Cybersecurity Threats: Gamers’ Bitcoins at Risk and Facebook’s Surveillance Tactics

We have compiled the most significant cybersecurity news of the week.

Call of Duty Players Warned About Malware Stealing Crypto Wallets and Passwords

Video game developer Activision is investigating a hacking campaign aimed at stealing user credentials, reports TechCrunch.

Hackers are reportedly uploading malware onto victims’ computers, stealing passwords to their gaming accounts and cryptocurrency wallets.

According to an Activision representative, only players using unauthorized software (cheats) were compromised. The company’s servers remain secure, he asserts.

Users suspecting a breach are advised to change their passwords and enable two-factor authentication.

Facebook Spied on YouTube, Amazon, and Snapchat Users

Since 2016, Meta launched a secret project to gather analytics on Facebook’s competitors by intercepting and decrypting user traffic in third-party mobile apps, reports TechCrunch citing court documents.

Initially named “Ghostbusters”, the project targeted Snapchat, later expanding to YouTube and Amazon.

Tracking was conducted using Onavo VPN, owned by the corporation, marketed as a private network access service. In reality, tens of millions who installed it allowed Facebook to spy on competitors, bypassing their encryption.

This gave the social network access not only to the volume of traffic and actions within third-party apps but also to user names and passwords.

The disclosed documents are part of a class-action lawsuit against Facebook filed in 2020, accusing the company of deceitfully extracting data and using it for unfair competition.

Google’s AI Algorithms Begin Promoting Scams

Google’s new AI-based algorithms are offering fraudulent sites in search results, noted SEO consultant Lily Ray.

OH GOOD.

SGE WILL EVEN RECOMMEND THE SPAM SITES AS PART OF THE ANSWER. pic.twitter.com/wqgFFXqbMB

— Lily Ray ? (@lilyraynyc) March 22, 2024

The Search Generative Experience feature provides brief summaries for search queries, including recommendations of other relevant sites. However, the AI algorithm’s suggested links lead to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.

Similar site templates suggest they were indexed through search poisoning, speculates Bleeping Computer.

Phishing Kit Creators Earn Over $250,000 in Bitcoins

In recent months, the phishing AiTM kit Tycoon 2FA has gained popularity among cybercriminals, report Sekoia analysts.

We just released an analysis of the latest version of Tycoon 2FA Phishing-as-a-Service (#PhaaS), uncovered by the Sekoia TDR team in October 2023.#Tycoon 2FA remains one of the most prevalent Adversary-in-The-Middle (#AiTM) #phishing kits in early 2024.https://t.co/TC5Ly7hC6h

— Sekoia.io (@sekoia_io) March 25, 2024

The new version of the service has received significant feature expansions and improved obfuscation. It currently uses 1100 domains and has been observed in thousands of phishing attacks.

Cybercriminals intercept victims’ input data, pass it to a legitimate service, and then send a request for multi-factor authentication. Once all session cookies are in the hackers’ hands, they can act on behalf of the user.

The service is most often used to attack Microsoft 365 and Gmail accounts. Prices for Tycoon 2FA range from $120 to $320.

Since the kit’s creation in August 2023 until March 12, 2024, the attackers’ bitcoin wallet processed about 700 incoming transactions totaling over $250,000.

US Sanctions State-Sponsored Chinese Hackers

The OFAC added to the sanctions list the Wuhan-based company Wuhan XRZ, used by China’s Ministry of State Security as a front for attacks on US critical infrastructure.

Also included are two Chinese nationals, Zhao Guangzong and Ni Gaobin, linked to the Chinese government-backed hacker group APT31. They are accused of a 2020 phishing operation against the US Naval Academy and the China Maritime Studies Institute at the US Naval War College.

Similar sanctions have been imposed by the UK authorities.

Additionally, the US Department of Justice has charged Guangzong, Gaobin, and five other individuals (pictured) with conducting malicious cyberattacks for at least 14 years on behalf of China’s foreign intelligence.

The US State Department offers a reward of up to $10 million for information on APT31 or its members.

Telegram Users in Russia, Ukraine, and Belarus to Restrict Incoming Messages

Starting April 1, Telegram users in Russia, Ukraine, and Belarus will be able to limit who can send them private messages, announced the messenger’s founder Pavel Durov.

The decision follows numerous complaints from Russian-speaking users about messages from strangers inciting terrorism.

Telegram will also implement an AI-based solution for more effective spam filtering.

Deputy Chairman of the Russian State Duma’s Information Policy Committee Anton Gorelkin suggested to Ostorozhno Media that Durov create a mechanism to automatically monitor and block conversations in private chats and channels.

Also on ForkLog:

• Searches conducted in Moscow offices of bitcoin exchanges Beribit and ABCeX.
• Fake ENA, Prisma fund movements, and industry losses of $336 million.
• TRM confirmed Tron’s dominance in the criminal crypto economy.
• Experts identified an attack on the DeFi protocol Prisma, estimating damages at $11 million.
• Bloomberg learned of US and UK investigations into Garantex.
• Sber explained the procedure for unfreezing a card after cryptocurrency transactions.
• Hackers stole $380,000 in bitcoins from the founder of Ordinal Rugs.
• Web3 project Munchables recovered $97 million lost in a hack.
• The US accused bitcoin exchange KuCoin of laundering $9 billion.
• Portuguese authorities ordered Worldcoin to stop collecting biometric data.
• Binance joined a platform to comply with FATF requirements.
• GitHub users fell victim to malware stealing bitcoin wallets.
• CommEX announced a gradual suspension of operations, Binance accused it of breaching a deal. ForkLog analyzed the situation.
• The US imposed sanctions on the Atomyze and Bitpapa platforms.
• A hacker released 1 billion CGT tokens in the Curio ecosystem.
• Fraudsters stole millions from BlockFi and FTX creditors.
• Ripple team warned of a failure in AMM pools.
• Polygon zkEVM resumed operations after a failure.
• ParaSwap will return funds to users after discovering a vulnerability.
• European Parliament committees approved a ban on anonymous crypto transactions.

Weekend Reading Suggestions

We discuss what information cryptocurrency exchanges and exchangers will need to share about clients according to the new FATF guidelines.