Heightened Threats to Bitcoin Wallets, Rutube DDoS, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

FBI Warns Crypto Companies of Increased Threat from North Korean Hackers

In a recent notice, the FBI reported that in recent months, hackers from North Korea have been actively researching potential victims related to bitcoin ETFs and other cryptocurrency products.

The agency believes the planned attacks will be aggressive, employing social engineering to deploy malware and steal assets.

Often, hackers try to gain trust by posing as offering new jobs or investment opportunities, pretending to be acquaintances of the future victim or well-known members of the crypto community.

The FBI has compiled a list of indicators to help identify hackers.

Android Users Targeted by Malware Reading Seed Phrases from Images

Researchers at McAfee discovered the SpyAgent malware targeting Android users. Using optical character recognition technology, it steals seed phrases from cryptocurrency wallets from screenshots.

Experts tracked at least 280 Android applications distributed outside Google Play via SMS or social media messages. Some of them mimic government services, dating portals, and pornographic sites.

The malware is currently targeting South Korea and the UK, but its reach may expand. An early version for iOS is also reportedly in development.

Rutube Confirms Major DDoS Attack on Service

On the evening of September 6, Russian video hosting Rutube faced the largest DDoS attack in the past two years. This was announced by the service’s press office.

According to “Сбой.рф”, most complaints came from residents of Moscow, St. Petersburg, and the Moscow region.

During the threat mitigation period, specialists warned of temporary access difficulties to the service. Within a few hours, Rutube’s operations were fully restored.

North Korean Hackers Stole Cryptocurrency Using Chrome Vulnerability

The North Korean group Citrine Sleet in mid-August exploited a previously unknown flaw in Chromium-based browsers to steal cryptocurrency from various organizations. The cyberattack report was published by Microsoft specialists.

Hackers lured victims to a domain mimicking legitimate platforms or cryptocurrency trading applications. The vulnerability triggered remote code execution in the rendering process of Chromium browsers. Using another bug in the Windows kernel, they installed the FudModule rootkit on the victim’s computer, gaining administrative access to the operating system.

Google fixed the flaw on August 21. Microsoft notified “targeted and compromised clients,” but did not provide details on the number of affected parties.

US Charges Six Russians with Attacking Ukraine’s Government and 26 NATO Countries

The US Department of Justice charged six Russian citizens with attacking the Ukrainian government and various organizations in 26 NATO countries using the WhisperGate malware. Among the defendants are five officers of the GRU Yuri Denisov, Vladislav Borovkov, Denis Denisenko, Dmitry Goloshubov, and Nikolai Korchagin, as well as civilian accomplice Amin Stigal, previously charged with conspiracy to commit computer hacking.

According to the case materials, the group has been active since August 2021. The pseudo-ransomware WhisperGate damaged attacked systems without the possibility of file recovery.

The US State Department offers up to $10 million for information on the whereabouts of any of the accused or details of their cybercriminal activities.

Cryptocurrency-Stealing Program Embedded in Fake OnlyFans Hacker Tool

Researchers at Veriti discovered a campaign distributing the Lumma Stealer infostealer under the guise of a tool for hacking OnlyFans accounts.

Veriti’s research team just uncovered a hacking operation targeting @OnlyFans accounts that backfired on the cybercriminals themselves!

Read the full blog now to get all the juicy details ?
https://t.co/pCQYXYeBtl#OnlyFans #Veriti #VeritiResearch #HackingGoneWrong

— VERITI (@VeritiSecurity) September 5, 2024

According to the hackers, the malware supposedly can crack account credentials on the platform to steal explicit photos and subsequently extort money.

In reality, it delivers an infostealer targeting cryptocurrency wallets, browser extensions for two-factor authentication, and other confidential information.

Similar campaigns target those wishing to hack Disney+ and Instagram accounts, as well as those looking to create their own Mirai botnet.

Another channel for distributing Lumma Stealer has been fake patches on GitHub, which hackers post in project comments.

US Blocks 32 Domains for Spreading Russian Propaganda

The US Department of Justice announced the seizure of 32 internet domains used by Russian state structures to spread disinformation and influence the 2024 presidential election. According to the case materials, the activities of the resources are linked to ANO MC “Dialogue,” the Structura National Technology group of companies, and the Social Design Agency.

Most domains mimicked well-known media platforms, including The Washington Post and CNN. Propaganda was spread through fake influencers, fake profiles, and AI-generated content.

In addition to the US, the perpetrators targeted audiences in Germany, Mexico, and Israel.

Also on ForkLog:

• Inside ChatGPT: porn generator, fraud, and pseudo-expert medical advice.
• Durov announced enhanced moderation in Telegram.
• In Russia, a financial pyramid scheme tried to enter the CFA market by deception.
• The community suspected NEAR of faking an X-account hack for hype.
• The FTC reported a tenfold increase in damage from bitcoin ATM fraud.
• A hacker compromised the DAI deploy address in almost all L2 networks.
• DeFi protocol Penpie lost $27 million in an exploit.
• Bluesky’s audience grew by 1 million in three days after X was banned in Brazil.
• Bernstein called blockchain a solution to the problem of internet content censorship.
• The WazirX hacker transferred $6.5 million in ETH to Tornado Cash addresses.
• PeckShield: losses from hacks in August exceeded $313 million.
• Chainalysis: crypto criminals have moved from Ponzi schemes to “pig butchering.”

What to Read on the Weekend?

Together with “SHARD,” we explain the workings of analytical systems in simple terms.