Cybersecurity Highlights: Fake Hamster Kombat Software and Llama 3.1’s Outburst

Here are the week’s most significant cybersecurity stories.

Fraudsters Distributed Malware Under the Hamster Kombat Brand

Amid the popularity of the mini-game Hamster Kombat, attackers targeted users with fake software for Android and Windows. ESET researchers highlighted this issue.

#ESETreasearch discovered several threats abusing the popularity of an in-app #Telegram clicker game #Hamster Kombat. These threats can be found on both #Android and #Windows platforms. https://t.co/OGvfnoeu4F @lukasstefanko 1/5

— ESET Research (@ESETresearch) July 23, 2024

The official project is only available on Telegram, yet fraudsters created a mimicking app, Hamster Kombat – Earn Crypto, on Google Play, aimed at stealing information and assets. It has since been removed from the store.

The Telegram channel HAMSTER EASY distributes the Ratel spyware for Android as an APK file, devoid of legitimate functions. The malware intercepts SMS and device notifications, primarily subscribing victims to premium services from which operators earn commissions.

Fake websites like hamsterkombat-ua(.)pro and hamsterkombat-win(.)pro redirect visitors to advertisements, allowing fraudsters to profit from views.

On GitHub, malicious repositories disguised as bots for crypto game farming are spreading the Lumma Stealer infostealer, targeting Windows users.

Instagram Dismantled a Sextortion Network of 63,000 Accounts

Meta removed 63,000 Instagram accounts from Nigeria linked to the cybercriminal group Yahoo Boys, involved in sextortion scams. Their victims were primarily men from the United States.

The cleanup also extended to Facebook, where over 7,000 pages and groups disseminating criminal scheme tutorials were removed.

Meta’s team blocked the perpetrators from creating new accounts on social networks.

Cryptowallets and User Messages from BreachForums Leaked

Confidential information about BreachForums members from November 2022 has been leaked online, reports Bleeping Computer.

The data was published by a user named Emo, who claims to have obtained it from the arrested forum owner, Conor Brian Fitzpatrick (Pompompurin), who allegedly attempted to sell the dump in June 2023 for $4,000 while out on bail. It was subsequently purchased by three criminals.

The leak is not new and was previously published in a truncated form. Its full version includes:

• identifiers of over 212,000 users;
• names;
• email addresses;
• registration and last login IP addresses;
• private messages and forum posts;
• payment logs;
• hashed passwords;
• cryptocurrency addresses.

Bleeping Computer analyzed the database and confirmed the authenticity of a large number of accounts.

The “Hacked” Llama 3.1 Was Made to Curse Meta and Zuckerberg

A white-hat hacker known as Pliny the Prompter made Meta’s new AI system Llama 3.1 respond to forbidden prompts.

?️ JAILBREAK ALERT ?️

META: PWNED ??
LLAMA-3-405B: LIBERATED ??

Come, witness the brand new SOTA open source AI outputting a home lab bioweapon guide, how to hack wifi, copyrighted lyrics, and an explicit roast of Zuck!

No new security upgrades it seems, so this was a… pic.twitter.com/hDT7pgGLdw

— Pliny the Prompter ? (@elder_plinius) July 23, 2024

He used leetspeak to encrypt stop words in prompts, obtaining a recipe for creating a deadly biological weapon in a home lab, a detailed guide on hacking Wi-Fi, and copyrighted song lyrics. He also made the AI assistant curse its creators, Meta and Mark Zuckerberg.

“No new security upgrades were implemented. It was a piece of cake. The same architecture as before,” wrote Pliny the Prompter.

Such stress tests have been conducted by the researcher on other AI models to identify vulnerabilities.

17-Year-Old Briton Suspected in Major Casino Network Hack

British police announced the capture of a 17-year-old suspected of participating in the hack of two major casino networks in autumn 2023 as part of the hacker group Scattered Spider.

He faces allegations of extortion and unauthorized computer use. He has been released on bail pending investigation, and his seized devices will be examined for additional evidence.

In June, another suspect in the case was detained in Spain.

YouTube Slowed Down in Russia

By the end of next week, Russian data centers will reduce YouTube video loading speeds by 70%. This was reported by Deputy Alexander Khinshtein.

This will primarily affect desktop versions, with mobile connections remaining unaffected for now.

Khinshtein attributed the situation to technical issues on Google’s part (cessation of data center services and server shutdowns post-February 2022) and enforcement measures by authorities due to “repeated violations of Russian law.”

To lift the restrictions, the deputy suggested YouTube build Russian server centers, negotiate with US authorities to lift equipment supply sanctions, or legally pay for local data center services. Additionally, Khinshtein stated that the video hosting should unblock Russian media and public figure channels.

Also on ForkLog:

• Former Huobi employees stole over 40,000 private keys from users.
• New anti-fraud measures by Russian banks will negatively impact cryptocurrency exchange.
• The co-founder of mining company DEBT Box reported the kidnapping of his brother and $400 million.
• “Bitcoin inscriptions” and ETFs alongside AI opened new opportunities for hackers.
• dYdX Trading restored website operations after a hack.
• Experts noted increased vulnerability of ZK-protocols.
• The founder of ETHTrustFund was accused of a $2.2 million rug pull.
• WazirX announced a reward for assistance in fund recovery.

Weekend Reading Suggestions

Explore the main concepts of ethical AI and understand the importance of this aspect for technology.