Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Trading. Show all posts
Web3
Bitcoin Bull Market Crypto GitHub Technology Trading Web3

Crypto Bull Market Targeted: The Lottie-Player Security Breach


In an alarming development for the tech community, especially for those immersed in the Web3 ecosystem, a supply chain attack has targeted the popular animation library, Lottie-Player. If users fall for this prompt, it could enable attackers to drain cryptocurrency wallets. 

Given Lottie-Player's impressive tally of over 4 million downloads and its significant presence on many prominent websites for animation embedding, this incident underscores the security vulnerabilities associated with open-source libraries.

Understanding the Attack

The breach initially came to light on GitHub when a user noticed an unusual Web3 wallet prompt while integrating Lottie-Player on their website. Upon closer examination, it was discovered that versions 2.0.5, 2.0.6, and 2.0.7 of Lottie-Player, released between 8:12 PM and 9:57 PM GMT on October 30, 2024, had been tampered with and compromised.

The attack involved the introduction of malicious code into three new versions of the Lottie-Player library, a widely used tool for rendering animations on websites and applications. Threat actors infiltrated the distribution chain, embedding code designed to steal cryptocurrencies from users' wallets. This method of attack is particularly insidious because it leverages the trust developers place in the libraries they use.

The Broader Implications

Once the compromised versions were released, they were integrated into numerous high-profile projects, unknowingly exposing countless users to the threat—the malicious code activated during transactions, redirecting funds to wallets controlled by the attackers. In one notable case, a user reportedly lost 10 Bitcoin (BTC), worth hundreds of thousands of dollars, due to a phishing transaction triggered by the malicious script.

Following the discovery of the attack, the Lottie-Player team swiftly released a clean version, 2.0.8, which developers can use to replace the compromised files. To further contain the breach and limit exposure, versions 2.0.5 through 2.0.7 were promptly removed from npm and CDN providers like unpkg and jsdelivr.

Moving Forward

The attack occurred during a pivotal phase of the crypto bull market, intensifying efforts to steal increasingly valuable tokens. To mitigate risks, it's advisable to connect a wallet only for specific purposes rather than granting full-time permissions for signing transactions. Additionally, being prompted to connect a wallet immediately upon entering a website can serve as a potential warning sign.

Read more »
Trading
Apple cryptocurrency Cyber Fraud Cybersecurity Fake Apps Fraud Google investment phishing Scam Trading

Massive Global Fraud Campaign Exploits Fake Trading Apps on Apple and Google Platforms

 

A recent investigation by Group-IB revealed a large-scale fraud operation involving fake trading apps on the Apple App Store and Google Play Store, as well as phishing sites to deceive victims. The scheme is part of a wider investment scam known as "pig butchering," where fraudsters lure victims into investments by posing as romantic partners or financial advisors.

Victims are manipulated into losing funds, with scammers often requesting additional fees before disappearing with the money.

Group-IB, based in Singapore, noted that the campaign targets victims globally, with reports from regions like Asia-Pacific, Europe, the Middle East, and Africa. The fraudulent apps, created using the UniApp Framework, are labeled under "UniShadowTrade" and have been active since mid-2023, offering promises of quick financial gains.

One app, SBI-INT, even bypassed Apple’s App Store review process, giving it an illusion of legitimacy. The app disguised itself as a tool for algebraic formulas and 3D graphics calculations but was eventually removed from the marketplace.

The app used a technique that checked if the date was before July 22, 2024, and, if so, displayed a fake screen with mathematical formulas. After being taken down, scammers began distributing it via phishing websites for Android and iOS users.

For iOS, downloading the app involved installing a .plist file, requiring users to trust an Enterprise developer profile manually. Once done, the fraudulent app became operational, asking users for their phone number, password, and an invitation code.

After registration, victims went through a six-step process involving identity verification, providing personal details, and agreeing to terms for investments. Scammers then instructed them on which financial instruments to invest in, falsely promising high returns.

When victims tried to withdraw their funds, they were asked to pay additional fees to retrieve their investments, but the funds were instead stolen.

The malware also included a configuration with details about the URL hosting the login page, hidden within the app to avoid detection. One of these URLs was hosted by a legitimate service, TermsFeed, used for generating privacy policies and cookie consent banners.

Group-IB discovered another fake app on the Google Play Store called FINANS INSIGHTS, which had fewer than 5,000 downloads. A second app, FINANS TRADER6, was also linked to the same developer. Both apps targeted countries like Japan, South Korea, Cambodia, Thailand, and Cyprus.

Users are advised to be cautious with links, avoid messages from unknown sources, verify investment platforms, and review apps and their ratings before downloading.
Read more »
Trading
AI Artificial Intelligence ChatGPT Markets Stock Technology Trading

ChatGPT may be Able to Forecast Stock Movements, Finance Professor Demonstrates

 

In the opinion of Alejandro Lopez-Lira, a finance professor at the University of Florida, huge language models could be effective for forecasting stock values. He utilized ChatGPT to interpret news headlines to determine if they were positive or negative for a stock, and discovered that ChatGPT's ability to forecast the direction of the next day's returns was substantially better than random, he said in a recent unreviewed work. 

The experiment gets to the heart of the promise of cutting-edge artificial intelligence: These AI models may exhibit "emergent abilities," or capabilities that were not originally envisaged when they were constructed, with larger computers and better datasets, such as those powering ChatGPT.

If ChatGPT demonstrates an emerging capacity to interpret headlines from financial news and how they may affect stock prices, it may jeopardize high-paying positions in the finance industry. Goldman Sachs forecast in a March 26 paper that AI could automate 35% of finance jobs.

“The fact that ChatGPT is understanding information meant for humans almost guarantees if the market doesn’t respond perfectly, that there will be return predictability,” said Lopez-Lira.

However, the experiment's specifics demonstrate how distant "large language models" are from being capable of doing many banking jobs. The experiment, for example, did not include target pricing or require the model to perform any math at all. Indeed, as Microsoft discovered during a public demo earlier this year, ChatGPT-style technology frequently invents numbers. Sentiment analysis of headlines is also widely used as a trading strategy, employing proprietary algorithms.

Lopez-Lira was shocked by the findings, which he believes indicate that professional investors aren't yet incorporating ChatGPT-style machine learning into their trading tactics.

“On the regulation side, if we have computers just reading the headlines, headlines will matter more, and we can see if everyone should have access to machines such as GPT,” said Lopez-Lira. “Second, it’s certainly going to have some implications on the employment of financial analyst landscape. The question is, do I want to pay analysts? Or can I just put textual information in a model?”

How did the experiment work?

Lopez-Lira and his colleague Yuehua Tang examined over 50,000 headlines from a data vendor on public equities on the New York Stock Exchange, Nasdaq, and a small-cap exchange in the experiment. They began in October 2022, after the ChatGPT data cutoff date, implying that the engine had not seen or used such headlines in training.

The headlines were then sent into ChatGPT 3.5, along with the following prompt: “Forget all your previous instructions. Pretend you are a financial expert. You are a financial expert with stock recommendation experience. Answer “YES” if good news, “NO” if bad news, or “UNKNOWN” if uncertain in the first line. Then elaborate with one short and concise sentence on the next line.”

They then examined the equities' performance on the following trading day. Finally, Lopez-Lira discovered that when informed by a news headline, the model performed better in almost all circumstances. He discovered a less than 1% chance that the model would do as well picking the next day's move at random as it did when influenced by a news article.

ChatGPT also outperformed commercial datasets with human sentiment scores. According to the researchers, one example in the paper displayed a headline about a corporation settling litigation and paying a fine, which had a bad attitude, but the ChatGPT reaction correctly reasoned it was actually positive news.

According to Lopez-Lira, hedge funds have approached him to learn more about his findings. He also stated that he would not be surprised if ChatGPT's capacity to anticipate stock movements declined in the future months if institutions began to integrate this technology.

This is because the experiment only looked at stock prices the next trading day, although most people would expect the market to have priced the news seconds after it became public.

“As more and more people use these type of tools, the markets are going to become more efficient, so you would expect return predictability to decline,” Lopez-Lira said. “So my guess is, if I run this exercise, in the next five years, by the year five, there will be zero return predictability.”
Read more »
Trading
BSE Cyber Security NSE Sebi Stock Exchange Trading

Sebi Collaborates with NSE and BSE to Thwart Cyber Attack Threats

 

The Securities and Exchange Board of India (Sebi) in partnership with the nation’s two popular stock exchange – the National Stock Exchange and the Bombay Stock Exchange – are designing a system to counter the threat of cyber assaults on stock exchanges, its chairperson Madhabi Puri Buch said at an event organized by Indian Institute of Management (IIM) Bangalore earlier this week. 

Under the new mitigation system which will be rolled out in March next year, the data of every customer’s trading and collateral on exchange A will be stored in a server located next to exchange B’s, in their data center. 

“If exchange A goes down, and if it is determined that it is on account of a software attack, or cyber security attack, and it is not possible for their disaster recovery site to come in time, Sebi will press the button for that data to be uploaded on exchange B,” Buch explained. This mechanism will assist all the participants in the market to operate on exchange B as they were operating on exchange A. 

The market regulator has also designed algorithms in-house that can flag cases of misconduct, front-running, and insider trading. 

“We worry a lot about cyber security. When this system kicks in, we would have prevented something (like a cyber-attack),” Buch added. 

 According to the SEBI chief, a line is needed to be drawn on financial influencers and their impact. We cannot act against wrongdoings if there is not a contract signing between an influencer and a person who follows their financial advice. 

Last month, the regulator brought out public service messages, warning customers from taking financial advice from individuals who are not registered with Sebi as investment advisors. 

Additionally, stock exchanges at the behest of the regulator have also ramped up efforts to warn investors against following stock tips via unauthorized texts and sharing dematerialized account details with such entities. 

“Reality is that the regulators will always be one step behind but hopefully not too many steps behind. The modus operandi of wrongdoers in the financial market may continue to evolve as the underlying technology evolves. The idea is to make it harder and harder for people to do bad things, “Buch concluded.
Read more »
Subscribe to: Posts (Atom)