Cybersecurity Highlights: Backdoored Quotes, Malicious Ethereum Contracts, and More

We have compiled the most significant cybersecurity news of the week.

Malware Merges with Ethereum Smart Contracts

Researchers at Checkmarx have discovered a supply chain attack in the npm ecosystem using the Ethereum blockchain. The cross-platform malware targets development environments on Windows, Linux, and macOS.

Attackers use typosquatting to disguise the malicious package as popular legitimate testing utilities. When launched, it interacts with a smart contract to conceal the IP address of the command server. 

The immutability and decentralized architecture of the blockchain make it nearly impossible to dismantle the malicious infrastructure and complicate blocking communications.

The fraudulent activity was first noticed on October 31. Researchers believe that at least 287 malicious packages have been published during this period.

North Korean Hackers Target Bitcoin Exchanges with Fake News

The North Korean hacker group BlueNoroff has launched a large-scale phishing campaign distributing fake news about the crypto industry, targeting exchanges and financial platforms. This was reported by researchers at SentinelLabs.

? New from @philofishal , @syrion89 and @TomHegel:

?? BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistencehttps://t.co/t2zC6uM4LM

— SentinelLabs (@LabsSentinel) November 7, 2024

The emails focus on fresh cryptocurrency quotes and the latest trends in the DeFi sector. Links within them lead to PDF documents containing malware. It delivers a backdoor into the infected system, allowing hackers to access the victim’s assets. 

The malware targets macOS-based devices. It skillfully bypasses built-in security measures and can remain undetected for a long time. The first attacks involving it were recorded in July. 

Ukrainian Universities Abandon Telegram

Taras Shevchenko National University of Kyiv has banned the use of Telegram on official devices and for transmitting work-related information. Access to the messenger via Wi-Fi in university dormitories is also restricted, according to local media.

The Ukrainian Catholic University and NAU have issued similar decrees.

At SumDU, it was reported that there is no ban and there will not be one for personal correspondence. However, some internal processes are already transitioning to WhatsApp.

Authorities in Rivne have restricted communication in the messenger for employees of executive bodies, municipal enterprises, and city council institutions. 

At the end of September, the NSDC banned officials, military personnel, and critical infrastructure operators from using Telegram on official devices. 

Alleged Snowflake Hacker Arrested in Canada

Canadian police have arrested a suspect in a series of breaches of companies using Snowflake data warehouses. The arrest took place on October 30 at the request of the United States, reports Bloomberg.

The suspect is named Alexander “Connor” Muka, known online by the aliases Judische and Waifu. The exact nature of the charges against him is currently unknown.

Cybersecurity experts previously reported that Judische is based in Canada and is linked to the broader cybercrime ecosystem Com. His accomplice is said to be hacker John Binns, who was arrested in Turkey in May.

In the spring, due to the breach of a Snowflake employee’s account, attackers gained access to the systems of at least 165 third-party organizations. Among the victims were auto parts supplier Advance Auto Parts, telecommunications giant AT&T, financial company LendingTree, bank Santander, and ticket operator Ticketmaster. 

Some companies were extorted for money under the threat of selling data. According to Wired, operator AT&T paid hackers $370,000 for the deletion of information.

Snowflake itself linked the incident to poor protection of a user account, denying any vulnerabilities in their products.

Canada Shuts Down TikTok Branch Over National Security Concerns

The Canadian government ordered the winding up of TikTok Technology Canada following a multi-stage review and the discovery of evidence that the social network poses a national threat. However, the decision does not prohibit users from accessing the platform or block the creation and publication of content on it.

The authorities considered recommendations from local security and intelligence services, as well as other government partners.

The specific risks posed by the ByteDance branch to Canada are not disclosed due to confidentiality of information.

Interpol Blocks 22,000 Cybercriminal IP Addresses

In an operation across 95 countries, Interpol officers disrupted the activities of various cybercriminals involved in distributing ransomware, phishing, and information theft. Private cybersecurity firms assisted in the investigation.

INTERPOL cyber operation takes down 22,000 malicious IP addresses.

In a joint effort with the private sector and law enforcement agencies, Operation Synergia II targeted phishing, ransomware and information stealers.

Full story?➡️ https://t.co/w6vAOR3t8d pic.twitter.com/PFx8ONgx6I

— INTERPOL (@INTERPOL_HQ) November 6, 2024

From April to August, law enforcement arrested 41 individuals and blocked 1,037 servers and infrastructure operating on 22,000 IP addresses. Additionally, investigations are underway regarding 65 individuals suspected of involvement in illegal activities.

Also on ForkLog:

• The second season of Hamster Kombat sparked a new wave of scams.
• Unknown individuals kidnapped the CEO of WonderFi and demanded $1 million.
• Rapper Wiz Khalifa’s X-account was hacked to promote a meme coin.
• In Russia, the first sentence was handed down to cryptocurrency fraudsters.
• The crypto casino Metawin was hacked for $4 million.
• PeckShield: In October, crypto projects lost $88 million due to 20 hacks.
• The trial of the Tornado Cash co-founder was postponed to April 2025.

Weekend Reading Suggestions

Exploring how and why artificial intelligence ends up on the side of scammers.