Facebook messenger malware FacexWorm targets crypto platforms

FacexWorm, a malicious Google Chrome extension, has been targeting cryptocurrency trading platforms via Facebook Messenger, according to a Trend Micro report.

This was not the first time FacexWorm has targeted unsuspecting users. The malware was first uncovered last year in August by Kaspersky labs researcher David Jacoby. At the time, it was unclear how it operated and the purpose for its creation. Eight months later,Trend Micro noticed on April 8 activities that resembled the malware. At the time of discovery, there were already reports of FacexWorm attack in countries like Tunisia, Germany, Spain, Japan, Taiwan, and South Korea.

The new version of FacexWorm works similarly like the old version with few new adjustments. In addition to sending socially engineered links to friends from an affected Facebook Messenger account, it can steal users account and credential details. FacexWorm also causes cryptocurrency fraud, puts malicious cryptocurrency mining codes on a website and redirects users to attackers’ referral link for cryptocurrency related programs. It can also hijack cryptocurrency transactions and steal money from platforms, such as Poloniex, HitBTC, Bitfinex, Ethfinex, and Binance, and wallets like Blockchain.info.

According to the report, users who opened the link were redirected to a fake YouTube page, where they will be asked to install a codec extension—FacexWorm—to play the video. Finally, users will get a request for “privilege to access,” and change data on the opened website. Once granted access,FacexWorm will download malicious codes to help in executing its operations.

The malware has only been able to affect a small group of people, according to the Trend Micro team, which has so far been able to identify one BTC transaction that was affected by FacexWorm. They were, however, not able to determine how many BTC coins have been earned from the malicious malware

Chrome has taken measures to remove and prevent attackers from uploading FacexWorm in their system.Facebook Messenger has also put measures to detect and prevent FacexWorm uploads by attackers. Trend Micro urges users to be careful while sharing information with friends.

Last year, Amazon had a malware attack that was uploaded to their Amazon Web Services servers. The malware executed BTC mining command that allowed mining using the company’s large process power to facilitate the process.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

UNICEF turns mining malware into good—donate computing power instead of cash

In a funny twist, the mechanism commonly used as a mining malware is now being used for a good cause: UNICEF now allows you to donate some of your computing power instead of cash.

Since last year, several organizations—including government websites—have been plagued by a series of pestilent attacks based on several hacking tools leaked from the NSA. One of these tools gave birth to the CoinHive, a malware that had gained notoriety after discreetly being slipped into users’ computers through some usability plug-ins and secretly mined Monero for the hackers.

Now, Unicef is using a similar mechanism in order to generate funds without requiring donors to shell out their own cash. According to ZDNet, UNICEF’s donation platform is powered by the same Monero mining program. But unlike the Monero miner, the website—named theHopePage.org, clearly asks users for confirmation before using anybody’s system to mine for UNICEF Australia. Users can also adjust how much computing power they are willing to donate, and can simply keep the browser tab open to keep contributing. This gives people an opportunity to “give hope, just by being here,” as their website says.

“The longer you stay on the page and the more processor power you donate, the more algorithms get solved, which earns cryptocurrency,” they wrote in their website. “Mining is perfectly safe for your computer. If you’re ever worried about power consumption, turn down the amount of processing power you’re donating.”

Upon agreeing, the website then proceeds to use the viewer’s computing power to mine cryptocurrencies, the proceeds of which go directly to the fund, the organizations says.

“The cryptocurrency is automatically donated to UNICEF Australia and is turned into real funds that reach children through life-saving supplies like safe water, therapeutic food and vaccines. Turn the Hopepage into your homepage to give every day.”

As of last check, over 1,600 people were donating to the website.

This is not the first time UNICEF turned to cryptocurrency mining to solicit computing power donations. In February, they also appealed to online gamers, who are likely to have powerful graphics cards perfect for crypto mining. The website, Game Chaingers, would allow gamers to donate their computing power to help Syrian children, although attention to the website has died down since its launch.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Cash (BCH) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BCH is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

Europol takes down Ukranian gang suspected of using crypto to launder $1.2B

Authorities in Spain have arrested the leader of a cybercrime group behind the Carbanak and Cobalt malware attacks, which targeted over 100 financial institutions around the world. The mastermind behind this heist was allegedly an Ukranian national called Denis K. The operation was conducted in conjunction with Europol.

The gang, composed of Russian and Ukranian nationals, would manage to gain access to bank servers and networks through a series of emails sent to employees, according to Europol. The emails would eventually infect their computers and target valuable security data such as passwords, resulting in the group gaining access to account balances which they changed and even gave instructions to ATMs to issue large quantities of cash.

Authorities said the Cobalt malware alone allowed the cybercriminals to steal up to €10 million (U$12.4 million) per attack. In total, the group reportedly infiltrated banks in more than 40 countries, resulting in the loss of over €1 billion (US$1.2 billion).

The group also managed to set up a cryptocurrency farm, which they use to launder money. According to Europol investigators, “The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.”

The mastermind behind the group, who was identified as Denis K, operated from Spain and had accumulated about 15,000 BTC worth about $120 million, authorities said.

The operation to catch this gang was quite massive and involved the police from several countries including the United States, Taiwan in Asia and Romania in Europe. Denis K was eventually arrested in the Spanish port city of Alicante.

The Spanish Interior Minister announced that three other gang members were arrested alongside a massive haul of jewels worth half a million dollars, two luxury cars and properties. Bank accounts belonging to the gang members were also frozen.

According to a statement by Europol, the individuals authorized fraudulent bank transfers, adjusted mule bank accounts and commanded ATMs to issue cash. Apparently the group worked with the Russian mafia up till 2016 but then began working with the Moldovan mafia. This massive operation enabled the gangsters to accumulate a staggering 15,000 BTC with the money being converted on cryptocurrency exchanges in Russia and Ukraine which would later be transferred to the group’s personal bank accounts.

This is not the first time that cryptocurrency has been used to launder money. A Turkish gang was involved in extortion to the amount of 450 BTC from a Turkish businessman while in February a Taiwanese gang was arrested for the theft of BTC worth up to $100,000.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

source: https://coingeek.com/europol-takes-ukranian-gang-suspected-using-crypto-launder-1-2b/

Government-owned Telecom Egypt linked to Monero mining software

If proven true, Sandvine’s new “revenue-generation” formula is downright unethical.

Since last year, over 5,000 websites including Amazon and Australian government websites have fallen victim to a malware that uses unwitting users’ computers to mine Monero (XMR) for attackers. Back then, the Coinhive malware slipped in these websites through a usability plugin called BrowseAloud.

And it looks like cyberthieves are deploying the same malware to mine the same coin, but this time a suspect has been pinpointed.

A report by researchers at the Citizen Lab titled, “BAD TRAFFIC” alleges that government-owned company Telecom Egypt had a hand in it, with implications of involvement by network intelligence provider Procera, and its newly acquired corporation Sandvine. Apart from infecting users with Monero-mining CoinHive malware, users are also being wrongly redirected to revenue-generating ads and content—which is one of Sandvine/Provera’s major business offerings. The Sandvine/Procera partnership focuses on traffic management, analytics, and revenue generation, among other things.

The report says that Sandvine devices are being used to infect users with the malware and to generate revenue through redirects not only in Egypt but also in Turkey and Syria, adding that this “raises significant human rights concerns.”

According to the report, the researchers found deep packet inspection (DPI) middleboxes on Egyptian government-owned Telecom Egypt which were similar to those found on Türk Telekom, and “were being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.”

In a message to CoinDesk, Sandvine denies the allegations, and says that the company has launched an investigation on the allegations.

“Based on a preliminary review of the report, certain Citizen Lab allegations are technically inaccurate and intentionally misleading….We have never had, directly or indirectly, any commercial or technology relationship with any known malware vendors, and our products do not and cannot inject malicious software. While our products include a redirection feature, HTTP redirection is a commodity-like technology that is commonly included in many types of technology products.”

This isn’t the first time the Egyptian government has been accused of manipulation. In 2016, a report alleged that there were anomalies in networks in Egypt, pointing to censorship and malware injection, as well as interference of secure networks (HTTPS) while enabling connections to unsecured networks (HTTP).

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true  Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

SecureWorks says the attack is “state-sponsored.”

Beware: even Word documents are not safe.

The same cyber crime group that shook the world with the infamous WannaCry ransomware is on to even more mischief. Information security service firm SecureWorks reported that the Lazarus Group is now circulating a spearphishing scam disguised as a job advert targeting workers in the cryptocurrency industry. The attack has been observed since last year, but attempts as recent as last month have also been seen.

The malware is being circulated through an email of a fake job advert, where a seemingly innocent Microsoft Word document attached to the email reportedly triggers the installation of a “Remote Access Trojan” inconspicuously in the background.

ALERT: North Korean hackers are circulating an MS Word document to steal from crypto workers

In an interview with Business Insider, SecureWorks senior security researcher Rafe Pilling says the malware assesses whether a particular computer is worth pillaging before possibly downloading more malware to assist in its operations.

“The malware that’s downloaded is the first stage RAT that gives them basic systems survey capability and the ability to download further malware if they find they’ve landed an interesting target,” Pilling said.

It is unclear if the malware has claimed any victims, and if so, how much the damage is. But SecureWorks says the operation is a big one:

“There’s a significant capability behind this threat actor — we’re not talking about five people in a room.”

Pilling believes the campaign was backed by the government, seeing as such operations in tightly controlled North Korea would be practically impossible—unless the government instigated it.  The Lazarus Group has also previously been linked to the North Korean government’s operations.

“North Korea is perhaps unique in that there’s such tight control over all forms of communication,” Pilling said. “We don’t believe there’s anything that state organised cyber activity that comes out of that country. We would see it as having some degree of state direction or state approval.”

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper.  Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.

Yet another breach hits SegWit Gold

Another week, another security issue for SegWit Gold (SWG).

On Sunday, the SWG team warned users who downloaded their wallet for Windows between Nov. 21, 09:39 UTC and Nov. 25, 22:30 UTC that they are “at risk of a malware infection.” The warning stemmed from reports that an unknown party has gained access to the SWG project’s GIthub repository and replaced the official Windows wallet download with a different file.

Two suspicious files of unknown origins have been linked to the project’s download page and Github release page file downloads for “approximately 4.5 days,” according to the SWG statement. The team also warned users not to presume that the files are safe, even though they do not trigger antivirus or anti-malware software.

“Any user who verified the SHA-256 checksum of the download against the checksum listed on our Download pages is already aware the file is not authentic and should not have used the file, but nobody should assume that all users take this important step,” the group stated.

The latest breach will likely unnerve SWG fans who are already rattled by last week’s news that the project’s official website had promoted a fraudulent web wallet that stole $3.3 million from investors.

The website, called MyBTGWallet, was described as an early wallet version where users can check their SWG balance and, in the future, use to transact with their SegWit Gold. Investors, however, reported that they have lost at least $30,000 worth of ethereum, $72,000 worth of litecoin, $107,000 worth of SWG, and more than $3 million worth of BTC from submitting private keys to the web wallet.

The team behind SWG reassured users that the Github repository has already been secured, even as the stream of cyber security issues has yet to show any signs of letting up.

“The suspicious file has already been replaced with a known safe file whose checksum matches. Our team is performing a security audit to ensure the safety of all other systems, and we will attempt to ascertain the purpose of the file,” according to SWG.

Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.