Cryptomixer shuttered, fresh app bans in Russia and other cybersecurity news

Cryptomixer takedown, Russian app bans, Android zero-days, and fake TikTok and YouTube apps.

A roundup of the week’s most consequential cybersecurity news.

Law enforcement dismantled a crypto-scam network

In a sweeping international operation, police uncovered a major fraud network suspected of laundering more than €700 million, Europol said. 

According to investigators, on October 27 police carried out the first phase of coordinated raids in Cyprus, Germany and Spain at the request of French and Belgian authorities. Nine people were arrested on charges of laundering proceeds from fraudulent platforms. Authorities seized:

• €800,000 in bank accounts;
• €415,000 in cryptocurrency;
• €300,000 in cash.

The second phase took place on November 25-26 and targeted affiliated marketing operations that lured victims using deepfake videos. The scammers posed as major media outlets, celebrities and politicians. Investigative actions were carried out by authorities in Belgium, Bulgaria, Germany and Israel.

€25m in bitcoin seized from Cryptomixer

Europol, together with authorities in Switzerland and Germany, shut down the Cryptomixer service and seized more than €25 million in the first cryptocurrency, the agency said in a press release.

During the operation in Zurich, Switzerland, more than 12 TB of data, three servers and the domain cryptomixer.io were confiscated.

According to Europol, Cryptomixer was a hybrid mixer with public access. Funds deposited by users were pooled for a long and random period before being distributed to destination addresses.

Police believe that since its creation in 2016 more than €1.3 billion in bitcoin flowed through the service. They say Cryptomixer obscured criminal funds for ransomware groups, underground forums and darknet marketplaces.

Android patches two zero-day vulnerabilities

In its latest update, Android patched 107 vulnerabilities in versions 13 through 16, the monthly security bulletin says.

Most were rated high severity; several posed particular risk. 

Four critical flaws affect the Android kernel. An attacker exploiting any of them could gain elevated privileges or access to a compromised device.

Another critical issue affects Android Framework — the component that allows apps to interact with core system services. In this case an attacker could perform a remote denial-of-service attack that temporarily renders the device unusable.

According to data from the US Cybersecurity and Infrastructure Security Agency, two high-severity vulnerabilities may already have been used in targeted attacks.

Researchers unmask fake YouTube and TikTok apps stealing data

Attackers are disguising a banking trojan for Android as enhanced and “18+” versions of popular apps, including YouTube and TikTok, F6 experts reported.

A network of malicious sites impersonates the brands of popular foreign video-hosting platforms whose access is restricted in Russia. Fake apps with names like TikTok 18+, YouTube Max and YouTube Boost promise “work with poor internet and view content without ads”.  

Hackers also disguise the malware as navigation apps, online maps of police patrol posts and an app for paying fines.

According to the specialists, to access pirated content the malware prompts users to download and install a malicious APK. The trojan can read and send SMS, make calls, collect information about contacts and installed apps, obtain network data and start automatically when the device is turned on.

This gives attackers broad control over the device: they can monitor the victim’s actions, exfiltrate data covertly and act on the user’s behalf. The ultimate goal of these attacks is theft of financial data.

All domains used in the malicious campaign are currently blocked, though the specialists do not rule out that the attackers could create new ones and continue their activity.

Hackers arrested in South Korea over selling hacked camera footage to an adult site

The National Police Agency of South Korea arrested four people suspected of hacking more than 120,000 IP cameras nationwide and selling the stolen videos to an overseas adult website.

Police are taking action against consumers of the illegally obtained content — three people have been arrested and face up to three years in prison. Authorities said they are working with foreign agencies to identify the site’s operators and dismantle the platform.

According to the announcement:

• suspect B (unemployed) — hacked 63,000 IP cameras and produced and sold 545 illegal intimate videos for $23,800 in virtual assets;
  suspect C (office worker) — hacked 70,000 IP cameras with 648 videos ($12,300);
• suspect D (self-employed) — hacked 15,000 IP cameras and produced illegal content, including materials involving minors;
• suspect E (office worker) — hacked 136 IP cameras.

Investigators say content from suspects B and C alone accounted for 62% of all uploads to the site last year. 

Another wave of popular app bans in Russia

In early December, Roskomnadzor (RKN) blocked several popular apps. The first to be restricted was the gaming platform Roblox, Interfax reported.

The purported reason was material allegedly promoting extremism and terrorism. On December 4 it became known that the audio and video calling app FaceTime and the photo- and video-sharing service Snapchat were also blocked. In each case the regulator cited their use for unlawful purposes.

Also on ForkLog:

• ZachXBT reported the arrest of a suspect in the theft of 4,100 BTC from lender Genesis.
• In Thailand, authorities seized mining equipment worth $8.6 million.
• ViaBTC explained why it restricted access to accounts.
• AI models managed to ‘hack’ smart contracts worth $550.1 million.
• The darknet platform Huione Pay suspended operations.
• The DeFi project Yearn Finance was hacked for $9 million.

What to read this weekend?

In a new ForkLog piece, Anatoly Kaplan reflects on the prospect of multiple Bitcoin hard forks as a result of great-power hybrid wars.