Here are the most significant cybersecurity news stories from the past week.
- The Grandoreiro malware has resurfaced, targeting Bitcoin wallets in a new wave of attacks.
- Microsoft has introduced a “nightmare feature that kills user privacy.”
- A well-known hacker has announced the launch of an alternative to the closed BreachForums.
- An iOS bug has led to the restoration of photos deleted years ago.
Grandoreiro Malware Resurfaces to Target Bitcoin Wallets
IBM researchers reported on the activity of the Grandoreiro malware, whose developers were apprehended in Brazil in early 2023. The current phishing campaign targets more than 60 countries and approximately 1,500 financial institutions.
The malware has significantly improved its internal algorithms and expanded its targeting of banking applications and crypto wallets, posing a threat to Binance, Electrum, Coinomi, Bitbox, OPOLODesk, and Bitcoin.
Since 2017, Grandoreiro has caused $120 million in damages.
Renowned Hacker Announces Alternative to Closed BreachForums
Notorious cybercriminal USDoD plans to launch the hacker forum Breach Nation on July 4, replacing the recently closed BreachForums. He explains this as a desire to revive the community.
Announcement
Breach Nation — A new born community on Horizon.“Ladies & gentlemen, prepare for landing
Fasten your seat belts, thank you for flying USDoD Airlines
Oh and me, call me the captain, DoD
So, together we stand, divided we fall
United we formBreach Nation and take on…— USDoD-TA?☠️??️?️ (@EquationCorp) May 16, 2024
According to the project, the new platform will have two independently managed servers with the domains breachnation[.]io and databreached[.]io.
USDoD noted that he is not pursuing profit. “As a goodwill gesture,” he promises to provide the latest updated membership rank on the forum to the first 200,000 users.
Judging by the comments under the tweet, users did not rule out that the announcement might be a front for the FBI or other law enforcement agencies.
Microsoft Introduces “Privacy-Killing Nightmare Feature”
Microsoft has unveiled a new AI-based feature called Recall to simplify the search for previously viewed information in Windows 11. It takes a screenshot of the active window every few seconds and, by default, records all user actions on the system for up to three months, writes Bleeping Computer.
The feature has raised serious concerns among regular users and cybersecurity researchers, who have labeled it an “built-in keylogger.” They fear that the collected confidential data could fall into the hands of malicious actors or be misused by the company itself.
The UK’s Information Commissioner’s Office has also demanded explanations.
In an attempt to reassure the public, Microsoft representatives stated that data from Recall is encrypted using BitLocker technology and is not shared with other users on the same device. Additionally, the feature can be restricted or even completely disabled.
iOS Bug Restores Photos Deleted Years Ago
Owners of Apple portable devices have noticed that after a recent update, photos and voice messages deleted long ago have suddenly reappeared in their gallery. Some found intimate photos among the restored files, taken on old, unused devices, reports The Verge.
Researchers at Synactiv investigated the issue and found that the bug is related to the reindexing process in the new iOS patch, during which the system resaved photos from the file manager containing all media copies into the Photos app.
Want to know how deleted photos reappeared in iOS 17.5? Check out today’s blogpost by @Lefnui ?https://t.co/wcC5ZnrBJM
— Synacktiv (@Synacktiv) May 23, 2024
To address the issue, Apple urgently released iOS 17.5.1.
Scheme to Install Monero Miner via Vulnerable Drivers Discovered
Researchers from Elastic Security Labs reported a multi-stage attack for covert Monero cryptocurrency mining.
Today, we’re unveiling an intrusion set focused on cryptomining with a new payload: GHOSTENGINE. REF4578 utilizes multiple malicious modules and BYOVD. Get the details: https://t.co/zM8199VWlw#ElasticSecurityLabs #malware #cryptocurrency
— Elastic Security Labs (@elasticseclabs) May 21, 2024
The initial server breach mechanism is not fully understood, but the installation file “Tiworker.exe” is the first to run on the victim’s system. During deployment, the malware disables all existing security products through vulnerable drivers and launches the XMRig miner.
The origin and scale of the campaign are unknown. Experts speculate that the hackers possess numerous crypto wallets, potentially resulting in significant financial gains.
SEC Fines NYSE Operator $10 Million for Failing to Report Breach
Intercontinental Exchange (ICE), the parent company of the New York Stock Exchange, will pay a $10 million fine for failing to promptly notify the SEC of a security breach in April 2021.
At that time, a malicious payload was deployed on a compromised VPN device used for remote access to ICE’s corporate network. The company learned of the potential intrusion from a third party and spent four days assessing the damage, which was minimal.
According to the Regulation Systems Compliance and Integrity, the SEC must receive immediate notification of cyberattacks, except in cases where the incident can be reasonably assessed as insignificant right away.
Also on ForkLog:
- CatCoin developers threatened BitForex with a lawsuit over withdrawal restrictions.
- A presumed co-owner of the BTC-e exchange was released on $3 million bail, and the law firm Lidings began accepting claims for payments from WEX clients.
- A “star” of the Finiko pyramid scheme was sentenced to 4.5 years in prison.
- The owner of the defunct drug market Incognito Market was arrested in the US.
- Gala Games lost over $200 million due to an exploit.
- The first case regarding alleged fraud by the Beribit exchange was opened and soon dismissed.
- A suspect in the Pump.fun hack was arrested in London.
- Another top manager left OpenAI, citing security negligence.
- LayerZero Labs paused the “public hunt” for “sybils.”
Weekend Reading
We explore how the four-level consensus mechanism of the Internet Computer blockchain ensures resilience against known attack vectors.