We have compiled the most significant cybersecurity news of the week.
- A fake WalletConnect app stole over $70,000 in cryptocurrencies.
- The UK regulator confirmed a data breach at MoneyGram.
- OpenAI’s X account was hacked again by crypto scammers.
- A GPS signal attack allowed for remote mapping of a building’s layout.
Fake WalletConnect App Stole Over $70,000 in Cryptocurrencies
For five months, a malicious WalletConnect app mimicking the legitimate cryptocurrency project was distributed via Google Play. This was highlighted by Check Point experts.
A fake WalletConnect app on Google Play remained undetected for five months and stole over $70K in crypto. Our latest research reveals how crypto drainers use advanced social engineering tactics to attack mobile users.https://t.co/yHFH4UDWyY
— Check Point Research (@_CPResearch_) September 26, 2024
The fake app marketed itself as a lightweight version of a Web3 wallet and had a high rating due to fake reviews. Users who installed it were directed to a malicious website where they were prompted to authorize several transactions, leading to the theft of private keys and digital assets.
The malicious WalletConnect app reached 10,000 downloads, although this figure may be artificially inflated. At least 150 victims lost cryptocurrencies worth over $70,000.
At the time of writing, the malicious app has been removed from the store.
UK Regulator Confirms MoneyGram Data Breach
The UK’s Information Commissioner’s Office received a report from the American money transfer service MoneyGram about a cybersecurity incident and is conducting an investigation. The supervisory authority reported this in a comment to TechCrunch.
The payment giant first confirmed the issue on Monday, September 23, after three days of operational downtime.
MoneyGram recently identified a cybersecurity issue affecting certain of our systems. Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline which impacted network connectivity. We are…
— MoneyGram (@MoneyGram) September 23, 2024
The company decided to take some systems offline, leading to a major disruption.
As of September 26, MoneyGram restored its website and app, as well as services through partner agents. Some pending transactions were still being processed at that time.
Our website (https://t.co/9WKxUoWLJL) and app are now live and available. Customers can send and receive money through both our digital platforms and agent partners.
We continue to work diligently to fulfill pending transactions. Thanks again for the patience of our customers…
— MoneyGram (@MoneyGram) September 26, 2024
The scale of the potential data breach remains unknown. MoneyGram serves over 50 million people annually in more than 200 countries and is the world’s second-largest money transfer service provider.
OpenAI’s X Account Hacked Again by Crypto Scammers
On the evening of September 23, cryptocurrency scammers hacked OpenAI’s press account on the X social network to promote the scam token $OPENAI. This was reported by TechCrunch.
The tweet described the coin as “bridging the gap between AI technology and blockchain” and invited participation in its initial claim.
The attached link led to a phishing site that required connecting crypto wallets and subsequently stole assets and user credentials.
At the time of writing, the tweet has been deleted.
GPS Signal Attack Allowed Remote Mapping of Building Layout
Researchers from the Indian Institute of Technology in Delhi described the AndroCon technology, which tracks the environment of an Android device using partially processed GPS metadata.
Information is collected through apps installed on the device. Starting from Android version seven, the method accesses GPS data within 39 functions, such as signal level, Doppler shifts, and SNR.
Based on their analysis, AndroCon can determine:
- the structure of the space — whether it is closed or open;
- the presence of other people;
- the user’s position — whether they are sitting or standing;
- the speed of movement;
- the location relative to the ground;
- additional landmarks, such as stairs and elevators.
The method’s accuracy is 99.6% in determining the environmental context and 87% in classifying human activity. This allows for creating building plans with a four-meter margin of error without using other sensors and cameras.
Potentially, up to 90% of Android users worldwide are vulnerable to the attack. OS developers have acknowledged the issue and are working on a fix.
EU Fines Meta €91 Million for Unencrypted Password Storage
The Irish Data Protection Commission (DPC) fined Meta €91 million ($101.5 million) for inadvertently storing some users’ passwords without protection or encryption. This was reported by Reuters.
The investigation began in 2019 after Meta notified the DPC that it had stored some passwords in plain text format.
Upon discovering the error, the company immediately took steps to correct it.
According to a Meta representative, “there is no evidence that the passwords were misused or accessed without authorization.”
98 VPN Services Disappear from Russian App Store
From early July to September 18, 2024, Apple removed about 60 VPN services from the Russian App Store, although official Roskomnadzor requests concerned only 25 apps. This was noted by AppleCensorship analysts.
? Silent Removals: Evidence suggests that #Apple has been quietly removing #VPN apps from the #Russia App Store. During the summer of 2024 alone, Apple removed over 50 VPN apps, raising the total number of unavailable VPN apps to 98.https://t.co/qPDuh1rXse
— AppCensorship (@AppCensorship) September 26, 2024
The total number of unavailable VPN services reached 98. Thus, more than 20% of apps disappeared from the store without a public announcement, experts noted.
According to them, the removals occurred on specific dates, indicating “coordinated actions by Apple, potentially exceeding Roskomnadzor’s requests, rather than voluntary withdrawal by VPN developers.”
Digital rights advocates expressed concern over the trend of corporate complicity in state censorship.
Discord Receives Five Notices from Roskomnadzor
Since September 20, the messenger Discord has received five new decisions from Roskomnadzor regarding violations of legislation. This was reported by Kommersant.
Sources of the publication suggested that “in the coming days,” Discord could be officially blocked in Russia based on accusations. In the gaming industry, there is discussion about the risk of slowing down the messenger similar to YouTube.
The service’s audience in Russia is 40 million people. In mid-September, messenger users already complained about widespread disruptions in the mobile and desktop versions.
Discord and Roskomnadzor did not comment on the disruptions and the inclusion of platform links in the registry of banned sites.
Also on ForkLog:
- Hackers used an old exploit to re-hack Onyx for $3.8 million.
- The FBI accused a crypto businessman of bribing police and extortion.
- $2 million was stolen from the Bedrock Bitcoin restaking protocol.
- The court rejected the co-founder of Tornado Cash’s request to dismiss the case.
- The crypto industry suffered $413 million in damages from hackers and scammers in Q3.
- Hacked Truflation offered the hacker $500,000 for the return of funds.
- The US imposed sanctions on the PM2BTC Bitcoin exchange and Cryptex exchange.
- Binance continued to serve a limited number of Russians.
- TON announced increased network load due to the Hamster Kombat airdrop.
- Telegram bot Banana Gun will compensate $3 million to hack victims.
- Russia was suspected of using AI to influence US elections.
- Binance denied a user data leak.
- Hamster Kombat developers discussed the anti-cheat system.
- Experts learned to track Ethereum validators’ IPs.
- Telegram will start sharing user data with authorities.
- A Bitcoin exchange with a turnover of 200 million rubles was closed in Moscow City.
Weekend Reading Suggestions
We explain why and how Bitcoin will survive in a world without the internet.