Kaspersky researchers have detected an unusual malicious campaign that uses a phishing copy of a popular VPN service’s website to spread AZORult, a Trojan stealer, under the guise of installers for Windows. In 2019 this malware targeted more than 40,000 users in the Middle East. The campaign, which kicked off at the end of November 2019 with the registration of a fake website, is currently active and focused on stealing personal information and cryptocurrency from infected users. This shows that cybercriminals are still hunting for cryptocurrency, despite reports that interest in the currency has died down.
AZORult is one of the most commonly bought and sold stealers on Russian forums due to its wide range of capabilities. This Trojan poses a serious threat to those whose computers may have been infected as it is capable of collecting various data, including browser history, login credentials, cookies, files from folders, cryptowallet files and can also be used as a loader to download other malware.
In a world where privacy is heavily fought for, VPN services play an important role by enabling additional data protection and safe internet browsing. Yet cybercriminals try to abuse the growing popularity of VPNs by impersonating them, as is the case in this AZORult campaign. In the most recent campaign, the attackers created a copy a VPN service’s website, which looks exactly the same as the original with the only exception being a different domain name.
Links to the domain are spread through advertisements via different banner networks, a practice that is also called ‘malvertizing’. The victim visits the phishing website and is prompted to download a free VPN installer. Once a victim downloads a fake VPN installer for Windows, it drops a copy of AZORult botnet implant. As soon as the implant is ran, it collects the infected device’s environment information and reports it to the server.
Finally, the attacker steals cryptocurrency from locally available wallets (Electrum, Bitcoin, Etherium, and others), FTP logins, and its passwords from FileZilla, email credentials, information from locally installed browsers (including cookies), credentials from WinSCP, Pidgin messenger and others. Upon the discovery of the campaign, Kaspersky immediately informed the VPN service in question about the issue and blocked the fake website.
“This campaign is a good example of how vulnerable our personal data is nowadays. In order to protect it, users need to be cautious and be especially careful when surfing online. This case also shows why cybersecurity solutions are needed on every device. When it comes to phishing copies of websites, it is very difficult for the user to differentiate between a real and a fake version. Cybercriminals often capitalize on popular brands and this trend is not likely to die down”, comments Dmitry Bestuzhev, head of GReAT in Latin America. “We strongly recommend using a VPN for protection of data exchange on the web, but it is also important to closely study where the VPN software is downloaded from.”
Kaspersky detects this threat as HEUR: Trojan-PSW.Win32.Azorult.gen. To reduce the risk of infection with Trojan stealers such as AZORult, Kaspersky recommends users to:
- Check if the website is authentic. Do not visit websites until you are sure that they are legitimate and start with ‘https’. Confirm that the website is genuine by double-checking the format of the URL or the spelling of the company name, reading reviews about it and checking the domain’s registration data before starting downloads
- Store cryptocurrencies in cold wallets (ones that are not connected to the internet) to minimize risks of funds being stolen
- Try to keep your passwords and other personal information, including a wallet’s private key, in a password manager.
- Use a reliable security solution that protects devices from a wide range of threats, including phishing activity.
Cryptoland Just Lost its $12 Million Bid to Buy Fiji Island for Resort
Widely mocked plans to establish a tropical haven for cryptocurrency enthusiasts have run into trouble after a contract to buy an island in Fiji for US$12m fell through:
A group of crypto-evangelists, led by Max Olivier and Helena Lopez, outlined plans for the island, Nananu-i-cake, in a lavishly animated YouTube video, featuring a wide-eyed crypto bro named Christopher landing by helicopter and being given a guided tour by a talking coin called Connie.
The full YouTube clip has been taken down, but cached copies show it touted the island as “an international hub for the community to come live, work and have fun and enjoy a first-class crypto lifestyle”, boasting “a complete ecosystem that represents the blooming crypto space” that was “a paradise made by crypto enthusiasts for crypto enthusiasts”.
Areas planned included Cryptoland Bay, Crypto Beach, House of Dao – a reference to decentralised autonomous organisations, a form of non-corporate structure promoted by crypto enthusiasts as an alternative to companies – and the members-only Vladimir Club, another crypto in-joke that refers to people who hold 0.01% of a given cryptocurrency.
Also on offer were 60 plots of land on what the video describes as “the Blockchain Hills” (Nananu-i-cake has only one hill). These were to be sold to “Cryptolander Kings” via non-fungible tokens – unique tokens that use the same blockchain technology underpinning cryptocurrencies like bitcoin.
The project has been compared to the collapsed Fyre festival and the video was greeted with scoffing on social media.
Nvidia May Restart Cryptomining GPU Production
Nvidia is thinking about beginning production of crypto-mining specific Ampere graphics cards that come without display outputs, but first, it needs to find out whether there’s enough mining demand for the latest graphics processors.
“If crypto demand begins or if we see a meaningful amount, we can also use that opportunity to restart the CMP [mining-specific GPUs] product line to address ongoing mining demand,” said Colette Kress, chief financial officer at Nvidia, at the 19th Annual J.P. Morgan Tech/Auto Forum Conference.
Demand for gaming graphics cards, high-performance processors, and game consoles has exceeded supply for months as people spend more time at home and entertain themselves playing the latest game titles. Cryptocurrency valuations have skyrocketed recently, reactivating miners who rushed to get graphics cards, further increasing demand for GPUs. Nvidia has had a hard time understanding how demand from cryptominers affects its current sales, but it is mulling restarting the production of mining-specific graphics cards.
“We don’t have visibility on how much of the GeForce RTX 30-series end demand comes from mining,” said Kress. “So, we don’t believe it’s a big part of our business today. Gaming demand is very strong, and we think that’s larger than our current supply.”
It doesn’t always make a lot of sense to mine Bitcoins using Nvidia’s latest GPUs, which tend to be pretty expensive. There are special accelerators designed for Bitcoin mining, and those ASICs tend to be considerably more efficient than graphics processors. In contrast, GPUs are used to mine Ethereum, which has been gaining price in recent weeks, just like Bitcoin.
Since demand for Nvidia’s products has generally been high in recent months, it isn’t easy for Nvidia to understand how significantly cryptominers affect this demand, especially keeping in mind the fact that select makers of graphics boards have mined cryptocurrency at their own facilities before releasing these cards to the market.
It is beneficial for Nvidia to clearly understand how many of its GPUs are needed by cryptominers. Since miners only need compute capabilities of a GPU, they do not need display outputs, and they do not care if the GPU they use comes with disabled texture mapping units or lacks video processing capabilities. As a result, Nvidia can sell them graphics processors that would otherwise go to waste. Those come in the form of the aforementioned CMP GPUs.
But before making such chips available to add-in-board (AIB) manufacturers, GPU designers need to figure out the total available market that they are trying to address so they don’t bin chips that aren’t needed. Before that happens, GPU developers may just enjoy additional demand for their products.
Twitter Hack Targets High-Profile Accounts
Joe Biden, Elon Musk, Jeff Bezos and other high-profile Twitter account holders were the targets of a widespread hack to offer fake bitcoin deals on Wednesday in one of the most pronounced security breaches on a social media site. Accounts for former US president Barack Obama, Microsoft co-founder Bill Gates, musician Kanye West and both Uber and Apple also posted similar tweets, all instructing people to send cryptocurrency to the same bitcoin address. The tweets were removed throughout the afternoon, shortly after being posted.
“The hackers ask users to send anywhere between 0.1 BTC to 20 BTC to a designated Bitcoin address and that they’ll double victims’ money,” explained Satnam Narang, Staff Research Engineer, Tenable. “This is a common scam that has persisted for a few years now, where scammers will impersonate notable cryptocurrency figures or individuals. What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater.”
Narang further added that this is a fast moving target and so far over $50,000 has been received by the Bitcoin address featured on the CryptoForHealth website and in Elon and Bill Gates’ tweets. “We strongly advise users never to participate in so-called giveaways or opportunities that claim to double your cryptocurrency because they’re almost always guaranteed to be a scam,” Narang said.
There have been hacks of high-profile individual accounts on Twitter before, including Twitter chief executive Jack Dorsey last year. But the widespread nature of this attack suggested an unusually broad access to internal controls. While it was unclear how the attacks originated or why they went on for hours, some cybersecurity experts speculated that someone may have gained access to internal Twitter controls that allowed them to take over and post on the accounts.
“While the origins and scope of this pervasive attack are under investigation, the coordinated Bitcoin giveaway scam itself was designed to convince millions of Twitter followers to believe the fraudulent tweets, click the link, and pay Bitcoin,” said Loïc Guézo, Senior Director of Cybersecurity Strategy, EMEA at Proofpoint. “People are still a main focus for threat actors, even in scenarios where a system is possibly compromised. The social engineering featured in this scam demonstrates that the attackers targeted Twitter employees with access to internal tools and preyed on the trust associated with verified accounts and the attraction of doubling your money. To make the scam seem more authentic, they even set a time limit and an easy payment option to drive a swift response. Threat actors understand human nature and are unrelentingly focused on taking advantage of our society’s trust in digital channels.”
The attack also partially shut down the network. Twitter said in a tweet that some users weren’t able to tweet while it was addressing the incident. Users with the check mark indicating that their accounts were verified by Twitter reported that they weren’t able to tweet. Twitter started letting verified accounts tweet again yesterday night but warned the “functionality may come and go” as it worked on a fix to the breach. Later the same night, Dorsey tweeted that the company was “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” He called it a “tough day” at Twitter.
“Until we know exactly how these scam tweets were sent, it’s difficult to suggest what actions you might take, particularly given that access to services such as password changes (and presumably also changing details such as two-factor authnetication numbers) is being restricted,” explained Paul Ducklin, principal research scientist, Sophos. “However, these scammers will only succeed if people fall for their unlikely messages – which rely on people suspending their disbelief simply because the tweet comes from a celebrity or someone they are inclined to trust.”
Twitter said in a later tweet that it “detected a coordinated attack by people who successfully targeted some of our employees with access to internal systems and tools.” The hackers used that access to take over the accounts. The breach will create major optics challenges for Twitter, and it will make it more challenging moving forward to verify the authenticity of messages on the service, cybersecurity experts warned. That could have wide-reaching implications for politicians, celebrities and brands that use Twitter as an essential channel for communication.
Some of the people who were hacked indicated that they had turned on two-factor authentication and were using strong passwords, which typically makes unauthorized account access much more difficult. Meanwhile, Uber’s corporate account posted a tweet that read, “Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled.”
Uber confirmed in a tweet that its account had been hacked. “Like many others, our @Uber account was hit by a scammer today. The tweet has been deleted and we’re working directly with @Twitter to figure out what happened,” the company’s communication team tweeted. Then came a tweet from Amazon CEO and Washington Post owner Bezos’s account. “I have decided to give back to my community.” The tweet said it would be limited to $50 million.
Twitter said in tweets Wednesday night that it had “locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.” Meanwhile, the company is internally limiting access to tools while it investigates what happened.
Video: Kieslect Smart Calling Watch Kr Review
The Kieslect Smart Calling Watch Kr comes packed with a 2-in-1 core calling chip that allows you to make and...
Review: HONOR PAD 8
HONOR’s much-awaited entertainment PAD 8 tablet is finally available in the UAE. The tablet offers a wide range of features...
Video: Gorenje GS671C60X Freestanding Dishwasher
The Gorenje GS671C60X comes with a wide range of features to make your dishwashing a whole lot easier. This one...
Review: realme Pad
realme as a brand is gaining momentum in the region. The company which started by launching its smartphones and accessories...
Review: ROG FLOW X16 (GV601)
ROG launched its Flow series gaming laptops that offered performance, even though they weighed in at just under 1.3 kgs....