We have compiled the most significant cybersecurity news of the week.
- Banking information-stealing malware tracked on Telegram.
- Bitcoin scam losses exceeded $5.6 billion in 2023.
- Over 50% of macOS attacks in six months targeted a single crypto stealer.
Banking Information-Stealing Malware Tracked on Telegram
Researchers at Group-IB have identified a new Android malware, Ajina.Banker, which steals financial data under the guise of legitimate banking apps and payment systems.
Group-IB analysts have uncovered a serious #cyberthreat involving malicious #Android apps disguised as payment, banking, & delivery services. Discovered primarily in #CentralAsia, this malware—known as #AjinaBanker-has been active since November 2023 & is spreading via #Telegram. pic.twitter.com/XZSHn3yurd
— Group-IB Threat Intelligence (@GroupIB_TI) September 12, 2024
The threat has been active since November 2023 and spreads through Telegram messages. It uses the messenger to bypass two-factor authentication.
Once on a victim’s device and granted necessary permissions, Ajina.Banker collects information about SIM cards, installed financial apps, and SMS. The malware also supports phishing pages to gather banking details.
The current campaign targets users in Armenia, Azerbaijan, Iceland, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan, Ukraine, and Uzbekistan.
Experts note that the stealer is under active development.
Bitcoin Scam Losses Exceeded $5.6 Billion in 2023
In 2023, the FBI received 69,468 complaints about cryptocurrency fraud with total losses exceeding $5.6 billion. Compared to 2022, financial losses increased by 45%.
The majority of complaints were filed by individuals over 60, with investment schemes being the most common type of crime. Other prevalent scams include:
- tech support fraud;
- personal data breaches;
- extortion;
- romance scams;
- impersonation of government officials.
The overwhelming majority of reported losses were incurred by citizens of the USA—$4.8 billion, the Cayman Islands—$196 million, and Mexico—$127 million.
Over 50% of macOS Attacks in Six Months Targeted a Single Crypto Stealer
Researchers at Sophos X-Ops described a new malware, Atomic macOS Stealer (AMOS), which accounted for more than half of all macOS attacks in the past six months.
We have further advice and information on our protections in our article, which you can read here: https://t.co/yLTutuPBxv
— Sophos X-Ops (@SophosXOps) September 6, 2024
The stealer spreads through phishing, malicious ads, and SEO optimization. It can mimic legitimate applications such as Trello, Arc browser, Slack, Todoist, and Clean My Mac X.
AMOS targets cookies, authentication data, autofill forms, and cryptocurrency wallets, including Electrum, Binance, Exodus, Atomic Wallet, and Coinomi. Some of the collected information is sold to other cybercriminals for further exploitation.
The malware emerged in April 2023 and currently costs $3000 per month. Experts believe future attacks may extend to iOS.
Suspected Cybercrime Syndicate Members Arrested in Singapore
On September 9, Singapore police arrested six Chinese nationals and one local resident suspected of conducting malicious attacks as part of a “global criminal syndicate.”
During the raid, authorities seized electronic devices with malware management software, including the PlugX backdoor, as well as $1.39 million in cash and cryptocurrencies.
The investigation is ongoing.
Serious Vulnerability Found in WhatsApp’s Confidential Feature
The View Once message feature in WhatsApp contains a vulnerability that allows received media files to be saved and distributed. This was highlighted by developers of the Zengo cryptocurrency wallet.
Although the feature is not supported by web versions of the app, the API server of WhatsApp did not adequately enforce these restrictions for three years. Messages were sent to all recipient devices simultaneously. By setting the “view once” flag to false, media files became available for download and forwarding.
Some message versions contain low-quality previews. It was also found that media files are not immediately deleted from the WhatsApp server after being downloaded but are stored there for two weeks.
Additionally, researchers found code samples on GitHub in the form of a Chrome extension and a modified Android client exploiting the vulnerability.
WhatsApp is working on a solution to the problem.
Researchers Use Screen Pixel Noise for Data Leakage
Researchers from Ben-Gurion University introduced a new attack, PIXHELL, which uses noise generated by LCD screen pixels as a channel for leaking information from air-gapped systems.
The spyware generates a bitmap. Through the vibration of coils and capacitors in monitors, it produces acoustic signals in the frequency range of 0 to 22 kHz. These signals can be used to encode and transmit confidential information.
Text and binary data can be extracted from air-gapped and sound-isolated computers at a distance of two meters.
Also on ForkLog:
- Telegram began responding promptly to government requests in the EU.
- Nigerian authorities froze $330,000 in bank accounts of bitcoin exchange clients.
- Experts reported a $22 million hack of Indodax.
- Media: A top manager of several Ukrainian crypto exchanges suspected of embezzling 1 billion hryvnias.
- CertiK: Crypto scammers bypass FaceID using deepfakes.
- DemHack hackathon organizers opened applications.
- Yandex’s ban on cryptocurrency advertising triggered a wave of scams.
- Tether, TRON, and TRM Labs to tackle illegal activities with USDT.
- Singapore launched an investigation into Worldcoin account sales. Arrests made.
- Leaked Chainalysis video revealed XMR tracking method.
- The NBU urged banks to jointly monitor clients’ P2P transfers.
- Former Revelo Intel CEO transferred company money to extortionists.
- AI music creator accused of $10 million fraud.
Weekend Reading Suggestions
Learn about Tigran Gambaryan and the implications of his arrest for the crypto market.