USDT Promo Codes, OneCoin Queen’s Trail in South Africa, and Other Cybersecurity Events

We have compiled the most important cybersecurity news of the week.

Apple Releases Patch for Two Cryptocurrency Theft Vulnerabilities

Apple fixed two zero-day vulnerabilities that hackers exploited to target Intel-based Mac computers.

One vulnerability caused the JavaScriptCore engine to run malware without the user’s knowledge. The other involved a “cross-site scripting attack” via the WebKit framework, allowing malicious code to be injected into web pages or applications.

Former Binance CEO Changpeng Zhao highlighted these vulnerabilities as they could lead to cryptocurrency theft. He urged users to update to the patched OS version as soon as possible.

If you use a Macbook with Intel based chip, update asap!

Stay SAFU!https://t.co/mk2Jsicnte

— CZ ? BNB (@cz_binance) November 20, 2024

The number of successful attacks and affected users remains unknown, as Apple did not provide details of the incident.

Germany Searches for OneCoin Founder in South Africa

Ruja Ignatova, the founder of the OneCoin cryptocurrency pyramid, has been on the FBI’s top 10 most wanted list since 2022. She is believed to be alive and hiding in Cape Town. German police are currently verifying this information, reports Daily Maverick.

The possibility of Ignatova’s presence in South Africa was suggested in a documentary Die Kryptoqueen aired by the regional German broadcaster WDR.

Authorities stated that due to the lack of credible information about her death, they consider her alive. The investigation and search continue, with no further details disclosed by the police.

The US is currently offering a $5 million reward for assistance in capturing Ignatova.

Crypto Scammers Thrive on BlueSky Amid User Growth

The decentralized microblogging service BlueSky has seen a rise in cryptocurrency scams as its user base surpassed 20 million. This was noted by Bleeping Computer.

One such post featured an AI-generated image of Mark Zuckerberg and promoted a presale of fake coins “MetaChain” and “MetaCoin.” The scammers used Meta’s branded logo and font to create a phishing site.

Another type of fraudulent post offers cryptocurrency giveaways, such as “free Satoshi Bitcoin worth $900,000” or “1000 USDT with a promo code.”

The links lead to malicious websites, complemented by clips from popular TV shows and hashtags like #musk, #tesla, and #blockchain to increase engagement.

The BlueSky team promised in a comment to the publication to “maximize moderator engagement” to combat the growing number of complaints about unwanted content.

Spotify Playlists Become Source of Phishing Links

Malefactors are using playlists and podcasts on Spotify to distribute pirated software, game cheat codes, spam links, and phishing sites.

? Cybercriminals exploit Spotify for #malware distribution. ?

Why? Spotify has a strong reputation and its pages are easily indexed by search engines, making it an effective platform to promote malicious links. pic.twitter.com/MGloGZykCp

— Karol Paciorek (@karol_paciorek) November 18, 2024

Keywords are placed in the playlist’s title and description. Due to Spotify’s link indexing, these dubious online resources appear at the top of search engine results.

Podcasts consist of short episodes created with synthesized speech, promoting spam links, “torrents,” and fraudulent Telegram channels.

All malicious playlists and podcasts are uploaded to Spotify via a third-party service, allowing them to bypass the platform’s automatic blocks.

Amazon, Amazon Music, and the online service Audible are also flooded with fake listings promoting dubious “Forex trading” sites, Telegram channels, and suspicious links allegedly containing pirated software, writes Bleeping Computer.

Phobos Ransomware Operator Extradited to the US

42-year-old Russian Evgeny Ptitsyn has appeared in a US court on charges of distributing and exploiting the Phobos ransomware. This was reported by the Department of Justice.

According to the case materials, Ptitsyn, known by the aliases derxan and zimmermanx, not only managed the malware but also sold it on various hacker forums, creating a network of affiliates.

From December 2021 to April 2024, approximately $16 million in ransom payments were received in the Russian’s cryptocurrency wallets from over 1,000 victims worldwide.

The accused was extradited to the US from South Korea and placed in custody. Ptitsyn faces up to 35 years in prison on 13 charges.

The US Treasury has also charged five alleged members of the Scattered Spider cybercriminal group.

Authorities report that from September 2021 to April 2023, they stole “tens of millions of dollars” from cryptocurrency wallets using credentials obtained through phishing SMS attacks. Their victims included individuals and companies.

Each defendant faces up to 20 years in prison on multiple charges, with one facing an additional 20 years for internet fraud.

Reddit Users Report Strange Voices from iPhone Speakers

Two users independently reported on Reddit that their iPhone speakers were playing voices of strangers. One user was scrolling through their feed and suddenly heard what seemed like a conversation between warehouse workers.

“The first thing I did was check if any app was accidentally playing sound. But no. I closed all apps. It really felt like I was eavesdropping on someone’s conversation,” he wrote.

Another Redditor heard a man’s voice “as if he was talking to someone in a car on speakerphone.” According to the witness, there were no indicators of a playing video or call on the phone’s screen at the time. Then a sound “like a car crash” followed from the speaker, and everything stopped.

The user noted that the voice came from the top speaker for phone calls, not the bottom one. He attributed it to “some glitch” of a background app, but a few days later, he again heard a man’s scream, which also abruptly ended.

Apple has not commented on the situation.

Ghost Tap Attack Used NFC Payments for Theft

Researchers at Threat Fabric discovered the Ghost Tap attack, which allows cashing out funds from bank cards linked to a mobile payment system.

? New Blog: The “Ghost Tap” NFC Relay Tactic ?

Criminals misuse Google Pay & Apple Pay to relay tap-to-pay info globally within seconds—no card or phone needed.https://t.co/b0iK0Iu8tg#CyberSecurity #GhostTap #FraudPrevention pic.twitter.com/1B2JWuDRmq

— ThreatFabric (@ThreatFabric) November 20, 2024

In the first stage, attackers use malware to steal card data and intercept one-time passwords for registering a virtual wallet in Apple Pay or Google Pay.

Cybercriminals then link the stolen card to their device and use the publicly available NFCGate tool to transmit NFC traffic to a vast network of money mules for cashing out at points of sale.

This way, the main operators of the malicious activity effectively obscure their tracks.

Also on ForkLog:

• Access to Polymarket restricted in France.
• User fell victim to phishing due to ChatGPT recommendation.
• North Korean hackers blamed for 2019 Upbit hack.
• “We don’t call the poor”: Casa founder discovers who scammers target.
• ZachXBT traced part of the $6.5 million stolen from a Coinbase client.
• User transferred $129 million to a phishing address, but it was simply returned.
• Millionaire blogger lost Ledger seed phrase with $366,000 in bitcoins.
• Report: In October, HTX intercepted seven attempts to withdraw to fraudulent addresses.
• Heather Morgan, linked to the Bitfinex hack, sentenced to 1.5 years in prison.
• Polter Finance hacked for $12 million.
• Hacker returned $25.5 million stolen from DeFi project Thala for a $300,000 reward.
• Please die: Google commented on the Gemini AI model failure.

What to Read Over the Weekend?

In educational cards, we explore “white” hacking and its significance for the crypto industry.