Cybersecurity Highlights: Russia Bans Viber, Telegram’s Terrorist Tally, and More

We have compiled the most significant cybersecurity news of the week.

Viber Blocked in Russia

Roskomnadzor confirmed the restriction of access to the Viber messenger in Russia. The reason cited was the service’s failure to comply with legislation aimed at preventing its use for terrorist and extremist purposes.

Additionally, the platform is accused of facilitating drug sales and hosting illegal information.

Telegram Releases Statistics on Blocked Groups and Chats

Telegram founder Pavel Durov reported on the moderation efforts conducted by the messenger over the past few years. Detailed statistics on efforts to block illegal content are presented in a new section of the company’s website.

According to Durov, each month moderators removed “about 1 million channels and groups, as well as over 10 million users who violated the platform’s rules.” In addition to user complaints, the team employed automated detection systems and AI-based tools.

As of the time of writing, since the beginning of 2024, the messenger has blocked over 15.4 million groups and channels, with more than 703,000 distributing content related to child sexual abuse. Of the total number of communities, 129,000 were linked to terrorism.

Ultralytics AI Model Infected with Cryptominer

Two compromised versions of the popular Ultralytics YOLO11 AI model were discovered in the PyPI library, with cryptocurrency miners embedded in their code. Project founder Glenn Jocher confirmed the issue.

Developers released a fixed version 8.3.43 and are investigating the incident. According to Jocher, the compromise is likely linked to two malicious changes proposed by a user from Hong Kong.

The team is auditing the build environment and implementing additional precautions. It is not yet known if the situation affected users’ personal data.

FBI Shuts Down Rydox Darknet Marketplace and Arrests Three Admins

U.S. authorities dismantled the Rydox darknet marketplace. Two alleged administrators of the platform, Ardit and Jetmir Kutleshi, were detained in Kosovo and await extradition to the United States. The third, Shpend Sokol, will face charges in Albania.

According to case materials, since February 2016, Rydox sold over 7,600 units of personal identification data and offered more than 321,000 cybercriminal products. The marketplace had over 18,000 users, with total revenue amounting to approximately $230,000 in cryptocurrencies. The corresponding sum was seized from the defendants’ accounts.

The Kutleshi brothers face up to 37 years in prison on all charges.

Radiant Capital Reports on $50 Million Hack Investigation

The team behind the Radiant Capital lending protocol conducted an internal investigation into a recent hack that resulted in over $50 million being stolen from the BNB Chain and Arbitrum networks.

According to findings, the attack began on September 11 when one of the project’s developers received a Telegram message from a former contractor and downloaded a malicious ZIP file at their request. It contained the InletDrift backdoor.

Radiant emphasized that the attack “was so well-planned and flawlessly executed that it bypassed all implemented security measures”:

“External interfaces displayed data on harmless transactions, while malicious transactions were signed in the background. Traditional checks and modeling did not reveal obvious discrepancies, making the threat virtually invisible during standard verification stages.”

There is a high likelihood that North Korean hacker group UNC4736 is behind the hack.

Radiant is cooperating with U.S. law enforcement to recover the stolen funds.

Media Reports Excessive Personal Data Disclosure in Fog Data Science App

Location data collection company Fog Data Science, which provides services to several agencies and U.S. police, offers to track people through doctor visits. This was reported by 404 Media.

The service obtains information about individuals through mobile apps or the advertising ecosystem, but requests some details from law enforcement to search for a specific phone in the vast data array.

In addition to name, alias, and other biographical data, such a form requires specifying “known locations,” including addresses of family and friends, gyms, places of worship, as well as doctors’ or lawyers’ offices that the person being sought may visit.

Journalists point out that the privacy issue of visiting medical facilities is particularly acute, as this information could be used by U.S. authorities to target abortion clinics.

Meta Services Experience Global Outage

On December 11, users in Russia and several European countries experienced issues with Meta services — WhatsApp, Facebook, Instagram, and Threads. This is evidenced by data from Downdetector.

Complaints about WhatsApp came from various Russian regions, while Facebook issues were reported from Poland, Moldova, the U.S., the Netherlands, and Germany. Instagram outages were also noted in Belarus and Kazakhstan.

Simultaneously, the site Сбой.рф recorded unstable operation of online cinemas “Ivi” and “Kinopoisk,” the Viber messenger, and the “Dzen” platform.

Meta confirmed the technical problem and began addressing the issues. By December 12, the company had restored 99% of the systems.

Thanks for bearing with us! We’re 99% of the way there — just doing some last checks. We apologize to those who’ve been affected by the outage.

— Meta (@Meta) December 11, 2024

Hackers Target Donut Online Ordering System

American company Krispy Kreme submitted a SEC report on unauthorized access to its systems on November 29, which led to a disruption of online donut orders in several states.

The company continues to investigate with the involvement of law enforcement and external experts. The scale, nature, and consequences of the incident are still unknown.

Also on ForkLog:

• A Ledger user reported the theft of 10 BTC. The manufacturer denied the claims.
• Hackers compromised data of 58,000 bitcoin ATM customers.
• ChatGPT was down for five hours.
• A hacker stole $15.97 million from Coinbase Commerce.
• A church pastor was accused of promoting a $6 million crypto pyramid scheme.
• Malware for stealing cryptocurrencies was found in Telegram bots.
• Ukrainian banks tightened limits on outgoing transfers.
• The property of a former investigator accused of bribery in the WEX case was seized, amounting to billions of rubles.
• The Investigative Committee of Russia presented the government with a procedure for seizing cryptocurrencies.
• Coinbase called concerns about bans FUD messages.
• Hackers attacked Cardano’s X-account to promote a scam token.
• Iran will begin regulating cryptocurrencies to circumvent sanctions.
• Users from the UK were denied access to Pump.fun.
• Media: Pavel Durov was questioned for the first time in Paris regarding a case.

What to Read Over the Weekend?

Exploring whether cryptocurrency arbitrage is a scam or not.