We’ve collected the most important news from the world of cybersecurity this week.
- Experts have discovered a new alternative to the LockBit ransomware.
- Google has started tracking browser history for advertising purposes.
- The Russian Federation has not ruled out blocking WhatsApp.
- The publisher of Meduza was attacked using Pegasus spyware.
Experts have discovered a new alternative to the LockBit ransomware
Attackers have begun to use the new 3AM ransomware in cases where they are unable to deploy the LockBit ransomware on the target network. This was reported by Symantec Threat Hunter analysts.
The malware is written in Rust and is not related to any known ransomware family, making it a completely new malware.
Before an attack, 3AM resets system policy settings for a specific user. The ransomware also tries to stop the operation of services and products related to security and backup.
So far, 3AM attacks are quite rare. However, experts have not ruled out that in the future it will attract the attention of other attackers as an alternative to LockBit.
Google has started tracking your browser history for advertising purposes.
Google has added a new advertising platform, Privacy Sandbox, to its latest Chrome browser update. It will monitor the pages users visit and create a list of advertising topics based on their interests.
A warning about the new tool appears when you open the browser. After this, the advertising platform is turned on automatically.
Privacy Sandbox testing will continue until 2024, with third-party cookies expected to be completely disabled by default by the fourth quarter.
The Russian Federation has not ruled out blocking WhatsApp
Roskomnadzor allowed WhatsApp to be blocked in the Russian Federation if the service launches “unfriendly channels.” Interfax reports this.
The department’s comment came shortly after the company announced the launch of the channel creation function in 150 countries.
RKN recalled that it will demand that the messenger immediately delete any prohibited information, and if it refuses, it will block it.
“The application of measures for non-compliance with the laws of the Russian Federation directly depends on the administrations of such companies and the decisions they make,” the department added.
The publisher of Meduza was attacked using Pegasus spyware
The iPhone of Meduza publisher Galina Timchenko was infected with the Pegasus spyware in February 2023, but the hacking was only discovered at the end of June after notification from Apple. The investigation was conducted by Access Now and Citizen Lab specialists.
🚨BREAKING: Exiled media under attack!
— Access Now (@accessnow) September 13, 2023
Access Now and @citizenlab reveal first-time documented use of NSO Group’s Pegasus spyware against a Russian journalist – the head of @Meduzaproject Galina Timchenko.
Dive into our report: https://t.co/yDXxday4oe
The malware gives the hacker access to the sound, camera and memory of the smartphone into which the SIM card is inserted. Unknown people could gain access to the full contents of the phone, including home address, meeting schedule, photos and even correspondence in encrypted instant messengers.
It is almost impossible to resist the Pegasus installation. In Timchenko’s case, the HomeKit and iMessage services, which were vulnerable to malware, were most likely used.
At the time of infection, the journalist was in Germany, where she participated in a confidential meeting of representatives of Russian independent media. Two weeks earlier, Meduza was recognized as an undesirable organization in the Russian Federation.
Pegasus is a development of the Israeli NSO Group. Researchers were unable to determine who was behind the infection after analyzing Timchenko’s phone. Among the suspects, they name the intelligence services of Russia, Kazakhstan, Azerbaijan, Estonia, Germany or Latvia.
More than 60,000 Android owners have downloaded a malicious Telegram clone
Kaspersky Lab researchers have discovered many malicious modifications of the Telegram messenger on Google Play. They are promoted among the Chinese audience as a fast alternative to a regular application through the use of a distributed network Data centers.
Externally, the clones are identical to the original Telegram, but contain spyware functions in their code.
In particular, they gain access to the user’s contacts, name, ID, phone number, message contents, and then transfer this data to the command and control server.
More than 60,000 Android users became victims of this campaign.
At the time of writing, all identified malicious applications have been removed from Google Play, and their developers have been blocked.
Also on ForkLog:
- Tether froze $1.4 million of the $2.7 million stolen from the Remitano exchange.
- The former top manager of Celsius Network admitted guilt.
- A third of the cryptocurrencies stolen by North Korean hackers were obtained in two attacks.
- Sam Altman admitted that Worldcoin has problems.
- The Bitzlato exchanger has increased the amount of bitcoins available for withdrawal.
- In Ukraine, a pre-trial investigation has been launched against participants in the crypto market.
- The co-founder of OneCoin was sentenced to 20 years in prison.
- CoinEx has confirmed a hot wallet hack following the discovery of “suspicious outflows” by PeckShield analysts. Hackers from Lazarus were suspected of the attack, and users were promised 100% compensation.
- OKLink and CertiK will develop a standard for blocking stolen tokens.
- The team of the Telegram bot Banana Gun bought back its own tokens due to an error in the smart contract.
- Hackers hacked Vitalik Buterin’s X-account by replacing the SIM card.
- Media: the creator of the fraudulent Bitcoin exchange Intelex was arrested in Moscow.
- Vinnik’s trial was postponed to September 2024, while the Russian’s lawyer allowed his client to admit guilt.
- In Thailand, those accused of organizing a $27 million crypto fraud were arrested.
- The Poly Network hacker transferred 1,500 ETH to Tornado Cash.
- Lido Finance did not confirm the exploit of LDO tokens.
- US authorities demanded $5.2 million in bitcoins from the hacker.
What to read this weekend?
Representative NAPP Uzbekistan spoke about the regulator’s counteraction to cybercrime in the cryptocurrency sector.