We have gathered the week’s most important cybersecurity news.
- 4chan took servers offline after a major breach.
- Google introduced forced reboots for Android.
- A trojan targeting Chinese smartphones stole more than $1.6m in crypto.
- Vulnerabilities were found in several bitcoin wallets.
Google introduced forced reboots for Android
The latest Google Play services update introduced an automatic reboot feature for Android devices. It complicates data extraction using modern forensic tools.
When switched on, a phone enters the Before First Unlock state, in which most user data remains encrypted. After the first unlock, in the After First Unlock (AFU) state, data become available for extraction.
Thanks to the new feature, a device will automatically reboot after 72 hours of inactivity.
A trojan targeting Chinese smartphones stole more than $1.6m in crypto
Researchers at Dr.Web reported preinstalled trojanised apps on budget clones of premium Samsung and Huawei Android models. Among the modified apps are the messaging apps WhatsApp and Telegram, QR-code scanners and others.
The Shibai malware intercepts the app-update process and searches chats for Ethereum or Tron wallet addresses, replacing them with fraudulent ones. It also scans saved images for seed phrases.
Attackers use about 30 domains to distribute the malware and more than 60 command-and-control servers.
Over the past two years, wallets controlled by the organisers have received more than $1.6m.
Vulnerabilities found in several bitcoin wallets
Researchers at Coinspect discovered critical flaws in the browser wallets Stellar Freighter, Frontier Wallet and Coin98 that allow assets to be stolen without users noticing.
?Just visiting a site could drain your crypto — no clicks, no approvals.
We uncovered critical wallet vulnerabilities in Freighter, Frontier, and Coin98 that silently exposed users.
Don’t miss the full breakdown:https://t.co/fSgUnMQsOP— Coinspect Security (@coinspect) April 11, 2025
To connect to dapps, browser wallets inject code into every tab a user visits, establishing a communications channel. It lets an app recognise the wallet and request access to key functions such as viewing balances or initiating transaction-approval requests.
Messages are passed to a Background Script, which has access to the private key. The final interaction occurs in the wallet interface. Unlike long-lived connections that create separate channels for different parts of an extension, this approach lacks such separation.
An attacker can deliberately create confusion by sending a message to a privileged API via a listener in the background script. Malicious requests mimic legitimate ones and can lead to a seed phrase being displayed for backup.
Experts shared the details with the developers of all three wallets. All have issued fixes.
4chan took servers offline after a major hack
On April 14th the online forum 4chan suffered a serious attack and suspended operations. Members of the imageboard Soyjak.party claimed responsibility.
Screenshots of administrator and staff-control panels, as well as a list of emails purportedly belonging to the platform’s leaders and moderators, leaked online.
According to Bleeping Computer, a potential interception of maintenance tools would give hackers access to the location and IP address of any user, allow them to restart any 4chan board and manage databases.
Later the same day the forum’s source code appeared on Kiwi Farms.
The suspected hackers did not disclose the attack vector. Community members suggested the cause could be the platform’s outdated PHP version from 2016.
To minimise damage, administrators reportedly shut down the servers. At the time of writing, the site is unavailable.
Owners of dark-web forum accounts invited to sell them anonymously
Swiss cybersecurity company Prodaft announced it is buying accounts from dark-web forums. It is seeking accounts on XSS, Exploit, RAMP4U, Verified and BreachForums registered before December 2022.
Owners are guaranteed payment in cryptocurrency, with higher sums for moderator or administrator accounts. The account must not be on any law-enforcement most-wanted lists. As part of the initiative, users can also anonymously report cybercrimes committed by others.
Transactions are conducted anonymously via secure communication channels. The data obtained—without seller details—will be passed to law enforcement for use in HUMINT operations and to infiltrate closed cybercriminal communities.
Reddit complied with only a quarter of Russia’s content-removal requests
In the second half of 2024, the American platform Reddit received 122 content-removal requests from government and law-enforcement bodies in various countries. Russia sent 15 unique requests, of which the network complied with only four (26%).
According to the report, less than a third (27%) of the requested content actually violated the platform’s rules. Geo-blocking was not applied in any case.
The largest number of requests (24) came from the UAE authorities. In total, 27 legal requests turned out to be fake, which Reddit reported to law enforcement.
Also on ForkLog:
- In Brazil, a crypto-pyramid organiser was sentenced to 128 years in prison.
- DappRadar: since the start of the year the Web3 ecosystem has lost ~$6bn due to rug pulls.
- The platform eXch will shut down over allegations of laundering Bybit funds.
- A Manta Network co-founder avoided a Lazarus attack via Zoom.
- OpenAI released AI models prone to deception o3 and o4-mini.
- Crypto exchange BloFin obtained an ISO 27001 certificate.
- Tether blocked three suspicious addresses holding 870,000 USDT.
- Project Eleven offered 1 BTC for a quantum break of Bitcoin cryptography.
- Hackers compromised the X account of a British official to promote a scam token.
- Vitalik Buterin called privacy the foundation of freedom.
- Journalists learned of Chinese authorities’ sales of confiscated cryptocurrencies.
- A critical vulnerability was found in chips for bitcoin wallets.
- ZKsync plunged after the theft of $5m in tokens.
- Media reported suspicious deaths of Chinese AI experts.
- Experts cited the reason for the Mantra token crash.
- Russian authorities will create a database of suspicious crypto wallets.
- KiloEx suspended operations after a $7.5m hack.
- Binance resumed withdrawals after an AWS outage.
- Hackers stole $100,000 from the CEO of Emblem Vault via Zoom.
- Media: in Russia, the seizure of bitcoins in favour of the state was approved.
- Ukraine deemed unreliable an investment project “based on AI algorithms”.
- 66,800 Indian residents lost $6m to a crypto scam.
What to read at the weekend?
We examine manipulation in the DeFi segment and ways to curb it.