We’ve gathered the week’s most important cybersecurity news.
- Experts describe Clipminer malware, used by attackers to perform covert mining and steal cryptocurrencies.
- Roskomnadzor continued attempts to block VPN services.
- Europol announced the dismantling of “one of the fastest-spreading mobile threats.”
\n
\n\n\n\n
Experts uncover malware targeting covert mining and cryptocurrency theft
\n\n\n\n
The Symantec Threat Hunter team identified a hacker group distributing Clipminer malware. It potentially earned operators no less than $1.7 million from covert mining and cryptocurrency theft.
\n\n\n\n
Clipminer spreads via infected files of cracked or pirated software. The malware may use resources of compromised computers for mining, and also change clipboard contents, redirecting victims’ cryptocurrency transactions.
\n\n\n\n
“With every clipboard update it scans the clipboard for wallet addresses, recognizing formats used by at least a dozen different cryptocurrencies. They are then replaced with wallet addresses controlled by the attackers,” the researchers noted.
\n\n\n\n
Europol dismantled the FluBot botnet
\n\n\n\n
Europol said it dismantled “one of the fastest-spreading mobile threats” — FluBot, aimed at Android users.
\n\n\n\n
🚨 Takedown of SMS-based FluBot spyware 🚨
🔹 International law enforcement operation involving 11 countries 🌍🚔
🔹 Fastest-spreading mobile malware to date ⏩📱
🔹 The Android malware has now been rendered inactive ✋🛑More ➡️ https://t.co/YcMC5XRS6o pic.twitter.com/ksPuSHk6aW
— Europol (@Europol) June 1, 2022
FluBot spread via SMS, after which it stole passwords, online banking data and other confidential information from infected smartphones worldwide.
\n\n\n\n
Using FluBot, attackers gained access to victims’ devices and used it to steal credentials for banking apps or accounts belonging to cryptocurrency owners.
\n\n\n\n
Clop ransomware resumes activity
\n\n\n\n
After a long pause, the Clop ransomware is back in operation. This is reported by Bleeping Computer citing NCC Group experts.
\n\n\n\n
In April Clop ranked fourth in activity among all ransomware, striking 21 companies. Almost half of incidents affected industrial organisations, 27% — technology companies.
\n\n\n\n
Earlier, Ukraine’s cyberpolice reported that they identified the Clop hackers and blocked channels used to launder cryptocurrency proceeds.
\n\n\n\n
However, ForkLog sources say the raids targeted OTC traders through which the ransomware operators moved bitcoins, not the hackers themselves.
\n\n\n\n
Binance confirmed its involvement in the law enforcement operation to identify individuals who laundered the hackers’ funds.
\n\n\n\n
Roskomnadzor continues the VPN war
\n\n\n\n
This week Russian users reported problems with access to Proton VPN and NordVPN services.
\n\n\n\n
Proton VPN team representatives suggested authorities in Russia had begun blocking the service. Later Roskomnadzor said it’s working to block VPN services, calling them a threat.
\n\n\n\n
According to experts, Proton VPN blocking uses equipment ТСПУ, installed under the so-called law on the sovereign Runet.
\n\n\n\n\n\n
Meanwhile, Roskomnadzor head Andrey Lipov was placed under EU sanctions.
\n\n\n\n
Hackers begin stealing data via SMS about Telegram data export
\n\n\n\n
Hackers began sending SMS warnings of a purported Telegram data export. To counter this, victims are urged to follow a phishing link.
\n\n\n\n
Also on ForkLog:
\n\n\n\n
- Belarusian government sites went offline due to Anonymous hackers.
- A court seized the cryptocurrency wallet believed to belong to Hydra’s administrator, but cannot access it.
- The hacker withdrawn $90 million from the Mirror Protocol. This was discovered seven months later.
- Zcash developers activated Network Upgrade 5.
\n\n\n\n
What to read this weekend?
\n\n\n\n
Russia continues to restrict free access to the Internet and information. We examine the most popular VPN services and tips for circumventing internet censorship.
\n\n\n\n
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analysis.
\n