- \n
- Researchers found a new, feature-rich cryptocurrency stealer.<\/li>\n
- Chrome extensions intercepted user traffic for eight years.<\/li>\n
- Activists \u201cbacked up\u201d 86 million Spotify audio files.<\/li>\n
- Uzbekistan\u2019s traffic-management database was left without a password.<\/li>\n<\/ul>\n<\/div>\n
Researchers uncover a new crypto stealer with broad capabilities<\/h2>\n
Experts at Kaspersky<\/a> reported a new stealer, Stealka. The malware, which targets Windows users, can steal data and cryptocurrency, hijack accounts and install hidden miners.<\/p>\n
According to analysts, the software most often masquerades as cracks, cheats and mods. The malware is triggered manually by the victim and spreads via popular platforms such as GitHub, SourceForge, Softpedia and Google Sites.<\/p>\n
In more elaborate schemes, attackers create convincing copies of websites by tapping into popular search queries. Mimicking trusted resources, the interface tells users that all posted data have been fully scanned for viruses.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-e382355c5581b3b7-1993867744258374-953x1024.png\")
Legitimate SourceForge service with an infected Roblox mod. Source: Kaspersky.<\/figcaption><\/figure>\n Stealka offers a broad arsenal, but its primary target is user data from Chromium- and Gecko-based browsers, including popular Chrome, Firefox, Opera, Yandex Browser, Edge and Brave.<\/p>\n
Attackers are most interested in autofill stores containing account information and payment-card details. Cookies and session tokens let hackers bypass two-factor authentication to seize accounts, which are then used to spread the malware further.<\/p>\n
According to Kaspersky, Stealka targets 115 browser extensions. Popular categories at risk include:<\/p>\n
- \n
- crypto wallets: Binance, Coinbase, Crypto.com, SafePal, Trust Wallet, MetaMask, Ton, Phantom, Exodus;<\/li>\n
- two-factor authentication apps: Authy, Google Authenticator, Bitwarden;<\/li>\n
- password managers: 1Password, Bitwarden, LastPass, KeePassXC, NordPass.<\/li>\n<\/ul>\n
The stealer also threatens messengers, mail clients, note managers, gaming services and VPNs.<\/p>\n
Chrome extensions intercepted user traffic for eight years<\/h2>\n
Two Chrome Web Store extensions called Phantom Shuttle pose as proxy-service plug-ins but in fact intercept user traffic and steal confidential data, Socket<\/a> reported.<\/p>\n
Phantom Shuttle targets users in China, including foreign-trade professionals who need to test network connections from various locations inside the country. Both extensions are published under the same developer and marketed as tools for traffic proxying and speed testing. They are available by subscription priced from $1.4 to $13.5.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-0928f80ecb47fcdd-1993867438380357-1024x674.png\")
Source: Socket.<\/figcaption><\/figure>\n Active since 2017, the software routes a user\u2019s web traffic through attacker-controlled proxy servers, accessed using hard-coded credentials. Malicious code is embedded inside a legitimate jQuery library.<\/p>\n
By \u201clistening\u201d to web traffic, the extensions can intercept HTTP authentication requests on every site visited. They dynamically reconfigure Chrome\u2019s proxy settings using a proxy auto-configuration script.<\/p>\n
In the Default mode the malware can filter more than 170 domains, including:<\/p>\n
- \n
- developer platforms;<\/li>\n
- cloud-service management consoles;<\/li>\n
- social networks;<\/li>\n
- adult-content portals.<\/li>\n<\/ul>\n
Local networks and the control domain are whitelisted to avoid disruption and detection.<\/p>\n
Operating as a man-in-the-middle attack, the extension can:<\/p>\n
- \n
- intercept data from any forms (logins, card details, passwords, personal information);<\/li>\n
- steal session cookies from HTTP headers;<\/li>\n
- extract API<\/span> tokens from requests.<\/li>\n<\/ul>\n
Activists \u201cbacked up\u201d 86 million Spotify audio files<\/h2>\n
The leading music-streaming service was subjected to mass scraping<\/span> by pirate activists from Anna\u2019s Archive.<\/p>\n
The group is widely known for a campaign to preserve literature, scientific publications, magazines and other materials. They call themselves \u201cthe largest truly open library in human history\u201d, providing access to more than 61 million books and 95 million articles.<\/p>\n
In a 20 December 2025 post, \u201cBacking up Spotify<\/a>\u201d, the team claims it obtained access to metadata for more than 250 million tracks and 86 million of the service\u2019s audio files.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-b9218eec2b59909d-1993867438521334-1024x656.png\")
Source: Anna\u2019s Archive.<\/figcaption><\/figure>\n The haul amounts to about 300 TB. The most-played tracks, per Spotify\u2019s metrics, are available at 160 kbps, while less popular ones are compressed to 75 kbps.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-4e2d6ce37a7c4c4f-1993868681308276-1024x768.png\")
Source: Anna\u2019s Archive.<\/figcaption><\/figure>\n Anna\u2019s Archive says the move allowed it to create \u201cthe world\u2019s first archive for music\u201d. Activists claim it covers 99.6% of all listens on Spotify.<\/p>\n
The group has posted the metadata on its torrent site and plans to release the audio files later. Additional metadata and album art will follow. The archive will be published in order of popularity.<\/p>\n
On December 21 a Spotify team told Billboard<\/a> the scraping had been confirmed:<\/p>\n
\n
\u201cThe investigation of unauthorized access showed that a third party collected public metadata and used illegal methods to circumvent technical copyright-protection measures to gain access to part of the platform\u2019s audio files.\u201d<\/em><\/p>\n<\/blockquote>\n
On December 23 a Spotify spokesperson told PCMag<\/a> of \u201cdetecting and blocking the accounts of the malicious actors involved in the unlawful data collection\u201d.<\/p>\n
Uzbekistan\u2019s traffic-management system database was left without a password<\/h2>\n
Security researchers uncovered<\/a> a critical data leak in Uzbekistan\u2019s national road-traffic monitoring system. A network of a hundred high-resolution cameras using facial and licence-plate recognition had been openly accessible for an extended period without a password.\u00a0<\/p>\n
According to Anurag Sen, the researcher who found the vulnerability, the \u201cintelligent traffic-management\u201d database contains millions of photos and raw 4K video recordings. These can be used to reconstruct citizens\u2019 routes.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-e0823bd5c0246879-1993870426713405-1024x626.png\")
Source: TechCrunch.<\/figcaption><\/figure>\n For example, one driver was tracked for half a year: cameras logged his trips between Tashkent and nearby settlements several times a week.<\/p>\n
The system is built on equipment from China\u2019s Maxvision and Singapore\u2019s Holowits. Beyond recording traffic violations, the algorithms can identify drivers and passengers in real time. Cameras are deployed not only in large cities such as Jizzakh and Namangan but also at strategically important border sections.<\/p>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-4ea247afc7ed58b4-1993868697088586-1024x678.png\")
Source: TechCrunch.<\/figcaption><\/figure>\n Despite the scale of the leak, government agencies, including the Interior Ministry and the UZCERT incident-response team, had not closed access to the data or issued official comments at the time of publication.<\/p>\n
The incident echoes recent problems at an American surveillance giant \u2014 Flock. Earlier it was reported that in the US dozens from this supplier also ended up accessible<\/a> online without authorization.<\/p>\n
Leaks of this scale pose serious privacy risks, allowing criminals to exploit state infrastructure for stalking and the theft of personal data.<\/p>\n
Interpol carried out sweeping raids in Africa<\/h2>\n
During Operation Sentinel in Africa, coordinated by Interpol<\/a>, law-enforcement officers arrested 574 people and recovered $3 million linked to business email compromise and ransomware.<\/p>\n
From October 27 to November 27, 2025, police in 19 countries took down about 6,000 malicious links and decrypted six ransomware variants. Financial losses from cybercriminals\u2019 actions totalled more than $21 million.<\/p>\n
Operation Sentinel highlights:<\/p>\n
- \n
- Senegal: a $7.9 million transfer was prevented in an attack on an oil company;<\/li>\n
- Ghana: after a loss of $120,000 and the encryption of 100 TB at an unnamed financial institution due to a ransomware attack, police restored 30 TB of data and made numerous arrests;<\/li>\n
- Ghana, Nigeria: a cross-border scam impersonating well-known fast-food brands deceived more than 200 victims out of roughly $400,000. Police detained ten suspects, seized over 100 devices and disabled 30 servers;<\/li>\n
- Benin: 106 arrests, removal of 43 malicious domains and blocking of 4,318 social-media accounts linked to fraud;<\/li>\n
- Cameroon: rapid action against an online car-sales scheme traced a compromised server and secured the emergency freezing of bank accounts within hours.<\/li>\n<\/ul>\n
![\"image\"](\"https:\/\/forklog.com\/wp-content\/uploads\/img-14f6dc4975cca4b0-1993871019579077.webp\")
Arrests in Benin. Source: Interpol.<\/figcaption><\/figure>\n Private companies also took part in the investigation: Team Cymru, The Shadowserver Foundation, Trend Micro, TRM Labs and Uppsala Security.<\/p>\n
The teams helped trace IP addresses used in ransomware attacks and sextortion cases, and helped freeze criminal proceeds.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- Trust Wallet users were hacked<\/a> for $7 million.<\/li>\n
- CZ proposed<\/a> a way to combat \u201caddress poisoning\u201d.<\/li>\n
- AI was used<\/a> to forge documents for works of art.<\/li>\n
- Polymarket reported a breach<\/a> of user accounts.<\/li>\n
- Media reported<\/a> that Chinese darknet turnover on Telegram rose to $2 billion.<\/li>\n
- \u201cPrompt injection\u201d has become<\/a> the chief hazard for AI browsers.<\/li>\n
- An investor lost<\/a> nearly $50 million in an address-substitution attack.<\/li>\n<\/ul>\n
What to read this weekend?<\/h2>\n
The safety of investment capital often hinges on measured decisions, typically justified with expert reports. ForkLog revisited top analysts\u2019 forecasts for 2025 and compared them with objective reality.<\/p>\n","protected":false},"excerpt":{"rendered":"
We have gathered the week\u2019s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":92696,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"The week\u2019s key cybersecurity developments.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-92695","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"182","promo_type":"1","layout_type":"1","short_excerpt":"The week\u2019s key cybersecurity developments.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=92695"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92695\/revisions"}],"predecessor-version":[{"id":92697,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/92695\/revisions\/92697"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/92696"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=92695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=92695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=92695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- CZ proposed<\/a> a way to combat \u201caddress poisoning\u201d.<\/li>\n
- Trust Wallet users were hacked<\/a> for $7 million.<\/li>\n