Ukraine’s Conditions for Blocking Telegram, Malware for Blockchain Engineers, and Other Cybersecurity News

We round up the week’s most important cybersecurity news.

New Lazarus malware targets Bitcoin exchange developers

Elastic Security Labs researchers have identified the macOS malware KandyKorn, aimed at blockchain developers. It has been linked to the North Korean hacking group Lazarus.

See more

The DPRK was so excited about Halloween, they got a head start on passing out candy. Check out REF7001, AKA KANDYKORN – a malware distributed in cryptocurrency servers on Discord: https://t.co/ZJ1r92Yhvf#malware #threatdiscovery #cryptocurrency #discord #ElasticSecurityLabs

— Elastic Security Labs (@elasticseclabs) October 31, 2023

Initially the malware spread via Discord communities inside a ZIP archive named Cross-platform Bridges.zip. It allegedly contained an arbitrage cross-platform bot for cryptocurrency trading.

In reality, the file imported 13 malicious modules capable of stealing and manipulating data. The full KandyKorn unpacking consists of five stages.

Experts warned that the threat remains active and provided tools for identifying malicious activity on a computer.

Ukraine outlines conditions for blocking Telegram

The National Security and Defence Council of Ukraine is prepared to block the Telegram messenger immediately if requested by competent authorities. This was stated by NSDC secretary Oleksiy Danilov in an interview with the local outlet LIGA.net.

According to him, Telegram is “dangerous and vulnerable,” especially from a national security perspective, since “if necessary through it one can access a user’s phone.”

“If we receive documents from the relevant authorities empowered to act, trust me, we won’t hesitate to block Telegram,” Danilov said.

The NSDC secretary also noted that he personally has never used Telegram because of its anonymity:

“I’m not against the existence of messengers, but I would like for each nickname to be attached to a clearly identifiable person.”

Boeing confirms cyberattack on its systems

The aerospace giant Boeing has told Bleeping Computer of a cyberattack on its parts manufacturing and distribution business. This occurred shortly after the ransomware group LockBit claimed a breach of the company’s systems.

According to the hackers, they gained “a large amount of confidential data” and threatened to publish it if a ransom is not paid.

Although Boeing has not confirmed a link between LockBit’s claims and the incident, the leak page on the hackers’ site has since been removed.

The company stressed that flight safety was not affected, and the investigation is ongoing.

At the time of writing, Boeing’s service site was unavailable, reporting “technical issues.”

Separately, on October 30, the unnamed ransomware attack was also reported to the American Airlines pilots’ union APA, which comprises 15,000 pilots. APA.

See more

The American Airlines pilots’ union has been hit by #ransomware. #APA pic.twitter.com/yW21d0fpmB

— Brett Callow (@BrettCallow) November 3, 2023

The organisation is working on restoring systems from backups. It is not yet known whether pilots’ personal data was compromised or the exact number of affected individuals.

DumpForums hackers claim breach of Mir payment system

On October 30, a cyberattack targeted the NSPK site—the operator of the Mir payment system. Responsibility for the incident was claimed by the hacker group DumpForums.

“We dumped a lot of interesting information from the Mir payment system servers, had a great time in their internal network and now we’re ready to announce the breach of the world’s largest payment operator,” they wrote in their Telegram channel.

Hackers also left a “message to administrators” on the site’s homepage.

NSPK denies data leakage. In a comment to Kommersant, the company’s press service said the site “contains no confidential data, and has nothing to do with the payment infrastructure.”

“All card payments and transactions via the SBP are processed normally,” added NSPK.

Two Siberian residents charged with aiding Ukrainian hackers

FSB officers in Tomsk and the Kemerovo region detained two men who allegedly aided Ukrainian hackers in cyberattacks on Russia’s critical infrastructure, according to Kommersant.

One defendant is a student at Tomsk State University of Control Systems and Radioelectronics; the other, according to investigators, a member of Ukrainian cyber troops.

Each has been charged with treason. The maximum penalty under the article is up to 20 years in prison.

Spyware module for WhatsApp found in Telegram channels

Experts from Kaspersky Lab have discovered a modified WhatsApp infected with a spy Trojan for Android devices. The malware spreads via Telegram channels in Arabic and Azerbaijani.

See more

Our experts have uncovered a sneaky #WhatsApp spy mod that circulates via #Telegram, boosting user experience while secretly extracting personal info.

It currently affects around 340k users this month alone, with a focus on Arabic speakers.

Full report⇒ https://t.co/a8NPXx6S2c pic.twitter.com/0TPreZoQRU

— Kaspersky (@kaspersky) November 3, 2023

The CanesSpy Trojan can steal confidential information from the smartphone, including contact lists and documents, and can initiate audio recording from the device’s microphone. The spy module activates on power-on or during charging.

From October 5 to 31, Kaspersky Lab’s solutions prevented more than 340,000 attacks using it in dozens of countries. The primary infection cases were recorded in Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt. Russian users have also faced this threat.

Experts notified Telegram about the presence of malware in the detected channels.

Also on ForkLog:

• US authorities demanded confiscate from drug traffickers $54 million in cryptocurrencies.
• Jury found Sam Bankman-Fried guilty.
• Founders of SafeMoon charged in a “multimillion-dollar” scam.
• The CFTC has paid $15 million to whistleblowers in the crypto industry since the start of the year.
• Hackers moved $2.1 million from Onyx Protocol.
• Founder of the Pearl cryptocurrency sentenced in the United States to four years in prison.
• Damage from hacks and scams in October fell to $51 million.
• In Taiwan, a scheme to launder 320 million USDT was uncovered.
• WalletConnect restricted access to users in Russia.
• MetaMask developers added security notifications to the wallet extension.
• Russians began buying Wirex accounts in the dark web for crypto operations in the EU.
• Russian banks began testing tracking of Bitcoin transactions.
• Report: since the launch of ChatGPT, the number of phishing attacks has risen by 1265%.
• In the US, new AI safety standards were published.
• An unknown hacked Telegram bot Unibot.
• Bitrace named popular methods of stealing bitcoins.
• LastPass breach victims lost $4.4 million in a day.

What to read this weekend?

An interview with the author of “The End of the Individual” on preserving freedom in a world of total AI domination.