Cybersecurity Highlights: Fake DeFi Game, AI Scams, and More

We have compiled the most significant cybersecurity news of the week.

Lazarus Created a Fake DeFi Game to Steal Cryptocurrencies

Researchers at Kaspersky Lab discovered a fake DeFi game targeting the crypto community to steal their assets. The North Korean hacker group Lazarus Group was behind its development.

A new level of social engineering: the APT group Lazarus promoted a website with a game and a zero-day vulnerability exploit in Google Chrome. Details of the attack are in the new article: https://t.co/SiETl5u4yx pic.twitter.com/OZIvro2mtL

— Kaspersky (@Kaspersky_ru) October 25, 2024

The perpetrators created a fake website detankzone[.]com with a multiplayer NFT-based tank-themed game. It was based on the stolen source code of a real MOBA called DeFiTankLand. Analysts did not rule out that Lazarus was behind the theft of the original project’s native coin DFTL2 worth $20,000 in March 2024. 

The malicious game was promoted on various social networks, through phishing emails, and by reaching out to premium LinkedIn accounts since May.

The downloaded application did not work beyond the registration screen — visiting the site was enough to infect with the malicious Manuscrypt backdoor, exploiting the Google Chrome browser.

The script gave hackers access to cookies, authentication tokens, saved passwords, and browsing history. The campaign aimed to steal cryptocurrencies. 

Kaspersky Lab notified Google of the vulnerability, and they made the necessary changes. 

OpenAI’s Realtime API Used for Scam Automation

Researchers from the University of Illinois at Urbana-Champaign created AI agents capable of phone scams using the Realtime API.

The development consisted of the OpenAI GPT-4o model, the Playwright browser automation tool, related code, and scam instructions. The researchers implemented the idea in 1051 lines of code, most of which dealt with real-time voice API processing. 

Various types of scams were tested, including theft of funds from a bank account/cryptocurrency wallet; theft of gift codes and credentials.

The success rate and cost of attacks varied. Gmail credential theft had a 60% success rate, required five actions, lasted 122 seconds, and cost $0.28 in API fees. Bank account transfers had a 20% success rate, required 26 actions, lasted 183 seconds, and cost $2.51.

The average overall success rate was 36%, and the average cost was $0.75. 

Four REvil Hackers Sentenced in St. Petersburg

On October 25, the St. Petersburg Garrison Military Court sentenced four defendants in the REvil hacker group case, as reported by Kommersant. 

Artem Zayets, Alexey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov were found guilty of illegal handling of payment means. The latter two were also charged with using and distributing malicious programs.

Zayets and Malozemov received four and a half and five years in a general regime colony, respectively. Khansvyarov and Puzyrevsky were sentenced to five and a half and six years.

Initially, 14 people were detained in the REvil case, but only eight defendants eventually faced trial. A new criminal case was opened against four others — Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotaev — under the article on illegal access to computer information.

All defendants have been in custody since early 2022, and they did not plead guilty. Over 300 million rubles, $950,000, more than €1 million, and 19.9 BTC were seized.

WhatsApp Introduces Encrypted Database for Contact Synchronization

WhatsApp messenger introduced a new encrypted data storage system IPLS, maintaining confidentiality and designed for managing contacts.

WhatsApp’s latest feature is a novel encrypted storage system called Identity Proof Linked Storage (IPLS)

Learn how IPLS allows you to privately add and manage your contacts on WhatsApp across linked devices. https://t.co/ck9me0ZQL3 pic.twitter.com/UsSxj1YCfW

— Engineering at Meta (@fb_engineering) October 22, 2024

The update reduces the risk of losing the contact list if the phone is lost and adds data synchronization between different devices.

With IPLS, WhatsApp contact lists are tied to the account rather than the device, making it easier to manage them when changing devices.

The system also allows different contact lists for multiple accounts on one gadget, isolating them from others. 

Linux Removes Russian Developers from Leadership Roles

Linux developer Greg Kroah-Hartman removed 11 individuals associated with Russia from the list of those responsible for developing components of the operating system’s kernel. He cited “various compliance requirements,” writes Kommersant.

Russians can no longer make changes to the Linux kernel as maintainers, but they can still propose them as regular developers. 

Most of the affected individuals are employees of SberDevices, Open Mobile Platforms, NetUp, and Metrotek. Their representatives are awaiting clarification from Western colleagues, who have always declared principles of openness. 

Also on ForkLog:

• Experts suggested a $20 million hack of a US government crypto wallet.
• ZachXBT estimated Coinbase user losses from scams at $100-150 million over the year.
• The Russian Prosecutor General’s Office will implement AI to combat criminal bitcoin turnover.
• Report: Iranian exchanges are linked to authorities and involved in sanctions evasion.
• The thief of $4.5 million from Indexed Finance transferred part of the funds to Tornado Cash.
• The former CEO of the Mine Digital crypto exchange was accused of stealing $1.5 million from a client.
• Crypto-fiat gateway Transak reported a client database compromise.
• Experts: the threat of a quantum attack on cryptocurrencies is exaggerated.
• In Japan, a fraudster was caught thanks to Monero transaction analysis.
• The Bitmama case with reduced damage was sent to the prosecutor’s office.
• Media: former WEX head Dmitry Vasiliev was detained in Poland.
• An Indian resident received five years in prison for stealing $20 million from Coinbase users.

What to Read This Weekend?

We explain what silent bitcoin payments are and how they help user anonymity.