increasingly identified two trojan miners for covert cryptocurrency mining within pirated software. In a month and a half, one of the malware infected over 40,000 systems.
The malware spreads through two websites and a Telegram channel with over 6,000 subscribers at the time of writing.
On the victim’s computer, the trojan runs disguised as a Google Chrome browser update. It adds itself to the Windows Defender antivirus exceptions and prevents the device from shutting down or entering hibernation mode.
Additionally, the malware can block Windows updates, restrict access to certain websites, automatically delete and restore its source files, pause cryptocurrency mining, and unload the memory occupied by the miner during system virus scans.
Swiss Media Uncover Mass Surveillance of Citizens
The magazine Republik presented a three-part investigation into the total surveillance of citizens on the internet by Swiss national intelligence services.
Egal, was Sie im Internet machen – Sie sollten davon ausgehen, dass die Behörden mitlesen. «Surveillance fédérale», Folge 1. (4/4) https://t.co/4sb6lqomFa
— Republik (@RepublikMagazin) January 9, 2024
The local Federal Intelligence Service gained extensive capabilities for such monitoring thanks to a law passed in 2016.
Through cable communication channels, law enforcement collects data on emails, user chats, and visited websites. All information is sent to the Electronic Operations Center of the Ministry of Defense ZEO, located in the village of Zimmerwald.
In exclusive court documents and official correspondence studied by journalists, the Ministry of Defense effectively admits that since 2017, the content of all internet communications of users is not only read and analyzed but also stored for up to five years. Measures to protect legally protected information about citizens are not taken.
The Republik editorial team also found that intercepted data is used as evidence in investigations and legal disputes, despite the absence of warrants and permissions.
The greatest concern among the public is the cyber intelligence’s attempts to expand its powers to obtain information not only from major but also from small internet providers.
In 2024, a review of the Intelligence Service Act is planned, but it is unclear what changes it will undergo.
15-Year Prison Sentence Sought for Pompompurin
The U.S. prosecution requested a 15-year prison sentence for the creator and former administrator of the now-closed hacker forum BreachForums, 21-year-old Conor Brian Fitzpatrick.
Today the United States government recommended to the courts that Conor Fitzpatrick, the previous administrator of BreachedForum, receive 15 years in prison. pic.twitter.com/HP5fl4tbBe
— vx-underground (@vxunderground) January 17, 2024
The prosecution deemed such a sentence as “sufficient but not excessive.” Additionally, authorities demand the defendant pay a fine and compensate the victims, confiscate certain assets, and impose a substantial period of supervision after release.
Pompompurin was arrested in March 2023 on charges of stealing and selling confidential personal information, conspiracy to commit fraud, and possession of child pornography. He pleaded guilty to all charges.
Fitzpatrick awaits his final sentence under arrest, as he violated bail conditions.
Fitzpatrick was sentenced to 20 years of supervised probation and restitution to victims, the amount of which will be determined later.
For the first two years, Pompompurin will serve his sentence under house arrest with a GPS tracker and receive mandatory psychiatric help.
During the first year, he will also be prohibited from using the internet. Special monitoring software will be installed on his computer, and periodic polygraph tests will be conducted.
Additionally, Pompompurin will be required to register as a sex offender.
Hackers Target Docker Hosts for Covert Mining and Traffic Generation
Experts at Cado Security discovered a malicious campaign deploying the XMRig crypto miner and the 9hits traffic generation application on compromised Docker hosts. This allows attackers to achieve dual monetization from their attacks.
9hits enables them to earn credits, which can be used to pay for traffic to their own websites.
XMRig, in turn, mines Monero cryptocurrency using cloud resources. The miner connects to a private pool, making it impossible to track the campaign’s scale and profits.
Experts suggest that attackers find vulnerable systems using network scanning services like Shodan.
Kaspersky Lab Predicts Rise in Cryptocurrency Thefts and Evolution of Mixers
In 2024, researchers at Kaspersky Lab anticipate an increase in malware designed to steal cryptocurrencies. More advertisements for its development and sale will appear on the darknet.
Experts also predict that the growing capabilities of law enforcement to track crypto transactions and regulatory attention will lead to increased demand for solutions that obscure the origin of coins.
They believe that the rising popularity of other cryptocurrencies with enhanced privacy could impact the bitcoin mixer market. Owners of such services may diversify their offerings to include mixing services with alternative cryptocurrencies, further expanding their audience.
Also on ForkLog:
- A woman scammed a Minsk resident out of $20,000 under the guise of buying cryptocurrency.
- The Manta Network team was suspected of money laundering.
- Chainalysis reported a decline in criminal revenues in the crypto market in 2023.
- X-accounts of Rocket Pool, VeChain, and the head of Arkham were hacked.
- The court acquitted the former chairman of Bithumb for the second time.
- The cross-chain protocol Socket lost $3.3 million due to an exploit.
- The UN highlighted the popularity of USDT in money laundering schemes. Tether responded to the allegations.
- Over 50% of cryptocurrencies tracked by CoinGecko have failed.
- The Bank of Russia identified the crypto project “Slovopacana” as a pyramid scheme.
- Michael Saylor warned of deepfake scams featuring himself.
- A $15 billion XRP transfer to Bitfinex turned out to be a failed exploit.
What to Read Over the Weekend?
A guide on how to protect wallets from phishing attacks: