Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Crytocurrency. Show all posts

Atomic macOS Malware: New Malware Steals Credit Card Credentials in Chrome


A brand-new malware has apparently been targeting macOS. The malware, according to BleepingComputer, is named “Atomic” and was being sold to cybercriminals in darknet markets for $1,000 a month. 

A victim management UI that is simple to use and gives malicious actors access to very sensitive information, such as keychain passwords, cookies, files from local computers, and other information that may put victims in serious trouble, is provided by this ill-intentioned subscription.

What is Atomic Capable of? 

While Atomic is an information-stealing malware, it can drastically make its quarries much poorer. When cybercriminals buy Atomic, they receive a DMG file with a 64-bit Go-based malware program that can steal credit card information from browsers. This covers Yandex, Opera, Vivaldi, Microsoft Edge, Mozilla Firefox, and Google Chrome. 

After gaining access to a victim's Mac, Atomic may show a bogus password window asking users to enter their system passwords. As a result, attackers can access the target's macOS computer and cause havoc. 

Moreover, due to the activities of Atomic, cryptocurrency holders are particularly vulnerable. More than 50 well-known cryptocurrency extensions, including Metamask and Coinbase, are intended targets of this macOS malware. 

Atomic, unfortunately, has a tendency to go unnoticed. Only one malicious software detection was made by 59 anti-virus scanners. 

How can you Protect Yourself from Atomic macOS Malware? 

Thankfully, Atomic will not be hiding in any official macOS services. Atomic is disseminated by phishing emails, laced torrents, and social media posts by nefarious buyers. Some even use the influence of black SEO to lure Google users into downloading malicious software that poses as legitimate software. 

In case you are a crypto holder, it is best advised to use a well-known crypto hardware wallet in order to protect yourself from digital-asset thieves. Moreover, it has also been advised to not use software wallets, since that way valuable virtual currencies are majorly exposed. 

It has also been recommended to online users to remove their credit card information from Google Chrome by navigating to Settings > Autofill > Payment Methods. Tap on the three-dotted icons next to your credit cards and click on "Turn off virtual card." Go to pay.google.com, select Payment Methods, and then click "Remove" next to your credit cards to take things a step further.  

DeFiChain: DeFi Boosts with Decentralized Assets

 

Decentralized Finance (DeFi), based on Blockchain and Cryptocurrency, has emerged as a prominent technology. It has grown to become an alternative to the traditional centralized system that relies on financial intermediaries like banks for exchanges or financial transactions. It uses ‘Smart Contracts’ on Blockchain-based technology, allowing users a new way to invest, trade, sell, loan or exchange. 

Limitation of Decentralized Finance (DiFi)

Operating as a small financial system in an emerging global movement, DeFi has become visibly popular in the past few months. Decentralized Finance, via Blockchain, has led to an increase in financial security and transparency for users. From lending and borrowing platforms to stablecoins and tokenized BTC, the DeFi ecosystem has been able to launch a network of integrated protocols and financial instruments, that are now worth over $13 billion of value locked in Ethereum Smart Contracts. 

However, along with its advantages, there are some limitations of Decentralized Finance. DeFi being a decentralized system does not allow centralized assets to interact, such as stock options, commodities, and indices. 

What is DefiChain?

DeFiChain comes as a rescue for Decentralized Finance. DeFiChain is a Blockchain system specifically dedicated to Decentralized financial applications by introducing decentralized assets, it bridges the gap with the centralized assets without compromising their DeFi platform with centralism. 

A decentralized asset, also termed as dAsset or dToken, is a token on the DeFiChain blockchain that provides you a price exposure to real-world stocks. For instance, for the stocks, TSLA, APPL, FB, there exist dTSLA, dAPPL, dFB, each of which attempts to mirror the price of the real stock. 

These creations can thus allow the DeFiChain user to buy decentralized assets, so now the user is provided with a method of trading stocks on a decentralized system. DeFiChain has now become a groundbreaking system for investors. While a traditional investor, after buying stocks, will only be able to make money once he has earned profit from the stocks. Once a user buys one of their dToken assets, they will be able to put that into a liquidity mining pool. This will not only enable the investor to make a profit from their dToken when it goes up in value, but also make passive income from their dAssets. 
 
DeFiChain, with the introduction of decentralized assets (dAssets), has changed the game for Decentralized finance. With incredible user benefits, be it the decentralization of assets or making incredible passive income, DeFiChain is emerging as a prominent blockchain ecosystem.

US Attributes North Korean Lazarus Hackers to Axie Infinity Crypto Theft

 

The US Treasury Department announced on Thursday that it had linked North Korean hackers to the heist of hundreds of millions of dollars in cryptocurrencies linked to the popular online game Axie Infinity. 

On March 23, digital cash worth about $615 million was stolen, according to Ronin, a blockchain network that enables users to transfer crypto in and out of the game. No one has claimed responsibility for the hack, but the US Treasury announced on Thursday that a digital currency address used by the hackers was under the control of a North Korean hacking group known as "Lazarus." 

The Treasury Department spokesperson stated, using the initials of North Korea’s official name, “The United States is aware that the DPRK has increasingly relied on illicit activities — including cybercrime — to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust U.S. and U.N. sanctions.” 

The wallet's users risk being sanctioned by the US, according to the representative. Chainalysis and Elliptic, two blockchain analytics companies, said the designation validated North Korea was behind the break-in. Sky Mavis co-founder Aleksander Larsen, who develops Axie Infinity, declined to comment. Sky Mavis engaged CrowdStrike to investigate the incident, but the firm declined to comment. 

The FBI has ascribed the attack to the Lazarus Group, according to a post on the official Ronin blog, and the US Treasury Department has sanctioned the address that received the stolen money. The Reconnaissance General Bureau, North Korea's primary intelligence bureau, is said to be in charge of the Lazarus hacking squad, according to the US. It has been accused of being involved in the "WannaCry" ransomware attacks, as well as hacking multinational banks and customer accounts and the Sony Pictures Entertainment hacks in 2014. 

Cryptocurrency systems have long been afflicted by hacks. The Ronin hack was one of the most massive cryptocurrency thefts ever. Sky Mavis stated it will refund the money lost using a combination of its own balance sheet capital and $150 million raised from investors including Binance. 

The Ronin blog stated, “We are still in the process of adding additional security measures before redeploying the Ronin Bridge to mitigate future risk. Expect the bridge to be deployed by end of month.” 

According to a Treasury spokesperson, the US will consider publishing crypto cybersecurity guidelines to help in the fight against the stolen virtual currency.

The sharp drop of the cryptocurrency provokes cyber fraudsters

According to cybersecurity experts, the fall in the cryptocurrency exchange rates may cause another increase in DDoS attacks. The fact is that the same tools are used for conducting attacks as for mining. It becomes more profitable for the owners of the tool to conduct DDoS attacks.

Cybersecurity experts said that the fall of bitcoin from the April historical high of $64.9 thousand to $31.4 thousand, which occurred recently, along with the collapse of other cryptocurrencies, can cause an increase in DDoS attacks.

The fact is that botnets, which are also used for mining cryptocurrency, are used to carry out DDoS attacks, explains Alexander Gutnikov, an analyst at Kaspersky DDoS Prevention. "Attackers usually redirect power to mining when cryptocurrency prices are high, as it is more profitable to use bot farms for this than for DDoS attacks," he said.

Accordingly, the power is reoriented to custom attacks when cryptocurrency prices are low.

According to the report of Kaspersky Lab on attacks for the first quarter of 2021, the exchange rate of cryptocurrencies, in particular bitcoin, declined, for example, in January, and at the same time, there was a surge in DDoS activity. In early March, there was another peak of DDoS attacks, before which there was again a decline in the bitcoin exchange rate.

"DDoS attacks are always activated, when the cryptocurrency exchange rate changes", confirms Alexander Lyamin, CEO of Qrator Labs. According to him, the reason is also that attackers can earn money on the difference in exchange rates, for example, to slow down operations by staging an attack. "Although payments for DDoS attacks are often made in cryptocurrency, their cost is usually set in dollars", says Ramil Khantimirov, CEO and co-founder of StormWall.

"DDoS attacks can be carried out on a specific blockchain to create problems in it and lower the value of coins", adds the technical director of the cryptocurrency exchange CEX.IO Dmitry Volkov. He said that in theory unscrupulous competitors can do this, but in practice such attacks are rare.

Lazarus E-Commerce Attackers Adapt Web Skimming for Stealing Cryptocurrency

 

Cybercriminals with apparent ties to North Korea that hit e-commerce shops in 2019 and 2020 to steal payment card data also tested functionality for stealing cryptocurrency, according to the cybersecurity firm Group-IB. 

Group-IB's latest report builds on findings revealed in July 2020 by Dutch security firm Sansec, which reported that malicious infrastructure and, in many cases, the malware was being used for Magecart-style attack campaigns that had previously been attributed to the Lazarus Group. 

Lazarus - aka Hidden Cobra, Dark Seoul, Guardians of Peace, APT38, Bluenoroff, and a host of other names - refers to a group of hackers with apparent ties to the Pyongyang-based government officially known as the Democratic People's Republic of Korea, led by Kim Jong-Un.

Magecart-style attacks refer to using so-called digital card skimming or scraping tools - aka JavaScript sniffers - that they inject into victim organizations' e-commerce sites. Victims of such attacks have included jewelry and accessories retailer Claire's and Ticketmaster UK, among thousands of others. 

Researchers at Group-IB stated that after reviewing the attack campaign discovered by Sansec, it also found signs suggesting that attackers had been experimenting not just with stealing payment card data but also cryptocurrency.

Group-IB reports that it found the same infrastructure being used, together with a modified version of the same JavaScript sniffer - aka JS-sniffer - that Sansec described in its report. Group-IB has dubbed the cryptocurrency-targeting campaign Lazarus BTC Changer. 

The attackers appear to have stolen relatively little cryptocurrency via the sites' customers: just $9,000 worth of Ethereum and $8,400 worth of bitcoins, Group-IB reports. Group-IB says those stolen funds appeared to have been routed to bitcoin cryptocurrency wallets allegedly owned by CoinPayments.net, "a payment gateway that allows users to conduct transactions involving bitcoin, Ethereum, Litecoin, and other cryptocurrencies." 

Lazarus may have used the site to launder the stolen funds by moving them to other cryptocurrency exchanges or wallets. The cybersecurity firm notes that CoinPayment's "know your customer" policy could help identify the individuals who initiated the transactions. The service's user agreement stipulates that individuals attest that they are not operating in or on behalf of anyone in a prohibited jurisdiction, which includes North Korea.