{"id":75375,"date":"2023-03-11T06:00:00","date_gmt":"2023-03-11T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=75375"},"modified":"2025-09-10T11:15:31","modified_gmt":"2025-09-10T08:15:31","slug":"sber-data-leak-arrest-of-doppelpaymer-bitcoin-extortionists-and-other-cybersecurity-events","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/sber-data-leak-arrest-of-doppelpaymer-bitcoin-extortionists-and-other-cybersecurity-events\/","title":{"rendered":"Sber Data Leak, Arrest of DoppelPaymer Bitcoin Extortionists, and Other Cybersecurity Events"},"content":{"rendered":"<p>We have gathered the week\u2019s most important cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\" id=\"block-277b78ad-a63c-408e-b38c-aa48f6dcaad5\">\n<li>Data of users of the bonus program \u00ab\u0421\u0431\u0435\u0440\u0421\u043f\u0430\u0441\u0438\u0431\u043e\u00bb exposed.<\/li>\n<li>More than 160 GB of Acer documents listed for sale on a hacker forum.<\/li>\n<li>DoppelPaymer extortionists arrested in Ukraine and Germany.<\/li>\n<li>Android malware targeted 13 Bitcoin wallets and 400 banks.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>SberSpasibo Bonus Program User Data Exposed<\/strong><\/h2>\n<p>The hacker group NLB <a href=\"https:\/\/ko.ru\/news\/v-set-slili-dannye-polzovateley-sberspasibo\/\">\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442<\/a>, \u0447\u0442\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043b\u0430 \u0441\u0435\u0440\u0432\u0438\u0441 \u0431\u043e\u043d\u0443\u0441\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u00ab\u0421\u0431\u0435\u0440\u0421\u043f\u0430\u0441\u0438\u0431\u043e\u00bb.<\/p>\n<p>Two large dumps containing the bank\u2019s customers\u2019 personal data were published publicly.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/rnGRP_Sx1WioBpCrQWFZb2Lp9MM60KEnoTlNI-9rqt3RozBHVylnYPi8oTAE2XdHBw5hHFDOpYuPKTvNx8b_vJ7FjtOyp5EGL5Ikn5J98evxhsrwdfHVH89PwWVX71ljPHjah2GpPEWEsL21dgmHuPY\" alt=\"\u0421\u043b\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 \u0421\u0431\u0435\u0440\u0430, \u0430\u0440\u0435\u0441\u0442 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 DoppelPaymer \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: Telegram-\u043a\u0430\u043d\u0430\u043b <a href=\"https:\/\/t.me\/dataleak\/2917\">\u00ab\u0423\u0442\u0435\u0447\u043a\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438\u00bb<\/a>.<\/figcaption><\/figure>\n<p>One of them contains 6.3 million rows with telephone numbers, email addresses, dates of birth and registration, hashed card numbers and other internal data for the period from 1 April 2017 to 7 February 2022.<\/p>\n<p>The second file consists of 48.3 million rows with email addresses and phone numbers.<\/p>\n<p>Although card numbers are stored as hashes, due to the use of the outdated SHA1 hashing method, experts believe the hackers could recover their real values by brute-forcing all digits.<\/p>\n<p>Earlier, the NLB group had already claimed a breach of Sber\u2019s internal IT systems. Then a database with contacts of customers and employees of <a href=\"https:\/\/t.me\/dataleak\/2908\">\u00ab\u0421\u0431\u0435\u0440\u041b\u043e\u0433\u0438\u0441\u0442\u0438\u043a\u0438\u00bb<\/a>, as well as data of users of the platform <a href=\"https:\/\/t.me\/dataleak\/2914\">\u00ab\u0421\u0431\u0435\u0440\u041f\u0440\u0430\u0432\u043e\u00bb<\/a> appeared online.<\/p>\n<p>The incident attracted the attention of <a href=\"https:\/\/tass.ru\/obschestvo\/17235855\">Roskomnadzor<\/a>. In SberSpasibo, an internal audit was also initiated <a href=\"https:\/\/www.kommersant.ru\/doc\/5864354\"><\/a>.<\/p>\n<h2 class=\"wp-block-heading\"><strong>160 GB Acer Documents Listed for Sale on a Hacker Forum<\/strong><\/h2>\n<p>The Taiwanese computer hardware maker Acer <a href=\"https:\/\/www.pcmag.com\/news\/acer-breached-hacker-selling-access-to-160gb-of-stolen-data\">confirmed<\/a> the leak of more than 160 GB of data that occurred in mid-February.<\/p>\n<p>A seller going by Kernelware listed the dump for sale on an auction for Monero cryptocurrency.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/xpd9iJqg8DGFVJmnGnuhouUk0yzq_psdhWf_ysW-BZuWnU9CIbJwTeJYRrMzvtzDT_8doM_4nd9mbAYsR9HgU2dwm-RvwKn1dgCTEMjiEhagBTBZhmpWMWABwE6OQX2fPsbzN7ssyGy63zK7ftauiGA\" alt=\"\u0421\u043b\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 \u0421\u0431\u0435\u0440\u0430, \u0430\u0440\u0435\u0441\u0442 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 DoppelPaymer \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: BreachForums.<\/figcaption><\/figure>\n<p>According to him, the bidder offering the highest amount will receive technical manuals, software tools, information about server infrastructure, documentation on product models for phones, tablets and laptops, replacement digital keys, BIOS images, ROM files and ISO files.<\/p>\n<p>According to Acer, the attacker breached one of its servers containing electronic documentation for service technicians.<\/p>\n<p>The company found no signs of customer data on that server.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Emotet Botnet Resumes Spam Campaigns After Break<\/strong><\/h2>\n<p>Emotet malware resumed distributing malicious spam after a three-month hiatus, noted by Cofense and Cryptolaemus.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u2757???????? ????\u2757<a href=\"https:\/\/twitter.com\/hashtag\/Emotet?src=hash&#038;ref_src=twsrc%5Etfw\">#Emotet<\/a> has resumed activity this morning, sending emails with attached .zip files that are not password protected.<\/p>\n<p>Learn more below \u2b07\ufe0f <a href=\"https:\/\/t.co\/kbXBKNGzan\">https:\/\/t.co\/kbXBKNGzan<\/a><\/p>\n<p>\u2014 Cofense (@Cofense) <a href=\"https:\/\/twitter.com\/Cofense\/status\/1633168858801672193?ref_src=twsrc%5Etfw\">March 7, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>To infect user devices, attackers use emails that impersonate various invoices. They attach ZIP archives containing Word documents larger than 500 MB. Such size hinders detection by antivirus software.<\/p>\n<p>Opening the document triggers macros that download the Emotet loader and launch it in the background.<\/p>\n<p>The malware is currently collecting new credentials and stealing information from address books for targeting. With no additional payloads, experts believe it is gathering data for future spam campaigns.<\/p>\n<p>Earlier Emotet <a href=\"https:\/\/forklog.com\/en\/news\/yanluowang-hackers-breach-telegram-premium-cancellations-and-other-cybersecurity-events\">\u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430<\/a> activity lasted two weeks.<\/p>\n<h2 class=\"wp-block-heading\"><strong>DoppelPaymer Extortionists Arrested in Ukraine and Germany<\/strong><\/h2>\n<p>German and Ukrainian law enforcement arrested two individuals believed to be key members of the DoppelPaymer ransomware group, Europol said.<\/p>\n<p>Investigators are examining the equipment seized from the suspects.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/mpSCfWeuXmZGc0FvtqrVFngU9WWZRWfOx9JKCQS1RE4nWs1Jxr6HGWXBVuGOlua6Qa0YWEGlb4AceSNaEOBII_F4LZglt3xRf_kk0K78-ktSaKHyWs6Ke564DYWCVC-Y2h_BeuRdhpGtMg7hzK8g4ZY\" alt=\"\u0421\u043b\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 \u0421\u0431\u0435\u0440\u0430, \u0430\u0440\u0435\u0441\u0442 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 DoppelPaymer \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: Europol.<\/figcaption><\/figure>\n<p>According to German authorities, DoppelPaymer consisted of five core members who supported the infrastructure, ran data-leak sites, deployed the ransomware and negotiated with victims.<\/p>\n<p>The remaining three suspects at large are wanted internationally:<\/p>\n<ul class=\"wp-block-list\">\n<li>\u0418\u0433\u043e\u0440\u044c \u0413\u0430\u0440\u0448\u0438\u043d \u2014 \u0441\u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u043c \u0437\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0443, \u0432\u0437\u043b\u043e\u043c \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u0435 \u043c\u0430\u043b\u0432\u0430\u0440\u0438 \u0432 \u0441\u0435\u0442\u044f\u0445 \u0436\u0435\u0440\u0442\u0432;<\/li>\n<li>\u0418\u0433\u043e\u0440\u044c \u0422\u0443\u0440\u0430\u0448\u0435\u0432 \u2014 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u043e\u0436\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0435 \u0443\u0447\u0430\u0441\u0442\u0438\u0435 \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u043d\u0435\u043c\u0435\u0446\u043a\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c;<\/li>\n<li>\u0418\u0440\u0438\u043d\u0430 \u0417\u0435\u043c\u043b\u044f\u043d\u0438\u043a\u0438\u043d\u0430 \u2014 \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u0430 \u0437\u0430 \u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u044d\u0442\u0430\u043f \u0430\u0442\u0430\u043a\u0438 \u0438 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0438\u0441\u0435\u043c, \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043d\u0438\u043c\u0430\u043b\u0430\u0441\u044c \u0441\u0430\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u0443\u0442\u0435\u0447\u0435\u043a \u0434\u0430\u043d\u043d\u044b\u0445.<\/li>\n<\/ul>\n<p>\u0422\u0443\u0440\u0430\u0448\u0435\u0432 \u0443\u0436\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043b\u0435\u0442 <a href=\"https:\/\/www.fbi.gov\/wanted\/cyber\/igor-olegovich-turashev\">\u0432\u0445\u043e\u0434\u0438\u0442 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a<\/a> \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0437\u044b\u0441\u043a\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u0424\u0411\u0420 \u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u043e\u0432. \u0412\u043b\u0430\u0441\u0442\u0438 \u0421\u0428\u0410 \u0437\u0430\u043e\u0447\u043d\u043e \u043f\u0440\u0435\u0434\u044a\u044f\u0432\u0438\u043b\u0438 \u0435\u043c\u0443 \u043e\u0431\u0432\u0438\u043d\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043c\u0430\u043b\u0432\u0430\u0440\u0438 Dridex \u0438 \u0443\u0447\u0430\u0441\u0442\u0438\u0438 \u0432 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435 Evil Corp.<\/p>\n<p>\u0428\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a <a href=\"https:\/\/forklog.com\/en\/news\/hackers-attack-kia-motors-america-and-demand-20-million-in-bitcoin\">DoppelPaymer<\/a> \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f BitPaymer \u043f\u043e\u044f\u0432\u0438\u043b\u0441\u044f \u0432 2019 \u0433\u043e\u0434\u0443. \u041e\u043d \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0441\u044f \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u0438 \u0441\u043f\u0430\u043c-\u043f\u0438\u0441\u0435\u043c \u0441 \u0432\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c\u0438 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u043c\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434. \u0410\u0442\u0430\u043a\u0438 DoppelPaymer \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043b \u0431\u043e\u0442\u043d\u0435\u0442 Emotet.<\/p>\n<h2 class=\"wp-block-heading\"><strong>FBI Warns of New Crypto-Theft Schemes Through Games<\/strong><\/h2>\n<p>\u041a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u044b\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0438 \u043e\u043d\u043b\u0430\u0439\u043d-\u0438\u0433\u0440\u0430\u0445 \u043d\u0430 \u0431\u0430\u0437\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438 <span data-descr=\"\u0433\u0435\u0439\u043c\u0435\u0440\u044b \u0437\u0430\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b \u0438 NFT \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0432\u043d\u0443\u0442\u0440\u0438\u0438\u0433\u0440\u043e\u0432\u043e\u0439 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438\" class=\"old_tooltip\">play-to-earn<\/span>, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u0445\u0438\u0449\u0430\u0442\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041e\u0431 \u044d\u0442\u043e\u043c \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438 \u0432 <a href=\"https:\/\/www.ic3.gov\/Media\/Y2023\/PSA230309\">\u0424\u0411\u0420<\/a>.<\/p>\n<p>\u0427\u0442\u043e\u0431\u044b \u0438\u043c\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0432 \u0438\u0433\u0440\u0435, \u0436\u0435\u0440\u0442\u0432\u0430\u043c \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u044e\u0442 \u043a\u0443\u043f\u0438\u0442\u044c \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443 \u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043a\u043e\u0448\u0435\u043b\u0435\u043a. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0447\u0435\u043c \u0431\u043e\u043b\u044c\u0448\u0435 \u0434\u0435\u043f\u043e\u0437\u0438\u0442, \u0442\u0435\u043c \u044f\u043a\u043e\u0431\u044b \u0432\u044b\u0448\u0435 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c\u043e\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435.<\/p>\n<p>\u0414\u043b\u044f \u0432\u043e\u0437\u0432\u0440\u0430\u0442\u0430 \u0438\u043d\u0432\u0435\u0441\u0442\u0438\u0446\u0438\u0439 \u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0437\u0430\u0447\u0430\u0441\u0442\u0443\u044e \u0437\u0430\u043f\u0440\u0430\u0448\u0438\u0432\u0430\u044e\u0442 \u043e\u043f\u043b\u0430\u0442\u0443 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043d\u0430\u043b\u043e\u0433\u043e\u0432 \u0438\u043b\u0438 \u0441\u0431\u043e\u0440\u043e\u0432. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u0432\u0435\u0441\u0442\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043e\u043d\u0438 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Android malware targets 13 Bitcoin wallets and 400 banks<\/strong><\/h2>\n<p>\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u0430\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 Xenomorph \u0434\u043b\u044f Android \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043d\u043e\u0432\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e, \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u0443\u044e \u043f\u043e\u0445\u0438\u0449\u0430\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 400 \u0431\u0430\u043d\u043a\u043e\u0432 \u0438 13 \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u043d\u044b\u0445 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u043e\u0432. \u041e\u0431 \u044d\u0442\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b ThreatFabric.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">THREAT UPDATE: ThreatFabric discovers a new strain <a href=\"https:\/\/twitter.com\/hashtag\/Xenomorph?src=hash&#038;ref_src=twsrc%5Etfw\">#Xenomorph<\/a>!<br \/>Xenomorph v3 adds a complete <a href=\"https:\/\/twitter.com\/hashtag\/ATS?src=hash&#038;ref_src=twsrc%5Etfw\">#ATS<\/a> framework capable of Device Take Over (DTO), in addition more than 400 new financial institutions in its target list.<a href=\"https:\/\/t.co\/7uPbA4HAj8\">https:\/\/t.co\/7uPbA4HAj8<\/a><\/p>\n<p>\u2014 ThreatFabric (@ThreatFabric) <a href=\"https:\/\/twitter.com\/ThreatFabric\/status\/1634131991216914432?ref_src=twsrc%5Etfw\">March 10, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Among the targets are: Chase, Citibank, American Express, ING, HSBC, Deutsche Bank, Wells Fargo and other banks worldwide. Potentially vulnerable crypto wallets: Binance, BitPay, KuCoin, Gemini and Coinbase.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/B58uCAOplXkyEXvy6j1dXWJR2C8MmLktJJYBJLxQ93x_VYrJuTvaVfoT4qSIvpgN_6b86mm_gG3DUMQAPilxCAqjxv5lEkaWeyx90xWPUW52skUhXOyfaRU6CPtHY8pmRtRjewd3G2d5nCFvA5fx9Sc\" alt=\"\u0421\u043b\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 \u0421\u0431\u0435\u0440\u0430, \u0430\u0440\u0435\u0441\u0442 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 DoppelPaymer \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: ThreatFabric.<\/figcaption><\/figure>\n<p>The Trojan is equipped with an <span data-descr=\"Automated transfer system\" class=\"old_tooltip\">ATS<\/span>-framework, allowing it to automatically harvest credentials, check balances, conduct transactions and steal money from targeted apps without remote actions.<\/p>\n<p>The malware can also register contents of third-party authentication apps, bypassing multi-factor authentication. In addition, a built-in cookie stealer allows operators to hijack victims\u2019 sessions and take over their accounts.<\/p>\n<p>ThreatFabric believes the developers plan to sell Xenomorph via <span data-descr=\"malware-as-a-service\" class=\"old_tooltip\">MaaS<\/span>. This hypothesis is supported by the launch of a site advertising a new version of the trojan.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/Ilq48TWiYg-lbgImxlMF4F5oczPaVTCkXZVNSUpDMuwEE-WA_zadrpJIS0Zo4Ob2Rlrul0u9E0SeCIn2s1TEIt0rZeBMh1DjEc7nlMueHlg20BX5rHQWeq2Qp2gGPm0sBIBYLjXe0AhbuAm7l7JmPxs\" alt=\"\u0421\u043b\u0438\u0432 \u0434\u0430\u043d\u043d\u044b\u0445 \u0421\u0431\u0435\u0440\u0430, \u0430\u0440\u0435\u0441\u0442 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 DoppelPaymer \u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\"\/><figcaption>\u0414\u0430\u043d\u043d\u044b\u0435: ThreatFabric.<\/figcaption><\/figure>\n<p>Currently, Xenomorph v3 is distributed via the Zombinder platform in the Google Play Store, posing as a currency converter and switching to the Play Protect icon after the malicious payload is installed.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>Hedera <a href=\"https:\/\/forklog.com\/en\/news\/hedera-hacked-for-an-undisclosed-amount\">\u043f\u043e\u0434\u0432\u0435\u0440\u0433\u043b\u0430\u0441\u044c \u0432\u0437\u043b\u043e\u043c\u0443<\/a> \u043d\u0430 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u0443\u044e \u0441\u0443\u043c\u043c\u0443.<\/li>\n<li>\u041d\u0435\u043b\u0435\u0433\u0430\u043b\u044c\u043d\u044b\u0439 <a href=\"https:\/\/forklog.com\/en\/news\/binance-blocks-illegal-crypto-exchange-with-34m-turnover\">\u043e\u0431\u043c\u0435\u043d\u043d\u0438\u043a \u0441 \u043e\u0431\u043e\u0440\u043e\u0442\u043e\u043c $34 \u043c\u043b\u043d<\/a> \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043d\u0430 Binance.<\/li>\n<li>\u041f\u0440\u0438\u0448\u043b\u0438 \u0432 \u0434\u0432\u0438\u0436\u0435\u043d\u0438\u0435 <a href=\"https:\/\/forklog.com\/en\/news\/us-confiscated-silk-road-bitcoins-move-to-new-wallets-worth-1-billion\">\u043a\u043e\u043d\u0444\u0438\u0441\u043a\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441 Silk Road \u0431\u0438\u0442\u043a\u043e\u0438\u043d\u044b<\/a> \u043d\u0430 $1 \u043c\u043b\u0440\u0434.<\/li>\n<li>Verichains \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e <a href=\"https:\/\/forklog.com\/en\/news\/verichains-flags-critical-vulnerabilities-in-tendermint-core\">\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u0445<\/a> \u0432 Tendermint Core.<\/li>\n<li>\u0425\u0430\u043a\u0435\u0440 \u0432\u0435\u0440\u043d\u0443\u043b \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Tender.fi <a href=\"https:\/\/forklog.com\/en\/news\/hacker-returns-tender-fi-assets-worth-1-59-million-to-the-platform-for-a-bounty\">\u0430\u043a\u0442\u0438\u0432\u044b \u043d\u0430 $1,59 \u043c\u043b\u043d<\/a> \u0437\u0430 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0435.<\/li>\n<li>SEC \u043e\u0431\u0432\u0438\u043d\u0438\u043b\u0430 <a href=\"https:\/\/forklog.com\/en\/news\/sec-charges-green-united-a-seller-of-mining-hardware-with-18-million-fraud\">\u043f\u0440\u043e\u0434\u0430\u0432\u0446\u0430 \u043c\u0430\u0439\u043d\u0435\u0440\u043e\u0432 Green United<\/a> \u0432 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0435 \u043d\u0430 $18 \u043c\u043b\u043d.<\/li>\n<li>\u0410\u0444\u0435\u0440\u0438\u0441\u0442\u044b \u00ab\u0432\u043e\u043e\u0440\u0443\u0436\u0438\u043b\u0438\u0441\u044c\u00bb <a href=\"https:\/\/forklog.com\/en\/news\/scammers-use-ai-to-imitate-the-voices-of-victims-relatives\">\u0418\u0418 \u0434\u043b\u044f \u0438\u043c\u0438\u0442\u0430\u0446\u0438\u0438 \u0433\u043e\u043b\u043e\u0441\u043e\u0432<\/a> \u0440\u043e\u0434\u0441\u0442\u0432\u0435\u043d\u043d\u0438\u043a\u043e\u0432 \u0441\u0432\u043e\u0438\u0445 \u0436\u0435\u0440\u0442\u0432.<\/li>\n<li>\u0412 \u0420\u0424 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u043a\u0438 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0438 \u043e \u0441\u0442\u0430\u0440\u0442\u0435 <a href=\"https:\/\/forklog.com\/en\/news\/in-russia-scammers-announce-the-start-of-investments-in-a-state-cryptocurrency\">\u0438\u043d\u0432\u0435\u0441\u0442\u0438\u0446\u0438\u0439 \u0432 \u00ab\u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u0443\u044e \u043a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u0443\u00bb<\/a>.<\/li>\n<li>\u0412\u0437\u043b\u043e\u043c\u0430\u0432\u0448\u0438\u0439 Uranium Finance <a href=\"https:\/\/forklog.com\/en\/news\/hacker-behind-uranium-finance-breach-moves-3-3m-to-tornado-cash\">\u0445\u0430\u043a\u0435\u0440 \u043f\u0435\u0440\u0435\u043c\u0435\u0441\u0442\u0438\u043b $3,3 \u043c\u043b\u043d<\/a> \u043d\u0430 Tornado Cash.<\/li>\n<li>\u0421\u041c\u0418: \u043a\u0440\u0438\u043f\u0442\u043e\u043c\u043e\u0448\u0435\u043d\u043d\u0438\u043a\u0438 <a href=\"https:\/\/forklog.com\/en\/news\/media-egyptian-crypto-scammers-swindled-investors-out-of-620000\">\u0432 \u0415\u0433\u0438\u043f\u0442\u0435 \u043e\u0431\u043c\u0430\u043d\u0443\u043b\u0438 \u0438\u043d\u0432\u0435\u0441\u0442\u043e\u0440\u043e\u0432<\/a> \u043d\u0430 $620 000.<\/li>\n<li>\u0412 \u0444\u0435\u0432\u0440\u0430\u043b\u0435 DeFi-\u043f\u0440\u043e\u0435\u043a\u0442\u044b <a href=\"https:\/\/forklog.com\/en\/news\/in-february-2023-defi-projects-lost-about-21-4-million-to-hacks\">\u043f\u043e\u0442\u0435\u0440\u044f\u043b\u0438 \u043e\u0442 \u0432\u0437\u043b\u043e\u043c\u043e\u0432 $21 \u043c\u043b\u043d<\/a>.<\/li>\n<li>\u041f\u043e\u043b\u0438\u0446\u0438\u044f \u0421\u0438\u043d\u0433\u0430\u043f\u0443\u0440\u0430 \u043d\u0430\u0447\u0430\u043b\u0430 <a href=\"https:\/\/forklog.com\/en\/news\/singapore-police-begin-investigation-into-do-kwon\">\u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u0440\u043e\u0442\u0438\u0432 \u0414\u043e \u041a\u0432\u043e\u043d\u0430<\/a>.<\/li>\n<li>\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0431\u0430\u043d\u043a\u043e\u043c\u0430\u0442\u043e\u0432 \u0432 \u0421\u0428\u0410 <a href=\"https:\/\/forklog.com\/en\/news\/bitcoin-atm-operators-in-the-united-states-accused-of-fraud-and-money-laundering\">\u0437\u0430\u043f\u043e\u0434\u043e\u0437\u0440\u0438\u043b\u0438 \u0432 \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0435<\/a> \u0438 \u043e\u0442\u043c\u044b\u0432\u0430\u043d\u0438\u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to Read This Weekend?<\/strong><\/h2>\n<p>Together with ForkLog\u2019s analysts, we looked at which Bitzlato-linked companies could become subjects of new investigations and how this might affect their users.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have gathered the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":75376,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-75375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"36","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=75375"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75375\/revisions"}],"predecessor-version":[{"id":75377,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75375\/revisions\/75377"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/75376"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=75375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=75375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=75375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}