- \n
- Fake on-chain sleuths steal remaining funds from victims of crypto theft.<\/li>\n
- The media fell for an AI \u201cjournalist\u201d.<\/li>\n
- Meta is suspected of accessing photo galleries without user consent.<\/li>\n
- Researchers hid a trojan in an AI image.<\/li>\n<\/ul>\n<\/div>\n
Fake on-chain sleuths are stealing what remains from crypto-hack victims<\/h2>\n
In August the FBI warned<\/a> of fraudsters posing as bogus crypto law firms. Under the guise of sham asset-recovery services, the scammers stole money and personal data from clients.<\/p>\n
According to the statement, the primary targets are victims of crypto hacks trying to reclaim stolen funds.<\/p>\n
Law enforcement said the fraudsters used a wide array of manipulative tactics, playing on victims\u2019 desperation and creating a false sense of security by impersonating government representatives or claiming cooperation with them. The reputations of people and organisations whose names were misused were also harmed.<\/p>\n
When choosing help to recover cryptocurrency, the FBI advised watching for:<\/p>\n
- \n
- references to fictitious government or regulatory bodies, such as the nonexistent International Financial Trading Commission (INTFTC);<\/li>\n
- requests for payment in cryptocurrency or gift cards;<\/li>\n
- knowledge of exact amounts and dates of previous bank transfers;<\/li>\n
- claims that the victim is supposedly on a list of people scammed and can get their money back through \u201clegitimate channels\u201d;<\/li>\n
- referrals to a \u201ccryptocurrency recovery law firm\u201d;<\/li>\n
- assertions that funds are in a foreign bank and demands to open an account there. The domain or site may look legitimate but in fact be a fake platform to extend the scam;<\/li>\n
- invitations to a group chat in a messenger app allegedly \u201cfor client secrecy and safety\u201d with \u201cforeign bank operators and lawyers\u201d. They may demand fees to verify identity and ownership;<\/li>\n
- refusal or inability to provide identification or a licence, refusal to turn on a camera or hold a video meeting;<\/li>\n
- demands to send payment to a third party supposedly for secrecy and safety.<\/li>\n<\/ul>\n
An AI \u201cjournalist\u201d duped the media<\/h2>\n
Press Gazette<\/a> noted that at least six outlets, including Wired and Business Insider, have in recent months removed articles from their sites. The reason, it reported, was that pieces published under the name Margot Blanchard were generated by AI.<\/p>\n
In May Wired ran a story titled \u201cThey fell in love playing Minecraft. Then the game became their wedding venue.\u201d It mentioned Jessica Hu, a 34-year-old clergywoman from Chicago known as a \u201cdigital officiant\u201d on Twitch and Discord. The outlet could not verify her existence and, weeks later, removed the piece for failing to meet editorial standards.<\/p>\n
![\"AI_journalist\"](\"https:\/\/forklog.com\/wp-content\/uploads\/AI_journalist-1024x401.png\")
A removed piece by a certain Margot Blanchard at Wired. Source: Wayback Machine<\/a>.<\/figcaption><\/figure>\n According to Press Gazette, in April Business Insider published two Blanchard essays. Last week the outlet deleted them.<\/p>\n
![\"Press_Gazette\"](\"https:\/\/forklog.com\/wp-content\/uploads\/Press_Gazette.webp\")
Reports on the removal of Business Insider and Wired pieces. Source: Press Gazette<\/a>.\u00a0<\/figcaption><\/figure>\n On 21 August Wired\u2019s leadership acknowledged the error<\/a>:<\/p>\n
\n
\u201cIf any publication should recognize AI grifters, it\u2019s Wired. And in fact we usually do\u2026 Unfortunately, one slipped through.\u201d<\/em><\/p>\n<\/blockquote>\n
The outlet explained that on 7 April an editor received a pitch from one Margot Blanchard about \u201cthe growing popularity of hyper-niche internet weddings\u201d. The email bore \u201call the hallmarks of a great Wired story\u201d. After a standard exchange about scope and fee, the editor commissioned the piece, which ran on 7 May.<\/p>\n
Wired said that within days the newsroom realised the author could not provide sufficient information about herself. The journalist insisted on payment via PayPal or cheque.<\/p>\n
Further investigation showed the story was fabricated.<\/p>\n
\n
\u201cWe made mistakes: the story did not undergo proper fact-checking and was not edited by a senior editor[…] We acted quickly when we discovered the deception and took steps to prevent a recurrence. In the new era every newsroom must be prepared for this.\u201d<\/em><\/p>\n<\/blockquote>\n
Press Gazette said the first to flag irregularities was Dispatch editor Jacob Furedi. He reported receiving a pitch from Blanchard about \u201cGravemont, a closed mining town in rural Colorado that had been repurposed into one of the most secretive death-investigation training centres.\u201d He asked the supposed freelancer to show records requests; she ignored the request.<\/p>\n
Meta is suspected of accessing galleries without user consent<\/h2>\n
Meta analyses and stores photos from devices. According to ZDNET<\/a>, some Facebook users found two enabled options in Meta app settings that give the company access to the gallery. The feature is intended to use AI to offer \u201cpersonalised creative ideas\u201d such as travel montages and collages.<\/p>\n
![\"ZDNET_Meta_spy\"](\"https:\/\/forklog.com\/wp-content\/uploads\/ZDNET_Meta_spy-1024x621.png\")
Settings that help avoid tracking. Source: ZDNET.<\/figcaption><\/figure>\n Media reported that the options for AI features called \u201csuggestions to use photos from the gallery\u201d are enabled for users who say they did not consent.<\/p>\n
If a user taps \u201callow\u201d, they agree to Meta\u2019s AI terms and to analysis of \u201cmedia and facial features\u201d. Facebook then uses images from the gallery (including creation dates and the presence of people or objects) to suggest collages, themed albums, recap posts or AI-modified versions of images.<\/p>\n
Researchers hid a trojan in an AI image<\/h2>\n
Researchers at Trail of Bits developed<\/a> a new attack to steal user data. The method embeds malicious commands in images that are processed by AI systems before being passed to a large language model.<\/p>\n
The idea is to use full-size images with \u201cinvisible\u201d instructions that emerge when quality is reduced by resizing algorithms. When uploaded to AI systems, such images are automatically downscaled to improve performance and save resources.<\/p>\n
Depending on the system, image-resizing algorithms may lighten the image using nearest-neighbour, bilinear or bicubic interpolation.<\/p>\n
![\"Trail_of_Bits_AI_paint_ghost\"](\"https:\/\/forklog.com\/wp-content\/uploads\/Trail_of_Bits_AI_paint_ghost-1024x477.png\")
Bicubic interpolation hides the AI trojan. Source: Trail of Bits.<\/figcaption><\/figure>\n In Trail of Bits\u2019 example, when downscaled bicubically the dark areas of the malicious image turn red and hidden text appears in black.<\/p>\n
From the user\u2019s perspective nothing unusual happens, but in fact the model executes hidden instructions that can lead to data leakage or other risky actions.<\/p>\n
The researchers confirmed their method applies to:<\/p>\n
- \n
- Google Gemini CLI;<\/li>\n
- Vertex AI Studio (with Gemini backend);<\/li>\n
- the Gemini web interface;<\/li>\n
- the Gemini API via llm CLI;<\/li>\n
- Google Assistant on an Android phone;<\/li>\n
- Genspark.<\/li>\n<\/ul>\n
Google will ban software from unverified developers<\/h2>\n
On 25 August Google announced<\/a> it will soon stop allowing software from unverified developers in Google Play. A new Android protection system will block the installation of malicious apps when downloading from third-party sources.<\/p>\n
\n
\u201cWhile the threat is more associated with third-party sources, the developer verification requirement now applies to apps from Google Play as well as apps in third-party stores,\u201d<\/em> the team added.<\/p>\n<\/blockquote>\n
Early access to verification opens in October, and in March 2026 the system will become available to all Android developers. In September the mandatory identity verification requirement will take effect for Brazil, Indonesia, Singapore and Thailand, and in 2027 worldwide.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- ZachXBT called<\/a> Ripple, Cardano and Hedera \u201cinsiders\u2019 enrichment schemes\u201d.<\/li>\n
- US banks outpaced<\/a> the crypto industry by the volume of laundered funds.<\/li>\n
- The number of traders on Solana fell<\/a> by 80% amid a rise in rug pulls.<\/li>\n
- Scammers used<\/a> Claude for vibe hacking.<\/li>\n
- 112 crypto companies urged<\/a> the US Senate to protect developers.<\/li>\n
- A fake trader from Odesa stole<\/a> $1m from acquaintances.<\/li>\n
- CertiK\u2019s founder called<\/a> the war with hackers \u201cendless\u201d.<\/li>\n
- In Ufa, authorities shut down<\/a> an illegal crypto cash-out scheme worth 3bn rubles.<\/li>\n
- Pavel Durov called<\/a> his arrest in France \u201ca legal absurdity\u201d.<\/li>\n
- A South Korean was charged<\/a> with laundering $50m by converting bitcoin into gold.<\/li>\n<\/ul>\n
What to read this weekend?<\/h2>\n
Why trading platforms block accounts, how a \u201cclean\u201d transaction can still lead to frozen funds, and how deeply AML<\/span> systems trace transfer chains? In a guest piece for ForkLog, Fedor Ivanov\u2014director of analytics at the company \u201cShard\u201d\u2014explains.<\/p>\n","protected":false},"excerpt":{"rendered":"
We have collected the most important cybersecurity news of the week.<\/p>\n","protected":false},"author":1,"featured_media":39349,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"The week\u2019s key cybersecurity stories.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-39348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"238","promo_type":"1","layout_type":"1","short_excerpt":"The week\u2019s key cybersecurity stories.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/39348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=39348"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/39348\/revisions"}],"predecessor-version":[{"id":39350,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/39348\/revisions\/39350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/39349"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=39348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=39348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=39348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- US banks outpaced<\/a> the crypto industry by the volume of laundered funds.<\/li>\n
- ZachXBT called<\/a> Ripple, Cardano and Hedera \u201cinsiders\u2019 enrichment schemes\u201d.<\/li>\n