{"id":22526,"date":"2025-03-29T07:00:00","date_gmt":"2025-03-29T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/elephant-coin-scams-a-signal-misfire-and-other-cybersecurity-news\/"},"modified":"2025-03-29T07:00:00","modified_gmt":"2025-03-29T05:00:00","slug":"elephant-coin-scams-a-signal-misfire-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/elephant-coin-scams-a-signal-misfire-and-other-cybersecurity-news\/","title":{"rendered":"Elephant-coin scams, a Signal misfire and other cybersecurity news"},"content":{"rendered":"<p>We have compiled the past week\u2019s most notable cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>A journalist was mistakenly added to a closed chat with the US president\u2019s administration.<\/li>\n<li>Ukrzaliznytsia was hit by a large-scale cyberattack.<\/li>\n<li>Experts warned about fraudulent \u201celephant coins\u201d on Telegram.<\/li>\n<li>Hackers began mining cryptocurrencies on Russians\u2019 smart devices.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>A journalist was mistakenly added to a closed Signal chat with the US president\u2019s administration<\/strong><\/h2>\n<p>The Atlantic\u2019s editor-in-chief Jeffrey Goldberg <a href=\"https:\/\/www.theatlantic.com\/politics\/archive\/2025\/03\/trump-administration-accidentally-texted-me-its-war-plans\/682151\/?gift=kPTlqn0J1iP9IBZcsdI5IVJpB2t9BYyxpzU4sooa69M\">said<\/a> he found himself included in a Signal group chat where members of the US administration discussed bombing the Houthis in Yemen.<\/p>\n<p>The exchange contained details of the forthcoming strikes, including a list of targets, weapons and the expected time of the attack. According to Goldberg, it matched the timing of the first official posts about the operation on social media.<\/p>\n<p>Participants included Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, National Security Adviser Mike Waltz, US vice-president JD Vance and others.<\/p>\n<p>Officials confirmed the chat was real, though the Pentagon later <a href=\"https:\/\/thehill.com\/policy\/defense\/5211867-hegseth-says-nobody-was-texting-war-plans-after-group-chat-breach\/\">tried to persuade<\/a> the public that war plans were not discussed in the messenger. The journalist was likely added by mistake due to a <a href=\"http:\/\/404media.co\/you-need-to-use-signals-nickname-feature\/\">similar abbreviation<\/a> in a nickname.<\/p>\n<p>Soon after authorities claimed there were no secrets in the messages, The Atlantic published the exchange in full <a href=\"https:\/\/www.theatlantic.com\/politics\/archive\/2025\/03\/signal-group-chat-attack-plans-hegseth-goldberg\/682176\/\">here<\/a>.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXfV0Gho0JmhlgPoXD3tKTBnSkFaFlLrxb1p8wj3zqp_6eLy9eVPa53NsUBjclnnghIQukhkOGEIFL2psAr83TVqNj8Ry5PwcYskoCPzEOtJmv8dcNHDQhEIeMdgsbXfx51JGucpTg?key=GFerCe3R9uM4R_4p4KLmDGdZ\" alt=\"\u041e\u0431\u043c\u0430\u043d \u043d\u0430 \u00ab\u0441\u043b\u043e\u043d\u043a\u043e\u0438\u043d\u0430\u0445\u00bb, Signal \u043d\u0435 \u0442\u043e\u043c\u0443 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption class=\"wp-element-caption\">Screenshot of part of the exchange. Data: The Atlantic.<\/figcaption><\/figure>\n<p>US President Donald Trump, in connection with the incident, said he retains confidence in all members of his national-security team.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Ukrzaliznytsia hit by a large-scale cyberattack<\/strong><\/h2>\n<p>On March 23\u201324, online services of the Ukrainian railway operator Ukrzaliznytsia <a href=\"https:\/\/t.me\/UkrzalInfo\/6671\">came under<\/a> a large-scale cyberattack. It disrupted the mobile ticketing app but did not affect train schedules.<\/p>\n<p>The company is investigating the incident but has not yet disclosed technical details.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe attack was systematic, complex and multi-layered,\u201d the press service said, adding that before the full restoration of affected systems from backups, specialists will check them for potential vulnerabilities.<\/p>\n<\/blockquote>\n<p>Ukrainian state cyber agencies involved in the investigation have not commented publicly or attributed the attack to any specific hacker group.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Alleged creators of the Mamont malware detained in Russia<\/strong><\/h2>\n<p>Police in Saratov Region detained three people suspected of developing <a href=\"https:\/\/forklog.com\/en\/news\/ulbricht-as-bait-a-new-ddos-record-and-other-cybersecurity-news\">the Mamont malware<\/a> and distributing it via Telegram channels, the press service <a href=\"https:\/\/t.me\/IrinaVolk_MVD\/3860\">said<\/a>.<\/p>\n<figure class=\"wp-block-video\"><video controls src=\"https:\/\/forklog.com\/wp-content\/uploads\/2025-03-28-17.05.07.mp4\"><\/video><figcaption class=\"wp-element-caption\">Data: Russian Ministry of Internal Affairs.<\/figcaption><\/figure>\n<p>The virus allowed attackers, via SMS banking, to transfer money from victims\u2019 cards. In total, law enforcement registered more than 300 incidents involving the malware.<\/p>\n<p>Officers seized a command server, computer equipment, storage media, communications devices and bank cards.<\/p>\n<p>Criminal cases have been opened for fraud and unlawful access to computer information. The suspects have been placed under travel restrictions.<\/p>\n<p>The investigation continues.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hackers began mining cryptocurrencies on Russians\u2019 smart devices<\/strong><\/h2>\n<p>Attackers are breaking into smart-home systems to turn them into a botnet for <span data-descr=\"distributed denial of service\" class=\"old_tooltip\">DDoS<\/span> attacks or cryptocurrency mining, <a href=\"https:\/\/tass.ru\/obschestvo\/23480815\">TASS<\/a> reports, citing materials from the Russian Interior Ministry.<\/p>\n<p>Another goal may be surveillance via CCTV cameras and preparing for burglary. Hackers can determine whether the owner is at home using smart toothbrushes and temperature sensors.<\/p>\n<p>Law enforcement urged consumers to choose central smart-home systems from market leaders and to keep software updated.<\/p>\n<h2 class=\"wp-block-heading\"><strong>More than 300 suspected cybercriminals arrested in African countries<\/strong><\/h2>\n<p>Law-enforcement agencies in seven African countries, with assistance from Interpol and analysts from Group-IB, Kaspersky and Trend Micro, carried out a series of arrests of alleged members of a transnational criminal network, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/police-arrests-300-suspects-linked-to-african-cybercrime-rings\/\">Bleeping Computer<\/a> reports.<\/p>\n<p>In total, from November 2024 to February 2025, authorities seized 1,842 devices allegedly used for scams involving mobile banking, investment and messaging apps, which left more than 5,000 victims.<\/p>\n<p>In Benin, C\u00f4te d\u2019Ivoire, Nigeria, Rwanda, South Africa, Togo and Zambia, 306 suspects were arrested.<\/p>\n<p>Some of the proceeds were converted into cryptocurrencies. Investigators are also checking links to human trafficking.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Fake DeepSeek site spotted in Google ads<\/strong><\/h2>\n<p>Researchers at Malwarebytes <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2025\/03\/deepseek-users-targeted-with-fake-sponsored-google-ads-that-deliver-malware\">noticed<\/a> a phishing site for DeepSeek in sponsored Google search ads. The fake landing page, though different from the real one, looks convincing enough.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcMKkyM3H3KGGSZL4DXBkg2aqFR6tor8VRUi6EHnRKx1lHx0mwnu-6U8qpsYv2RfZyNmQFHE0bRg4U1OiSJ6kk2Dd8EgAqUhb6enmoZRA_iDJOgnkycVZYxi-69CEknDsdcO_Wt?key=GFerCe3R9uM4R_4p4KLmDGdZ\" alt=\"\u041e\u0431\u043c\u0430\u043d \u043d\u0430 \u00ab\u0441\u043b\u043e\u043d\u043a\u043e\u0438\u043d\u0430\u0445\u00bb, Signal \u043d\u0435 \u0442\u043e\u043c\u0443 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption class=\"wp-element-caption\">Fake ad. Data: Malwarebytes.<\/figcaption><\/figure>\n<p>Clicking the download button installs a trojan on the user\u2019s device.<\/p>\n<p>Since Google cannot remove fake ads from sponsored search results, experts advise never clicking on top advertising links or installing an AdBlock extension. In addition, you can verify a site\u2019s authenticity by checking the URL and the advertiser\u2019s name.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Experts warned about fraudulent \u201celephant coins\u201d on Telegram<\/strong><\/h2>\n<p>Analysts at F6 <a href=\"https:\/\/t.me\/f6_cybersecurity\/3586\">reported<\/a> two fraudulent Telegram bots that constitute an investment scam and use images of Russian and foreign celebrities for promotion.<\/p>\n<p>One is the economic game MeowCraft, whose \u201cambassador\u201d, the scammers claim, is actor Yuri Borisov. Users are lured with \u201ca promo code for 5,000 rubles.\u201d In reality, the bot demands a top-up in TRX and does not allow withdrawals.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXd3-lM6lhnxlf9XVUj5keosQWofG47xHJAJqVXEVVjM2UlQQDVo8HifbgkAOHxzcQJwV2RXhrQl0C9ifn1UQZ5rSb2VV6_WaoLCzvZziM68iFGGE1bzlneqtghL9aSz11FUdyzm6A?key=GFerCe3R9uM4R_4p4KLmDGdZ\" alt=\"\u041e\u0431\u043c\u0430\u043d \u043d\u0430 \u00ab\u0441\u043b\u043e\u043d\u043a\u043e\u0438\u043d\u0430\u0445\u00bb, Signal \u043d\u0435 \u0442\u043e\u043c\u0443 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption class=\"wp-element-caption\">Data: F6.<\/figcaption><\/figure>\n<p>Another scam project is the clicker \u201cOur Elephant\u201d. It has a menu to convert earned \u201celephant coins\u201d into rubles. However, the game also requires a prior top-up in TON and steals all transferred funds.<\/p>\n<p>The tapper is promoted using the likenesses of Keanu Reeves, Olga Buzova, Bianka and others.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcklEhz6y_4ii8DGplGqe3HP_1mZvgiNtHriFYB-AH3Sq4h8V_8Jy-NdPWW2cxbEgNQNNldVwST1SGWM5QbEyzoPQfvHeNMmdIyxEhLhXhamQ8PKb-WxRX66HLksSOby5NRoYjIsg?key=GFerCe3R9uM4R_4p4KLmDGdZ\" alt=\"\u041e\u0431\u043c\u0430\u043d \u043d\u0430 \u00ab\u0441\u043b\u043e\u043d\u043a\u043e\u0438\u043d\u0430\u0445\u00bb, Signal \u043d\u0435 \u0442\u043e\u043c\u0443 \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption class=\"wp-element-caption\">Data: F6.<\/figcaption><\/figure>\n<p>The look-and-feel and distribution methods of the two bots are similar, so analysts believe a single organiser is behind them.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Nigeria linked Binance <a href=\"https:\/\/forklog.com\/en\/news\/nigeria-accuses-binance-of-links-to-terrorism-and-kidnapping\">to terrorism and kidnappings<\/a>.<\/li>\n<li>The <a href=\"https:\/\/forklog.com\/en\/news\/personal-data-of-binance-and-gemini-users-compromised\">\u2018leaked\u2019 personal data<\/a> of Binance and Gemini users appeared online.<\/li>\n<li>The US <a href=\"https:\/\/forklog.com\/en\/news\/us-seizes-cryptocurrency-intended-for-hamas-worth-200000\">seized<\/a> cryptocurrencies worth about $200,000 intended for Hamas.<\/li>\n<li>Grinex launched in Russia and the CIS, <a href=\"https:\/\/forklog.com\/en\/news\/grinex-launches-in-russia-and-cis-acquires-garantex-clients\">poaching some of Garantex\u2019s clients<\/a>.<\/li>\n<li>A whale who manipulated on Hyperliquid <a href=\"https:\/\/forklog.com\/en\/news\/hyperliquid-whales-manipulation-ends-in-losses-exact-figures-unknown\">ended up in the red<\/a> \u2014 exact losses are unknown.<\/li>\n<li>Immunefi reported the <a href=\"https:\/\/forklog.com\/en\/news\/immunefi-reports-worst-quarter-for-cryptocurrency-industry\">worst quarter<\/a> for the crypto industry.<\/li>\n<li>A data leak showed the <a href=\"https:\/\/forklog.com\/en\/news\/data-leak-reveals-extent-of-censorship-in-china\">scale of censorship<\/a> in China.<\/li>\n<li>Bybit <a href=\"https:\/\/forklog.com\/en\/news\/bybit-denies-deposit-restrictions-from-trust-wallet\">denied restrictions<\/a> on deposits from Trust Wallet.<\/li>\n<li>Media: a whale <a href=\"https:\/\/forklog.com\/en\/news\/whale-manipulates-polymarket-prediction-markets\">manipulated<\/a> Polymarket markets.<\/li>\n<li>The Abracadabra Finance exploiter <a href=\"https:\/\/forklog.com\/en\/news\/abracadabra-finance-protocol-suffers-13-million-hack\">stole $13 million<\/a>.<\/li>\n<li>A Moldovan priest <a href=\"https:\/\/forklog.com\/en\/news\/moldovan-priest-loses-32000-in-cryptocurrency-scam\">lost $32,000<\/a> to a crypto scam.<\/li>\n<li>Binance took <a href=\"https:\/\/forklog.com\/en\/news\/binance-acts-against-market-maker-for-move-token-manipulation\">action against a market maker<\/a> for manipulating MOVE.<\/li>\n<li>A Zhytomyr resident was suspected of <a href=\"https:\/\/forklog.com\/en\/news\/zhytomyr-resident-accused-of-cryptocurrency-fraud-amounting-to-3-7-million-hryvnias\">crypto fraud<\/a> worth 3.7 million hryvnias.<\/li>\n<li>US authorities will <a href=\"https:\/\/forklog.com\/en\/news\/us-authorities-to-return-7-million-to-victims-of-fake-crypto-sites\">return $7 million to victims<\/a> of fake crypto sites.<\/li>\n<li>Tornado Cash was <a href=\"https:\/\/forklog.com\/en\/news\/tornado-cash-removed-from-ofac-sanctions-list\">removed<\/a> from OFAC\u2019s sanctions lists.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>Together with the Mixer.Money team, we examine how the Bybit incident may dent the reputation of Bitcoin mixers and which steps can minimise the risks of potential blocks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the past week\u2019s most notable cybersecurity news. A journalist was mistakenly added to a closed chat with the US president\u2019s administration. Ukrzaliznytsia was hit by a large-scale cyberattack. Experts warned about fraudulent \u201celephant coins\u201d on Telegram. Hackers began mining cryptocurrencies on Russians\u2019 smart devices. A journalist was mistakenly added to a closed [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":22525,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-22526","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"56","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/22526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=22526"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/22526\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/22525"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=22526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=22526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=22526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}