We have compiled the most significant cybersecurity news of the week.
- The FBI warned US citizens against using crypto services without KYC.
- Developers of El Salvador’s Bitcoin wallet denied a code leak.
- Hackers concealed wallet-stealing malware in an antivirus update.
- Telegram will restrict content access for Ukrainian users on iOS.
FBI Warns US Citizens Against Using Crypto Services Without KYC
US citizens should avoid using cryptocurrency money transfer services not registered with FinCEN. This warning was issued by the FBI.
The agency also advises avoiding platforms that do not collect KYC information from clients and do not adhere to AML procedures.
Crypto services facilitating illegal operations are legitimate targets for law enforcement investigations. In such cases, their clients may lose access to funds, the FBI warned.
El Salvador Bitcoin Wallet Developers Deny Breach, Admit External Leak
On April 23, the hacker group CiberInteligenciaSV posted part of the source code and VPN credentials for accessing Chivo Bitcoin ATMs in El Salvador on BreachForums, as reported by Cointelegraph.
According to the hackers, this information pertains to the state cryptocurrency wallet of the same name.
Commenting on the incident, Chivo wallet developers reported a leak in March 2023 affecting “one ATM in the city of San Miguel.” However, they stated that “the wallet’s security has never been compromised, and user data is protected.”
COMUNICADO DE PRENSA
Los datos de nuestros usuarios están protegidos y en ningún momento se ha violado la seguridad de CHIVO.
PRESS RELEASE
Our users’ data is protected and CHIVO security has not been breached. pic.twitter.com/uGq3FhJ6ld
— chivo (@chivowallet) April 24, 2024
Previously, the same hackers released confidential information of over 5 million users related to the wallet’s KYC procedures. It included full names, unique identification numbers, birth dates, addresses, phone numbers, emails, and photographs of Salvadorans.
In June 2021, the country’s authorities offered citizens $30 in Bitcoin for registering in the Chivo app.
Hackers Conceal Wallet-Stealing Malware in Antivirus Update
The North Korean hacker group Kimsuki used the eScan antivirus update mechanism to deliver the GuptiMiner malware, as reported by Avast experts.
With its help, the attackers installed a hidden Monero miner, XMRig, and two separate backdoors in large corporate systems. These backdoors scanned the local network for vulnerabilities and the presence of cryptocurrency wallets and their private keys.
The eScan antivirus provider confirmed that the issue has been resolved.
Experts Discover Malware in GitHub Comments
Malicious actors leave comments with attached malicious files on GitHub of well-known companies. Due to the URL linking to legitimate repositories, these comments gain user trust, as reported by Bleeping Computer.
Microsoft repositories are most commonly used for this scheme. The download link is automatically generated when a file is added to a comment and remains active even if the publication is canceled or deleted.
A similar issue, according to media, affected the GitLab service as well.
Protection against abuse is only possible by disabling comments.
At the time of writing, the malware from Microsoft repositories has been removed, but it remains available in several other projects.
Ukraine Reports Russian Cyberattack on 20 Critical Infrastructure Objects
Experts from CERT-UA reported a large-scale attack by Russian hackers Sandworm on internal systems of utility companies in ten regions of Ukraine. The incident occurred in March.
This group is linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).
In at least three cases, hackers managed to penetrate the target network, deliver compromised or vulnerable software, and gain access to the organization’s maintenance and support systems.
CERT-UA’s report detailed the tools used during the attacks.
Experts believe the Russian side aimed to amplify the effect of missile strikes on infrastructure objects.
Telegram to Restrict Content Access for Ukrainian Users on iOS
Telegram founder Pavel Durov announced that Apple has demanded the hiding of certain news and propaganda channels for users accessing the messenger on iPhones with Ukrainian SIM cards.
Which channels will be blocked remains unknown.
Durov emphasized that to avoid removal from app stores, Telegram must comply with such requests.
“If it were entirely up to us, we would always provide our users with what they ask for: access to uncensored information and opinions so they can make their own decisions. However, this is not always up to us,” he noted.
Also on ForkLog:
- A US blogger was sentenced to seven years in prison for crypto fraud.
- The SEC accused Bitcoin miner Geosyn Mining of $5.6 million fraud.
- Five Russian banks began testing Bitcoin transaction tracking.
- Samourai Wallet founders arrested for laundering $100 million.
- A scam scheme “earning” on Toncoin was discovered on Telegram.
- Tether announced plans to block payments circumventing sanctions.
- Experts refuted the presence of a high-risk label on KuCoin transactions.
- The “Red Admin” of WEX was ordered to pay an additional 18 billion rubles.
- A failure occurred in the Polkadot ecosystem.
- The winner of “Crypto: The Game” donated the prize to Tornado Cash developers.
- 12 presale tokens on Solana were abandoned after a month.
- ZKasino accused of stealing $33 million from users.
- An Indian resident confessed to stealing $9.5 million from Coinbase users.
Weekend Reading Suggestions
We explore the structure of decentralized social networks that allow publishing and distributing content without censorship and with monetization opportunities.