ETH theft during a job interview, iPhone spyware on the opposition, and other cybersecurity events

We’ve gathered the week’s most important cybersecurity news.

A blockchain developer’s cryptocurrency stolen during an online interview

Blockchain and web developer Murat Celiktepe from Antalya lost his Ethereum holdings after responding to a job posting on Upwork.

First, he contacted me via LinkedIn to ask whether I was open to job opportunities, and I said yes. He sent two repos and said there was a problem on the backend that I should fix. https://t.co/1J01EeCI95https://t.co/vSS53rjjhx pic.twitter.com/ZufWTP8g3z

— Murat (@muratctp) December 25, 2023

Presented by a recruiter who claimed to be recruiting — the tester task involved debugging code in two npm packages hosted in a GitHub repository. Celiktepe downloaded them and completed the work, but after the “technical interview” finished he found his MetaMask wallet fully drained.

The attacker withdrew 0.225 ETH (about $538).

The attacker is believed to have gained access to the victim’s device and intercepted network traffic, or copied passwords from the browser with autofill enabled, according to experts.

Amnesty International confirms Pegasus spyware on Indian journalists’ iPhones

The nonprofit rights group Amnesty International has detected aggressive Pegasus spyware on the iPhones of prominent Indian journalists.

“Despite repeated revelations, there is a shameful lack of accountability for the use of Pegasus, which only reinforces the sense of impunity for human rights violations in the country,” the organisation said.

Apple warned in October that Indian journalists and opposition figures could be targeted by government-sponsored attacks, a warning later echoed by authorities. Apple’s cautions were met with scepticism by officials at the time.

Amnesty International called on all countries to ban the use and export of spyware whose functionality cannot be independently verified or restricted. It also urged the immediate publication of the Supreme Court Technical Committee’s findings on Pegasus’ use in India.

Linux SSH servers targeted for covert mining

Attackers are scanning for poorly protected SSH servers and chaining them into a network to mine cryptocurrency and conduct DDoS attacks. This was reported by analysts at ASEC.

Hackers brute-force SSH credentials and, if successful, deploy malware and scanners to locate other vulnerable systems.

Compromised IP addresses and sensitive information may also be sold on the dark web.

To mitigate, users are advised to use strong passwords and keep systems up to date.

Kroll reveals details of the FTX client data breach

The restructuring agent Kroll disclosed further details of the August cyber incident that exposed personal data of claimants in the FTX bankruptcy case.

According to the company, third parties gained access to:

• names;
• email addresses;
• phone numbers and addresses;
• claim numbers and amounts;
• FTX account identifiers;
• cryptocurrency balances on exchanges;
• dates of birth for a limited number of individuals.

Representatives from Kroll stressed that the breach did not affect the FTX systems, in particular the passwords to accounts and digital assets.

Nevertheless, users were warned about a potential phishing campaign aimed at gaining access to their crypto accounts.

Source code for GTA V surfaces online

Links to download the Grand Theft Auto V source code appeared across numerous sources, including Discord servers, darknet sites, and a Telegram channel that had previously been used to leak data stolen from Rockstar Games.

BREAKING: The source code for GTA 5 has been leaked publicly ?

It reveals Bully 2 file, early GTA 5 map & script which confirms GTA 6 was codenamed “Project Americas” pic.twitter.com/uJdzeBa75i

— SKizzle⭐️ (@SKizzleAXE) December 24, 2023

The channel owner, nicknamed Phil, said the leak was part of a campaign to fight scammers in the GTA V modding scene.

We spoke with the person responsible for the GTA V source code leak

They claim to have received the source code August, 2023. Their motivation was to combat scamming in the GTA V modding scene, many people were allegedly scammed by people claiming to have the GTA V source code pic.twitter.com/ZFux6ziMvF

— vx-underground (@vxunderground) December 25, 2023

The leak was dedicated to former Lapsus$ member Arion Kurtaj, responsible for the hack, — last week a teenager was sentenced to life-long treatment due to a severe form of autism.

Rockstar Games has not commented on the situation yet.

Latvia blocks access to all “Yandex” sites

The Latvian National Electronic Media Council (NEPLP) has closed access to all sites linked to Yandex.

NEPLP blocks access to Yandex Music pic.twitter.com/Do7o4gc7S7

— Ivars Āboliņš (@Ivars_Abolins) December 28, 2023

In particular, access to Yandex.Music was blocked because the service hosts “content created by sanctioned individuals from the Russian Federation.”

Since April 7, 2022, NEPLP has restricted access to yandex.ru and its mirrors. The council argued that the homepage of Yandex disseminates “distorted and false information” about world events, including the war in Ukraine.

Earlier, in March 2022, Latvia revoked the Yandex Taxi B.V. license and blocked the Yandex Go app to prevent citizens’ data from flowing to Russia.

Also on ForkLog:

• Immunefi: the damage to the Bitcoin market from hackers amounted to $1.8 bln for the year.
• The CatalX exchange paused trading and withdrawals.
• An expert said there was no possible anonymous use of the Ledger Live app.
• The hacker withdrawn assets worth $1.1 mln from Levana Protocol liquidity pools.
• Unknowns carried out rug pull of fake tokens Sleepless AI, FomoFi and NebulaNode.
• Artist Nikas Safronov’s NFT Christmas tree was stolen.
• Thunder Terminals was hacked for $190,000.
• Telcoin project lost $1.3 mln due to an exploit.
• Experts warned about the risk of Bitcoin censorship.
• The zkSync Era protocol paused block production. Later the project team explained the reason for the outage.
• KyberSwap reduced staff by 50% after the hack.
• MEXC users complained about frozen funds.
• Chainalysis: over the past 2.5 years phishing yielded hackers more than $1 bln in crypto.
• The network saw fake accounts of on-chain sleuth ZachXBT.

What to read this weekend?

We discuss the less obvious methods attackers use to launder “dirty” gains through blockchain.