We’ve compiled the week’s most important cybersecurity news.
- Researchers at Proofpoint explained how threat actors are targeting cryptocurrency holders via phishing.
- A new Emotet module began stealing Chrome users’ card data.
- IBM announced a complete exit from Russia.
Report: Phishers Actively Target Cryptocurrency Owners
As cryptocurrencies and NFTs grow in popularity, scammers increasingly target this sector, заявили Proofpoint researchers.
Researchers observed that in 2022 attackers regularly attempted to access crypto wallets via emails containing infected files or links.
They often sent messages from purported cryptocurrency platforms (for example, Binance or OpenSea) urging victims to enter seed phrases on fake pages.
Emotet, ‘Liquidated’ by authorities, Is Active Again. New module targets Chrome users
Researchers found that the new Emotet botnet module targets stealing bank card data via the Chrome browser.
Earlier last year, authorities announced the dismantling of Emotet in an international operation, calling it the world’s most dangerous malware. Later reports indicated that the botnet self-destructed on all infected devices.
IBM Announces Full Cessation of Operations in Russia
IBM объявил a full cessation of operations in Russia.
In March, the company said it paused operations in Russia due to the invasion of Ukraine. Now IBM says it is pursuing a ‘phased winding down’ of its business in the country.
Threat Actors Start Selling a Decryptor Through the Roblox Gaming Platform
Researchers uncovered the WannaFriendMe decryptor. It does not demand a cryptocurrency ransom, but offers a decryption program for sale on the Roblox platform via the Roblox Game Pass store.
«WannaFriendMe.exe» Chaos skidware: 08d528f7f0c829513b1e1690dcf8de371c0b6892795e92e706de2edbbb4aceae
https://www.roblox[.]com/game-pass/49955147/Ryuk-Decrypter
😂 pic.twitter.com/VHf4CDJBc5— MalwareHunterTeam (@malwrhunterteam) June 9, 2022
Operators of WannaFriendMe present it as Ryuk ransomware, but researchers note that it is in fact one of the Chaos variants. As Bleeping Computer reports, Chaos-type ransomware not only encrypts data but often destroys it.
In the vast majority of cases, ransomware operators demand payment in cryptocurrencies. ForkLog has looked into what this means for the industry.
Russia Proposes Detailing Internet Calls and User Geolocation
The Ministry of Digital Development of Russia proposed changing the requirements for operational-search systems (SORM) mandated on communications networks under the ‘Yarovaya’ Law.
Russian authorities want internet calls traffic, user geolocation, and browser history to be separately identified and stored via SORM.
Also on ForkLog:
- Hackers hacked Discord servers of the Bored Ape Yacht Club project.
- The STEPN app was subjected to massive DDoS attack.
- Law enforcement disrupted a marketplace selling personal data of 24 million people for cryptocurrency.
- Unknown stole 20 million OP tokens due to an error by market maker Wintermute, and later returned most of them.
- Hackers breached the site of Russia’s Ministry of Construction and demanded a ransom of 0.5 BTC.
- Telegram denied a leak of more than 137 GB of messages from crypto chats.
- Head of Russia’s Ministry of Digital Development spoke about the plan for disconnecting the country from the European internet network.
- The Osmosis blockchain paused operations due to a critical vulnerability.
What to read this weekend?
One of the most popular and simplest ways to bypass online restrictions and censorship is VPN services. In several cards we explain what a VPN is and how to choose the right one.
Read ForkLog’s bitcoin news in our Telegram — crypto news, prices and analysis.