Home Blog

Free Chinese VPN exposed data from over a million users

0
Free Chinese VPN exposed data from over million users

Researchers WizCase has discovered a leak in QuickFox, a free VPN service that is primarily used to visit Chinese websites outside China. In the leak, they found personal details of a million users, including names and phone numbers.

It was not difficult for the researchers to access this data. The data was neither password-protected nor encrypted.

QuickFox

Quickfox is a free VPN app aimed at Chinese people who live outside of China and still want to visit Chinese websites. Some Chinese websites can only be visited from China itself. With such geographical restrictions, the IP addresses of visitors are checked to see if they are in the correct region.

With a VPN, you can get around such restrictions by connecting to a VPN server in the correct country. You then take the IP address of the VPN server, making it seem like you are in China, for example.

Cause of the leak

The leak was caused by the open-source programs QuickFox used to perform searches in large amounts of data, not secured was. Access to one of the programs, Elasticsearch, was not secured. This allowed everyone to view the dataset. The server contained QuickFox logs and therefore personal data of QuickFox users.

Data from 1 million users

The researchers found 100GB of data on the server that they could easily access. They found the personal data of approximately 1 million QuickFox users. Personal information included email addresses, phone numbers, details about devices used, and encrypted passwords.

The passwords were encrypted using MD5 hashing, a method that does not stand up well to modern password cracking techniques. The IP addresses assigned to users by the VPN and the original IP addresses of users were also visible in the dataset.

Information about other apps

Of 300,000 users, information about the software that could be found on their devices in addition to the QuickFox was also found on the server. This allowed the researchers to see which other apps a user had on their device. The installation date and version of the app were also included in the data.

It is strange that a VPN stores such information as it is not necessary for the VPN app to function. Good VPN providers keep as little data of users as possible because they choose a VPN to better protect their privacy online. The data from QuickFox is therefore remarkable, to say the least.

phishing

If you have used QuickFox in 2021, it is wise to be extra wary of online scams. Because your personal information may be known to scammers, they can make their phishing emails appear more credible. Also, it never hurts to change your passwords.

Curious about which VPNs work in China and protect your privacy? We made a list of the best VPN providers for China.

Catch up on more articles here

Follow us on Twitter here

European healthcare institutions more often targeted by ransomware attacks

0
European healthcare institutions

European healthcare institutions are more often the victims of ransomware attacks. Since the beginning of this year, 25 ransomware attacks have taken place, hitting 66 locations. That’s a lot more than last year. In our country, four healthcare organizations have been affected by the ransomware so far.

Z-CERT, the Computer Emergency Response Team of the Dutch healthcare sector, writes this in a press release.

Ransomware attacks in healthcare sector on the rise

More and more healthcare institutions in Europe are attacked by hackers with ransomware. Ransomware is software that, once installed, allows cybercriminals to penetrate the corporate network almost undetected. Once inside, they try to gain access to multiple parts of the system (privilege escalation) in order to loot confidential and privacy-sensitive information. System administrators and other employees are often locked out, which means they can no longer log in to do their work and have no access to company data.

Ransomware attacks are on the rise. In all of 2020, there were fewer than ten attacks in the European healthcare sector. This year the counter is already at 25. 66 care locations had to temporarily stop their work. The Netherlands was then spared by hackers. That is no longer the case this year. According to Z-CERT, four healthcare organizations have been attacked with ransomware so far.

“The actual number is probably many times higher,” says Z-CERT analyst Jan Hanstede. That’s because not every attack is reported. Hanstede thinks he knows why. “We still often see that authorities do not publish reports about this. Presumably for reputation reasons or because the service has not suffered as a result”

Suppliers are also a favourite target of hackers

In addition to direct attacks on European healthcare institutions, there is another way in which the healthcare sector is hindered by hackers: they also carry out ransomware attacks on suppliers. An attack on a Software-as-a-Service or SaaS supplier affects the entire chain. Because suppliers get into trouble, this in turn also applies to buyers. You may remember the supply chain attack at SolarWinds, which gave hackers backdoor access to the corporate networks of thousands of customers worldwide.

Z-CERT’s cybersecurity specialists keep a close eye on various hacker groups. “Ransomware groups Hive and Vice Society are mainly active in the healthcare sector. These ransomware groups have already made several victims in recent months,” says Hanstede.

Healthcare institutions must be aware of the dangers

The healthcare sector’s Computer Emergency Response Team is doing everything it can to make healthcare organizations aware of the dangers. At the beginning of this year, Z-CERT published various tips and tricks to keep hackers out. In addition to a strong password, multi-factor authentication and regular backups, security experts also recommended applying application whitelisting and the least privilege principle.

Z-CERT also shares the so-called Indicators of Compromise (digital footsteps) of hackers via the ZorgDetectieNetwork . This makes it possible to detect cybercriminals at an early stage, even before they can cause damage to company systems and servers. Participants will also be notified when updates are ready or vulnerabilities have been found in hardware and software used by healthcare institutions. Finally, from now on there will be a counter on the main page of the Z-CERT website. This indicates how many European and Dutch healthcare institutions have been affected by a ransomware attack. Z-CERT hopes that the Dutch healthcare sector will increase their cybersecurity measures to keep hackers out.

In March, Z-CERT warned about SilverFish , ransomware that has claimed thousands of victims worldwide. At least ten care locations in our country have been affected by this. “SilverFish’s activities are difficult to detect. That is why it is important to know how the hacker group works. Data and studies from other security organizations help us to form the best possible picture of the dangers and consequences of SilverFish for the healthcare sector,” says security specialist Stijn Derksen.

Catch up on more articles here

Follow us on Twitter here

Cyber ​​police Thailand offers immediate solutions to prevent theft

0
Cyber ​​police Thailand

After nearly 40,000 people were scammed over the past weekend with their bank accounts and credit cards showing unexplained transactions, the Cyber ​​Crime Investigation Bureau (CCIB) offered a number of solutions.

CCIB Chief Commissioner Kornchai Klaiklueng said yesterday that the central bank will be advised to register all online stores and ensure that account holders are notified of all transactions, large or small, to avoid such issues in the future. to prevent.

The scammers are believed to have stolen up to 10 million baht by withdrawing small amounts from various accounts. In the current system, account holders are not notified of small withdrawals.

Police believe the scammers likely used multiple sources to steal the money, including:
• Stealing information through applications that link users’ credit and debit cards to their bank accounts.
• Fraudulent links sent via text messages.

  • Credit card and CVV numbers were stolen by store employees and sold on the black market.

Catch up on more articles here

Follow us on Twitter here

Thailand’s prime minister vows to crack down on hackers

0
Thailand's prime minister vows crack down hackers

Prime Minister Prayut has personally instructed several relevant agencies to take action against hackers after thousands of unexplained transactions in the accounts came to light over the weekend.

Police Colonel Kritsana Pattanacharoen, deputy. Police spokesman said people should be aware of all transactions, both small and large, as small amounts can often be taken from their accounts from unknown sources.

He said this after thousands took to social media to complain about their accounts or personal information being hacked.

Some people claimed that small changes were made from their debit cards by EDC machines, but confirmed via text message from the bank.

Senior Police General Suwat Jangyodsuk reiterated the Prime Minister’s order and urged all related agencies to investigate, arrest and eliminate online threats.

He also advised victims to advise their bank to freeze their cards, refuse online payments and check their statements. He also urged them to collect related information and file police complaints.

Catch up on more articles here

Follow us on Twitter here

Latest version iPhone iOS 15.0.2 already hacked

0
Latest version iPhone iOS 15.0.2 already hacked

A Chinese hacker team has already hacked the latest version of Apple’s operating system on the iPhone 13 Pro. Although iOS 15.0.2 has only been available for a week, the hackers managed to hack into the phone within 15 seconds.

The good news is that the hack took place during a match. The team hacked into the phone during a popular cybersecurity competition in Chengdu, China.

Reward for jailbreaking

The competition, called Tianfu Cup, was held on October 16 and 17. It allows ethical hackers to find all vulnerabilities in popular operating systems and software. The fastest and best hacks also win a cash prize.

Team ‘Kunlun Lab’ took home $120,000 in cash for jailbreaking the iPhone 13 Pro that already works with iOS 15.0.2. Jailbreaking is jargon for removing Apple’s security. The team managed to exploit a code in the Apple browser Safari to gain access to the device. The hack only lasted 15 seconds.

Another team, PangU, managed to jailbreak the same phone remotely. For this, it won $300,000, which is the highest prize in the competition.

Participants had to circumvent the so-called Pointer Authentication Code, ‘PAC’. This is a security that Apple uses in its devices. They also had to do this live in front of an audience.

Apple praises itself on security

Obviously, Kunlun Lab prepared well and did extensive research before starting the hack. Not everyone can do this right away. Yet it remains astonishing.

Especially since Apple considers its security excellent. The brand likes to boast of its many advanced security features. Despite this security, hackers managed to jailbreak the iPhone.

The Tianfu Cup is for ethical hacking

The competition didn’t just focus on iPhones. Other devices such as Chromebooks, Windows and Linux devices and even Xiaomi smartphones were potential ‘victims’.

Moreover entered the game for ethical hackers, also called white hat hackers said. Ethical hacking is not illegal and companies are happy about it. They can use the findings to update their systems.

This is why details of the contest have not yet been made public. Participants in the Tianfu Cup must keep their methods secret so that companies can update their software before the details are released. After all, they don’t want everyone to be able to abuse the vulnerabilities found.

Catch up on more articles here

Follow us on Twitter here

Amazon files objection to European privacy fine

0
Amazon files objection European privacy fine

Amazon has filed an objection to the fine of 746 million euros imposed on the webshop in July 2021. The Luxembourg regulator CNPD imposed a fine for violating the European GDPR privacy directive.

Appeal against millions of fines

Amazon was fined in July 2021 for failing to comply with European privacy rules. Amazon continues to maintain that data has never been stolen. According to Amazon, no customer data has ended up with third parties. Amazon has therefore appealed against the million-dollar fine, Bloomberg reports. The appeal was submitted to the Luxembourg Administrative Tribunal last Friday.

Collection of personal data

The record fine of no less than 746 million euros has been imposed by the Luxembourg regulator CNPD. Amazon is based in Luxembourg in the EU and therefore falls under CNPD. According to CNPD, Amazon has processed the personal data of customers in a way that violates European privacy rules. The CNPD fine was imposed following a 2018 complaint from the French privacy rights group La Quadrature du Net.

Amazon is said to have collected data about customers and partners. The web store group would also have collected information about the browsing and purchase history of visitors to the webshop. Amazon may use this information for the personalized advertising system. Amazon would not have asked users for permission to do this. This goes against European rules.

Like Google and Facebook, Amazon makes a lot of money from big data. The large amounts of information that companies collect about internet users can be used for market research. Amazon collects information about the products that customers buy and which pages they visit. Amazon can give suggestions and hope that customers can buy more.

Fine of 746 million euros

A violation of the privacy law can result in a hefty fine. Never before has a fine for violating European privacy rules been so high. In 2018, privacy rules in the EU were tightened. Since then, companies can be fined up to four per cent of a company’s worldwide turnover.

Even more millions of fines

This is not the only fine that Amazon has to hang on its pants. At the end of 2020, Amazon was also fined tens of millions of euros by the French regulator CNIL. Amazon had placed advertising cookies without asking users for permission. In addition to functional cookies, advertising cookies also ended up on visitors’ computers. The information provided in advance was not sufficient and too general. Amazon was fined €35 million for this violation.

Catch up on more articles here

Follow us on Twitter here

Amount of ransomware attacks continues to rise

0
Amount ransomware attacks continues rise

Allianz Global Corporate & Specialty (AGCS) notes that cybercrime increased by 125% in the first half of 2021 compared to the previous year. The biggest gainers are ransomware attacks and extortion. This is what the insurance company says in a report about the biggest risks that companies run in the field of cybersecurity in 2021.

Ransomware attacks have increased by 62%. It is estimated that these attacks cost around $20 billion. Cybersecurity Ventures predicts that costs will reach $265 billion by 2031.

“The number of ransomware attacks may actually increase before it gets better,” said Scott Sayce, Global Head of Cyber ​​at AGCS. He adds that not every attack is targeted. Criminals also shoot hail at companies that are not properly secured. Criminals randomly attack poorly secured organizations in the hope of hacking into valuable systems.

AGCS also identifies four trends, which we explain here.

Ransomware as a service

The world is increasingly digital and working from home has become the norm due to Covid-19. At the same time, many organizations are cutting back on IT, leaving their systems exposed to hacks.

Criminals take advantage of this. “The knowledge threshold to commit these types of attacks is relatively low and ransomware tools are easier to obtain,” said insurance expert Marek Stanislawski. “The use of cryptocurrencies and the relative ease with which gangs evade detection allow criminals to thrive with ransomware.”

This is because hacker groups, such as REvil, operate as companies. They offer ransomware as a service so that in theory anyone can commit an attack without knowing it.

Double extortion

Cybercriminals no longer stick to simple extortion. They encrypt not only data or systems, but also backups with an additional threat to reveal personal data.

In such a case, a company has to deal with two adverse consequences. First of all, the company network is down, which means it can no longer work. Secondly, it runs a high risk of a data breach.

There are criminals who go as far as three-part extortion. To do this, they encrypt the data, steal it and carry out a ‘ Distributed Denial-of-Service ‘ (DDoS) attack. The company can no longer work, runs the risk of a data breach and customers can no longer reach the company.

Supply Chain Attacks

The best-known ransomware attacks of the past year, such as those on VDL/NedCar , are attacks on supply chains. There are two types of attacks: attacks on software to spread malware across a physical system and attacks on digital chains. By installing malware in updated software, companies, such as SolarWinds, inadvertently spread this malware to customers themselves.

Sanislawski thinks this form of ransomware attack is the next big thing. The European Network and Information Security Agency also expects supply chain attacks to quadruple by the end of the year.

Hackers demand more ransom

In 2020, hackers demanded an average of just over $1 million to return data. By mid-2021, that has increased to $ 5.3 million. That’s an increase of 518%.

However, companies do not always pay the full amount. However, the amount of payments has also increased, from an average of 313,000 to 570,000 dollars.

The government advises against paying ransom. After all, it does not guarantee that your data is safe and the damage has already been done.

Catch up on more articles here

Follow us on Twitter here

Censorship in Vietnam: an army of online manipulation

0
Censorship Vietnam: army online manipulation

Censorship in Vietnam: an army of online manipulation

The Communist Party of Vietnam (CPV) is the only political party in Vietnam. On paper, it coexists with the Vietnamese National Front, but this is actually a kind of umbrella organization of all Vietnamese associations that are strongly in favour of the government. The CPV has centralized control over the state, the military and the media. The supremacy of the party is even guaranteed in the national constitution.

This party also takes care of all censorship in the country. The government has been censoring the internet since 2013 when it was decided that citizens were no longer allowed to discuss political or other current affairs online. The CPV is particularly hard on bloggers and news sites.

In this article, we explain exactly how censorship in Vietnam works. We’ll cover why the Communist Party censors the Internet, what content the censorship targets, and how the government applies Internet censorship.

Why is Vietnam censoring the internet?

Vietnam has almost 70 million internet users. A large part of the 100 million inhabitants, therefore, has access to the internet. According to President Tran Dai Quang, opponents are using the internet to organize political campaigns that “undermine the prestige of the party leaders and the state.” He suggested that the government was working on a solution “to prevent news sites and blogs with bad and dangerous content.”

Despite the emphasis on ‘fake news and ‘malicious content’, Vietnam’s censorship is mainly directed against the Communist Party‘s political opponents. This concerns civil and human rights organizations and religious groups such as Buddhists and Roman Catholics.

Internet censorship in Vietnam is thus a means for the Communist Party to exert political control. In this way, she can determine the political debate, tackle opponents, and remove news if this is negative towards the party.

What is the Vietnamese government censoring?

You often see countries that censor that they protect religious organizations. This is the case, for example, with Iran and Turkey. Vietnam does not do this. On the contrary; the Vietnamese government actually blocks content that promotes religious organizations.

The censorship in Vietnam also focuses on silencing the political opposition and human rights organizations.

Critical voices towards the Party

The vast majority of content censored by the Communist Party of Vietnam consists of so-called threats to party rule. This can be information about the abuses of the ruling party, or even information about other forms of government such as democracy.

Also, news media with a critical attitude towards the Communist Party are censored. For example, websites have been blacklisted that commented on the government’s response to border and maritime disputes with China. Reports about the environmental disaster in the Formosa Steel Factory were also blocked.

In addition, the government is taking action against the political opposition. She banned independent candidates from campaigning on social media in the May 2021 parliamentary election. She took this hard; some who announced their candidacy online were arrested. The government also threatened other candidates with smear campaigns.

Human rights organizations

In the past, the government has restricted access to websites of human rights organizations. Sites of organizations such as Human Rights Watch, Reporters Without Borders, Freedom House, the Red Cross, Amnesty International and Greenpeace were inaccessible to users in Vietnam. Human rights activists in the country are still having a hard time. Websites remain unstable and even endure spyware attacks. As of June 2021, 235 activists were imprisoned in the country for exercising their fundamental rights, including freedom of expression.

Religious groups

In keeping with its social values, the Communist Party of Vietnam blocks all content that promotes organized religion. These are religions such as the Cao Dai group, Buddhism and the Roman Catholic Church. The government sees organized religious groups as a threat to the state and censors them as potential political opponents.

Censorship Bypass Tools

Internet service providers (ISPs) in Vietnam have taken steps to block access to means of circumventing Internet censorship. Examples include VPNs and proxies. For some, these resources are still within reach; the censorship, therefore, depends on the subscription and your internet provider.

How does Vietnam censor the internet?

The Communist Party of Vietnam uses various methods to censor the Internet. For example:

  • Owning internet service providers and telecommunications companies.
  • Limiting connections.
  • Content manipulation.
  • (Technical) attacks.
  • Fines and other penalties.

Telecommunications as State Property

Vietnam’s censorship is in large part possible because the Communist Party has control over the country’s telecommunications infrastructure.

The Vietnam Post and Telecommunications Company (VNPT) and Viettel dominate the telecommunications sector in Vietnam. Viettel is owned by the Vietnamese army. Three of the four providers that allocate bandwidth to the country’s Internet service providers are state or military-owned.

Internet Blocks and Restrictions

The Vietnamese government regularly applies bandwidth restrictions for political reasons. She also regularly blocks access to the internet or to social media and apps, including Facebook and Instagram.

In addition to blocking access to the Internet, the government is also using its control over the telecommunications infrastructure to block the cellular signal to cell phones. In this way, during periods of political unrest, it can disrupt the communication of protesting groups and prevent the dissemination of information and news.

Regulations

The Vietnam Internet Network Information Center (VNNIC) is responsible for internet censorship in the country. The VNNIC is a sub-department of the Vietnamese Ministry of Information and Communication. It assigns Internet domain names, IP addresses, and autonomous system numbers and monitors their use.

The Ministry of Public Security (MPS) is part of the VNNIC. She oversees political censorship. In theory, MPS decisions should be transparent and consistent with government policy. However, the Ministry is not open about blacklisting websites and removing content.

Save data and block content

Since 2017, the Vietnamese government has been stepping up pressure on international content and social media platforms to remove content that the Communist Party deems “harmful.”

In the same year, the country passed a law requiring social media companies such as Facebook to remove “offensive” content from their platforms. This must be done within one day of a request from the VNNIC.

Facebook refused to comply with these regulations, after which several advertisements from Facebook and YouTube were withdrawn. The Vietnamese government commissioned this to various multinationals with offices in Vietnam. Since then, Facebook and the Vietnamese government have been engaged in a tug-of-war. Sometimes Facebook responds to the requests of the VNNIC, other times it takes the loss of revenue for granted.

Another law requires technology companies with offices in Vietnam to store user data . The Information Security Act allows government agencies to share users’ personal data with each other without permission. The companies are also required to hand over data decryption keys to the Vietnamese authorities upon request.

With a law from 2021, Vietnam wants to create a new government agency. This person will then be given control over the processing of personal data of, among others, social media companies, banks and healthcare institutions.

The government also announced a new draft law requiring social media platforms to hand over user contact information to the state. This concerns user of accounts with more than 10,000 followers or subscribers.

Manipulating content

The government is actively trying to manipulate public opinion. In the capital Hanoi, a military unit of 10,000 men is working to influence opinions online. They fight “misconceptions” and remove “bad and dangerous content.”

These pro-government online manipulators monitor social media content, gather information about users and direct online discussions to align with the views and opinions of the Communist Party of Vietnam. Since its inception in 2017, the so-called  Force 47 has set up hundreds of Facebook groups and pages and posted thousands of pro-government articles and posts.

Technical Attacks

Computers belonging to human rights organizations have been attacked several times since 2009. Vietnamese-language programs infected the computers with botnet software. This software was designed to support DDoS attacks on news websites and blogs considered critical of the government.

Leaked – and subsequently published – documents in 2017 revealed that the government-sponsored hackers to conduct a cyber-espionage campaign. This campaign targeted Vietnamese media organizations, the Vietnamese diaspora in Australia, and companies with interests in Vietnam.

Fines and dismissals

Journalists who write articles critical of the communist government can be punished with fines, disciplinary warnings, dismissal and even jail time.

According to the decree, the government can impose 174 fines of up to 100 million Vietnamese dong (about 4,000 euros) on anyone who criticizes the government, the Party or national heroes. The same fine applies to the spreading of propaganda and ideology against the state on social media.

The MPS has already been enforced hard on several occasions. For example, she has withdrawn the press card of Mai Phan Loi, a journalist at the Ho Chi Minh City Law Newspaper. Mai Phan Loi posted a poll on a Facebook page about the crash of a Vietnamese maritime patrol plane. He wrote that the plane had “exploded to pieces,” which the government said was inappropriate language and disrespectful to the military.

The Ministry of Information and Communications said the journalist has “seriously damaged the reputation of the Vietnamese army.” He is also said to have hurt the feelings of families and colleagues of the killed soldiers and damaged the reputation of other journalists.

When journalists protested the withdrawal of Loi’s press card, the Minister of Information and Communications issued a statement. In it he made it clear to journalists that they should be careful when using social networks, or accept the consequences.

Prison sentences

Under Articles 79, 88 and 258 of Vietnam’s Penal Code, bloggers and online activists can be prosecuted and imprisoned for crimes such as subversion, anti-state propaganda and abuse of democratic freedoms.

For example, there is a maximum sentence of five years in prison for “carrying out activities aimed at overthrowing the government.” The same applies to “creating, storing, distributing or propagating material and products aimed at opposing the state.”

Attacks on online journalists

Bloggers and online activists in Vietnam are not only threatened with censorship and jail time; they are also victims of physical attacks. According to Human Rights Watch, 36 such attacks took place between 2015 and 2017. Some even happened in full view of police stations or police officers, who subsequently did not intervene.

Conclusion

The Communist Party of Vietnam is actively censoring the internet. Most of the censorship targets the political opposition and human rights organizations. With new laws from 2017, the state is moving in an increasingly repressive direction. The government is cracking down on online freedoms. Journalists and users of social media can also count on a firm approach if they express themselves even slightly critical of the government.

Catch up on more articles here

Follow us on Twitter here

Scammers made 18 million on fake dates

0
Scammers made 18 million fake dates

Scammers made 18 million on fake dates

Today, for many Russians, the search for new acquaintances for romantic relationships on the Internet can end in the loss of money.

Group-IB, a cybersecurity investigator, conducted research and found that the number of fake website domains used to steal money during fake dates has increased by 30 times over the past three years.

The essence of the scheme is to organize a fake date, and subsequently to steal funds from the holder’s bank card.

On popular dating services such as Tinder, Badoo or social networks, scammers create fake female accounts, make acquaintances, and then transfer the communication to instant messengers, where they offer a potential victim to meet.

Scammers send the QR code of their ticket to an event and a link to a website where the victim can purchase a seat nearby. The man who is caught on the hook follows the link and transfers the money. Analysts have found over 700 fake movies, theatre and show sites being used by scammers for their schemes.

Such a scheme was first discovered in 2018 and has flourished in the past two years. Over the past three years, the number of fake site domains used to steal money during fake dating has increased 30 times. Only one of the 24 detected groups earned more than 18 million rubles in a year with more than 7 thousand transactions.

Catch up on more articles here

Follow us on Twitter here

The old MyKings botnet is still active and generates huge amounts of money for its owners

0
old MyKings botnet still active generates huge amounts money owners

The profits of the MyKings botnet operators since 2019 amounted to approximately $ 24.7 million.

The MyKings botnet (also known as Smominru or DarkCloud), five years after its inception, is still actively spreading, allowing developers to make huge amounts of money in cryptocurrency.

MyKings is a botnet known for its extensive infrastructure and versatile features including bootkits, miners, downloaders, clipboard hijackers, and more. The botnet uses a large number of cryptocurrency wallet addresses. The profits of the MyKings botnet operators since 2019 amounted to approximately $ 24.7 million.

To protect the embedded value of the wallet address from theft and analysis, malware operators encrypt it using a simple ROT cipher. However, the latest samples have not seen any noticeable updates to this functionality.

Avast has discovered a new monetization technique used by MyKings operators using the Steam gaming platform. The latest versions of the malware also have a new URL manipulation system in the clipboard steal module that attackers have created to intercept Steam trade transactions. The module changes the URL of the trade offer, allowing an attacker to steal valuable in-game items, etc.

Similar functionality was added for Yandex cloud storage, where MyKing manipulated URLs sent by users to their acquaintances. The modified links point to the addresses of Yandex storage containing RAR or ZIP archives named “Photos” that install copies of the MyKings malware on the victim’s system.

Catch up on more articles here

Follow us on Twitter here