Sadly, a recent incident that was revealed by the Russian cybersecurity company Kaspersky shined light on the proliferation of phony hardware wallets that are now available on the market.

An unsettling revelation was made public on May 10th, 2023 by Stanislav Golovanov, who works as a cyber incident specialist for Kaspersky.

It was discovered by Kaspersky that phony versions of hardware wallets were being sold under the brand name Trezor, which is a respected and well-known maker of wallets.

Because these counterfeit wallets were being offered for sale on a market that represented itself as reputable, it is imperative that consumers exercise extreme care even when interacting with websites that seem to be trustworthy.

Hardware wallets have become one of the most popular alternatives among cryptocurrency fans as a result of the growing need for safe storage solutions brought on by the emergence of cryptocurrencies.

These devices provide an extra degree of protection by keeping private keys offline, away from any possible dangers that may be posed by the internet. On the other hand, just as with any other expensive technology, there are shady characters who are eager to take advantage of the market.

The bogus Trezor wallets that Kaspersky found presented a huge risk to users who weren’t paying attention to what they were doing. They were developed with the intention of doing harm, despite the fact that they seemed to be the same as the original gadgets.

These phony wallets’ intended purpose was to deceive users into divulging their private keys, so enabling the con artists behind them to obtain illegal access to the cryptocurrency the users had stored in them. It’s possible that this may result in victims suffering large financial losses.

The findings of the study that Kaspersky conducted into this issue highlight how important it is to get hardware wallets from reliable providers.

The prevalence of counterfeit wallets on the market makes it very necessary for users to exercise care and check the authenticity of the gadgets they want to acquire before making any purchases of their own.

This event serves as a warning that hackers are always developing new methods to take advantage of consumers who are careless about protecting their personal information online.

It is important to avoid falling for these cons, thus it is recommended that you take certain preventative measures. To begin, users should acquire hardware wallets directly from the official website or through approved resellers. If neither option is available, users should look for authorized resellers.

This makes it more likely that authentic items will be purchased, and it lessens the likelihood that counterfeit goods will be obtained by accident. In addition, it is vital to undertake exhaustive research on the reputation and dependability of the marketplace or platform before making the buy. This should be done before completing the purchase.

Verifying the integrity of one’s hardware wallet as soon as it is received is an additional important step in the process of protecting one’s cryptocurrency holdings. Frequently, manufacturers will give consumers with detailed instructions to assist them in authenticating their devices.

When following these guidelines, one should make sure to examine the product’s packaging, validate any one-of-a-kind identifiers, and do any necessary specialized testing to ensure that the product is genuine. Users may considerably lower the chance of falling prey to counterfeit devices by adhering to these guidelines, which are outlined below.

In addition, it is essential to maintain a level of awareness about the most recent advancements in the cryptocurrency area as well as the vulnerabilities that they pose to security.

Users may keep one step ahead of thieves by following respected cybersecurity organizations such as Kaspersky, who routinely publish reports and warnings on developing frauds. Kaspersky is an example of one such company.

The dissemination of information among members of the bitcoin community plays an important part in not just increasing knowledge but also protecting others from falling victim to scams.

In conclusion, the event that Kaspersky documented involving the selling of fraudulent Trezor wallets serves as a warning of the need of exercising caution in the cryptocurrency area.

The growing popularity of hardware wallets has drawn the attention of fraudsters, who target customers who are unaware that they are using counterfeit devices to steal their cryptocurrency.

Users should exercise caution, acquire hardware wallets only from reputable suppliers, and check the legitimacy of the items once they have purchased them in order to safeguard themselves.

To make the environment for bitcoin users safer, it is essential to maintain a level of awareness of newly developing dangers and to actively share information within the community.

The post Trezor hardware crypto wallet sold on Ebay or facebook marketplace, could be fake appeared first on Information Security Newspaper | Hacking News.

On September 16, 2021, Glenn Arcaro, 44 years old, the leading BitConnect marketer headquartered in the United States, entered a guilty plea to the charge of conspiracy to conduct wire fraud. In a separate development, on February 25, 2022, Satish Kumbhani, the creator of BitConnect, was charged with his pivotal involvement in the scam that included several billions of dollars.

Arcaro admitted as part of his guilty plea that he and others had conspired to take advantage of investor interest in cryptocurrencies by fraudulently marketing BitConnect’s initial coin offering and digital currency exchange as a lucrative investment. This admission was made in connection with Arcaro’s guilty plea. In order to defraud investors, Arcaro and his cohorts spread false information concerning BitConnect’s “Lending Program.” Arcaro claimed that BitConnect’s alleged proprietary technology, which he referred to as the “BitConnect Trading Bot” and the “Volatility Software,” was able to generate substantial profits and guaranteed returns through the use of investors’ funds to trade on the volatility of cryptocurrency exchange markets. This program was offered under the auspices of the BitConnect Investment Program.

However, in reality, BitConnect ran a classic Ponzi scam by compensating early BitConnect investors with money from investors who joined later. Arcaro and his other conspirators made certain that up to fifteen percent of the money that was invested in BitConnect was funneled straight into a slush fund, where it would be utilized for the advantage of the company’s owner and promoters.

However, the $17 million sum that was cited in court the week before last falls well short of the $56 million in restitution that was announced by the Department of Justice in November 2021. It’s possible that this reflects the recent precipitous drop in the price of cryptocurrencies.

It is also a far lower amount than the $2.4 billion that is said to have been stolen from investors by BitConnect.

After reportedly pocketing as much as $24 million from the BitConnect slush fund, the main promoter of the company, Glenn Arcaro, 44, entered a guilty plea in September 2021 to a charge of conspiracy to conduct wire fraud. Glenn Arcaro was charged with the offense.

However, his employer and the creator of the organization, Satish Kumbhani, has not yet been located. According to reports, he has departed his country of origin, India. In February 2022, a grand jury in the United States returned an indictment against Kumbhani charging him with conspiracy to commit wire fraud, wire fraud, conspiracy to commit commodity price manipulation, operation of an unlicensed money transmitting business, and conspiracy to commit international money laundering.

Should he be proven guilty, he may spend up to seventy years in prison at the most.

The post Over 17 Million Dollars in Compensation Will be Been Paid Out to Victims of Crypto Fraud appeared first on Information Security Newspaper | Hacking News.

According to the information provided by the Department of Justice, Greenwood and Ignatova established OneCoin in the year 2014 in Sofia, Bulgaria. OneCoin is said to have been promoted to investors as a cryptocurrency up to around 2017 of this year. In January of 2017, the OneCoin exchange was taken down, however it seems that trading occurred among persons linked with the exchange for some time. The website known as OneCoin.eu remained active till the year 2019.

In point of fact, OneCoin operated as a multi-level marketing (MLM) pyramid scam, in which members of the OneCoin network were paid commissions if they were successful in recruiting new customers for OneCoin. According to the company’s own advertising materials, there have been more than three million individuals invest. And according to the company’s statistics, OneCoin produced more than $4.3 billion in sales and $2.9 billion in alleged profits during the fourth quarters of 2014 and 2016 respectively.

Greenwood is said to have made $21 million per month while he was at the very top of the multi-level marketing pyramid. It was claimed by Greenwood and others that OneCoin, like Bitcoin, was mined using processing power and its transactions were recorded on a blockchain. But that wasn’t the case.

According to a purported email exchange between Ignatova and Greenwood, Ignatova said, “We are not mining really – but telling people garbage.”

On Friday, while pleading guilty in a federal court in Manhattan to accusations of conspiring to deceive investors and to launder money, Karl Sebastian Greenwood, co-founder of the fraudulent “Bitcoin-killer” OneCoin, presented a different view of the alleged cryptocurrency. Greenwood was charged with conspiring to mislead investors and to launder money.

In July of 2018, Greenwood was detained in Thailand and subsequently deported to the United States of America. “Cryptoqueen” Ruja Ignatova, also known as Dr. Ruja Ignatova since she has a law degree, is still at large and is listed as a fugitive on both the FBI’s Ten Most Wanted list and Europol’s Most Wanted list. She is the second co-founder of OneCoin.

According to a statement released by the United States Attorney Damian Williams, “As a creator and leader of OneCoin, Karl Sebastian Greenwood orchestrated one of the greatest worldwide fraud schemes ever committed.”  “Unsuspecting victims were duped out of billions of dollars by Greenwood and his co-conspirators, including the fugitive Ruja Ignatova, who claimed that OneCoin would be the ‘Bitcoin killer.’ Greenwood is now on the run. In point of truth, OneCoins had zero value whatsoever.”

The Feds believe that the value of OneCoin was arbitrarily determined by those in charge of the company; these individuals manipulated the OneCoin exchange in order to create the appearance of trading volatility; however, the price of OneCoin was consistently higher when it closed than when it opened.

Ignatova allegedly communicated with Greenwood about one of the objectives for the OneCoin trade exchange in an email dated August 1, 2015. According to the email, Ignatova wrote that one of the objectives was to “always close on a high price end of day open day with high price, build confidence – better manipulation so they are happy.”

The value that was ascribed to OneCoin, as stated by the Department of Justice, increased gradually from €0.50 ($0.53) to around €29.95 ($31.80) per coin and did not see any drops in value.

Greenwood, who is a citizen of both Sweden and the United Kingdom and is 45 years old, entered a guilty plea to one count of conspiracy to conduct wire fraud, one count of wire fraud, and one count of conspiracy to commit money laundering. Each offense carries a potential jail sentence of up to twenty years.

The post Scammer behind the “OneCoin” cryptocurrency pyramid scheme, which included several billions of dollars, pleads guilty appeared first on Information Security Newspaper | Hacking News.

The hackers copy legitimate profiles on LinkedIn and Indeed for their resumes according to Mandiant Inc. This finding of the company reinforces allegations made by the US government. The US government warned that North Korean hackers are trying to get jobs in American or European companies to later hack them. Working as an employee helps the North Korea government collect  intelligence about new cryptocurrency trends, NFT, security vulnerabilities and new ways of money laundering. 

The North Korean hackers show that they are based out of China, Russia, Africa, Southeast Asia, North America, Europe, South Korea and Japan.

Getting a job also allows the North Korean government to implant backdoors in the exchange which could be exploited later on.  The North Korean government has consistently denied involvement in any cyber crime.

Mandiant researchers said they had identified multiple profiles of North Korean persons that have successfully been hired by companies. 

 Jonathan Wu, a blockchain expert, mentioned on twitter the experience of conducting a job interview with a North Korean hacker. 

Previously North Korean hackers have replicated websites of Indeed.com, ZipRecruiter, a Disney careers page and a site called Variety Jobs to get people to send their CV and then hack their machines where websites were opened. 

Also North Korean hackers have created fake attractive job postings to attract developers working in big cryptocurrency companies. Later when victims apply for jobs, job interviews are held and hackers try to hack their computers to get more information about their existing work profile. 

The post North Korean hackers found a new way to hack cryptocurrency companies by getting jobs there using fake resumes appeared first on Information Security Newspaper | Hacking News.

The attack was first reported by Onchain analyst, OKHotshot, who posted on Twitter to alert what had happened. In a first tweet, the researcher mentioned that the BAYC and the OtherSide metaverse Discord accounts were compromised by threat actors.

Once the attackers gained access to these platforms, they posted a message targeting the NFT community offering purported exclusive giveaways for BAYC and Otherside token holders: “We are releasing another exclusive giveaway to all our holders listed above”, read the message, posted alongside a link to a phishing website.

As users may remember, phishing is an online identity theft technique in which scammers trick victims into revealing their confidential information using malicious websites. In the world of cryptocurrencies and NFTs, cybercriminals use these websites to gain access to victims’ online wallets and transfer the virtual assets to their own accounts.

Short after the researcher released the alert Yuga Labs acknowledged that its Discord servers were succesfully attacked: “The team caught the incident and quickly addressed it. It seems that about 200 ETH in NFT had been affected. We’re still investigating, but if you were affected, please email us”.

Lousy background

As mentioned above, this is the second attack against Yuga Labs in just two months; the first incident was reported in mid-April, through the hacking of BAYC’s official Instagram account to post a malicious link that allowed the theft of 91 “apes”. The attackers responsible for this theft also used a link to a fake BAYC website promoting an alleged giveaway; once affected users entered their information, their virtual assets were transferred to addresses controlled by the hackers.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>How bored Ape NFTs are being hacked again and again. 200 ETH stolen</strong> appeared first on Information Security Newspaper | Hacking News.

This malicious operation is characterized by not using malware during its intrusions, contrary to virtually any other extortion group. The ransoms demanded by Karakurt range from $25,000 to $13 million, and payment must always be made via Bitcoin.

When contacting their victims, the hackers sent screenshots or copies of stolen files to prove that the attack was real, in addition to sharing details about the intrusion method employed. Karakurt operators also harass employees, partners and customers of the affected companies, in an attempt to force the ransom payment.

In the most critical cases, hackers leak small samples of the stolen information, including sensitive details such as full names, social security numbers, phone numbers, medical records, and more sensitive records.

Karakurt had started as a grouping of leaks and auctions on the dark web, although the domain used for its operations was disconnected a couple of months ago. By early May, Karakurt’s new website contained several terabytes of data allegedly belonging to victims in North America and Europe, as well as a list of alleged victims.

Another characteristic feature of Karakurt is that they do not focus only on a specific type of victim, since they simply base their attacks on the possibility of accessing the compromised networks. For their attacks, hackers can use poorly protected mechanisms and infrastructure weaknesses, or collaborate with other cybercriminal groups to gain initial access to the target. According to CISA, hackers commonly gain access to compromised networks by exploiting SonicWall VPN or Fortinet FortiGate devices if updates or obsolete, employing popular flaws such as Log4Shell or bugs in Microsoft Windows Server.

According to a report by security firm AdvIntel, Karakurt is part of the Conti network, which operates as an autonomous group alongside Black Basta and BlackByte, two other groups that rely on data theft and extortion for monetization purposes.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Warning: New cyber criminal group Karakurt is extorting millions of companies around the world appeared first on Information Security Newspaper | Hacking News.

The attack would have been carried out by a group operating the LockBit 2.0 ransomware variant, and the perpetrators threaten to divulge sensitive information if the affected organization refuses to pay a ransom by June 11. It has not been confirmed whether the attack had any considerable impact on Foxconn Mexico’s routine operations, nor is the amount of the ransom demanded known.

The company has already received requests for information about the attack, although it has not commented on it.

Foxconn has already been the target of ransomware attacks before. In late 2020, the firm confirmed that one of its U.S. facilities had been attacked by the operators of the DoppelPaymer ransomware, who even leaked sensitive information on the dark web.

In that incident, the hackers also claimed to have attacked the facilities of Foxconn Mexico, in addition to demanding a ransom of more than $30 million in Bitcoin. Despite these claims, the company always maintained that only its systems in the U.S. had been affected.

Recently, LockBit 2.0 also claimed responsibility for an attack on tire and rubber giant Bridgestone Americas, stealing sensitive information and exposing it on illegal hacking forums. At the beginning of 2021, the Federal Bureau of Investigation (FBI) published a document with the main indicators of compromise of this ransomware variant, mentioning that attackers usually violate the affected networks by buying access on the dark web or exploiting zero-day vulnerabilities.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post LockBit ransomware encrypts computers at Foxconn Mexico factory, one of Apple’s largest suppliers appeared first on Information Security Newspaper | Hacking News.

In an interview with Vice, the victim, simply known as Keith, claims that hackers tricked him into visiting a specially designed phishing website: “The site had a smart contract to move all my Moonbirds in one swoop; although at first, the transactions failed, they finally materialized.”

Keith, who claims to be an oncologist, husband, and father of three, claims he decided to invest his life savings in NFT, only to see these assets disappear in a matter of a few minutes.

He added that hackers used a Twitter account to contact him a few weeks ago. After the initial contact, Keith continued to interact with the scammers until he received an offer to sell his Moonbirds collection; the account used by the hackers has already been deleted.

The victim sent a message to the hackers, hoping to recover his collection: “Please return the stolen moonbirds to the original owner. Keep one as compensation.”

The collector adds that, if his tokens are not returned before this weekend, he will notify the FBI about the incident.

Common issues

NFT collectors have become frequent victims of ambitious phishing and social engineering campaigns, as this is a vector of quick and easy access to virtual collections worth tens of thousands of dollars.

The researcher Tal Be’ery was able to analyze this attack, concluding that this operation could be complex for the hackers in charge because they tried to use a smart contract to leave no trace; failing in their attempt, the cybercriminals simply used a conventional address to divert the stolen tokens.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Hackers theft over $1.4 million worth of Moonbird NFT collection appeared first on Information Security Newspaper | Hacking News.

Local authorities have already confirmed that they do not plan to negotiate with the hackers or pay any ransom, as there is no evidence that the information was exposed before encryption. Local government IT teams will conduct a recovery process using their backup resources.

The incident had an impact on the systems for government procedures. Gerd Kurath, Carinthia’s press chief, said: “We believe that, of the 3,000 workstations affected, at least half will be available again this Friday. Until then, no new passports can be issued or traffic fines paid.”

In addition to the passport and fine system, the attack had an impact on state email servers and the main local government website, which could be out of service until next week. Another system affected by the infection is the COVID-19 positive case tracking service.

Carinthia authorities have decided not to share further information on the incident, so details like the ransom amount demanded by hackers or the amount of supposedly exposed data are still unknown.

The local police concluded their report by assuring that they will continue to work with the national authorities to determine the causes of the incident and implement the necessary security mechanisms to prevent new incidents in the future.

Since 2021, ransomware has become one of the biggest cybersecurity concerns for countries in Europe, especially for members of the European Union. Just a few days ago, the Killnet ransomware operation launched a series of powerful attacks against public systems in Italy and Germany, attracting the attention of researchers, law enforcement agencies, and even groups like Anonymous.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post Black Cat ransomware shuts down Austria’s passport and transport departments after encrypting 3,000 computers appeared first on Information Security Newspaper | Hacking News.

Damian Williams, a U.S. attorney, says, “While building a cryptocurrency platform that brought him millions of dollars, Hayes deliberately defied U.S. law that requires businesses to do their part to help prevent crime and corruption.” Prosecutors say BitMex intentionally avoided implementing basic anti-money laundering policies, which would have benefited some criminal groups.

In 2020, the U.S. government officially indicted Hayes and two BitMEX co-founders. In early 2022, the three individuals pleaded guilty to violating the BSA, which helped deliberately maintain a complex money laundering structure.

In the complaint, it is mentioned that Hayes and his collaborators never filed suspicious activity reports, as stated in the BSA. In an example presented by the prosecution, it describes how BitMEX helped clean up funds obtained through a cryptocurrency theft campaign.

Like other similar platforms, BitMEX was required to maintain strong anti-money laundering policies as it provided services to U.S. residents. Although the platform announced its exit from the US market in 2015, trying to avoid its responsibilities, the prosecution assures that this was only a charade, since the company enabled a careless access control and its customers in the U.S. were able to continue using the service.

Although Hayes faced a sentence of between six and 12 months in prison, the Probation Department recommended a sentence of one year of house arrest, followed by one year on probation. The prosecution refused to accept this recommendation, as they wanted to use Hayes and his accomplices as an example for other cryptocurrency exchange operators; however, the judge in charge of the case ordered probation.

Hayes and one of the defendants will pay a $10 million fine, plus BitMEX agreed to publicly acknowledge its lack of commitment to anti-corruption controls.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Cryptocurrency exchange founder sentenced to 2 years of probation for failing to implement an anti-money laundering program appeared first on Information Security Newspaper | Hacking News.

Razorpay Software Private Limited provides online payment services that allow businesses in India to collect payments via credit card, debit card, net banking, and even cryptocurrency wallets.

The malicious activity was detected when a team at Razorpay Software Private Limited was auditing the transactions. Company employees were unable to reconcile transaction files with funds in enterprise accounts.

Abhishek Abhinav Anand, in charge of legal disputes and legislative compliance at Razorpay, filed a complaint with the southeast Indian cybercrime unit earlier this week.

Authorities are trying to identify the hacker or hacker group responsible for the attack, based on recorded online transactions. Meanwhile, Razorpay also ordered an internal investigation, revealing that the attacker compromised and manipulated the transaction authorization process to complete the attack; as a result, threat actor approved a total of 831 failed transactions, which mean losses around $1 million.

Razorpay shared with law enforcement detailed information about these 831 illegitimate transactions, including date, time and IP address.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hackers steal $1 million USD from Razorpay appeared first on Information Security Newspaper | Hacking News.

Reports began during the early hours of May 6th, when several users noted that OpenSea’s official Discord channel published a fake announcement about an alleged partnership between the NFT market and YouTube; the post assured both companies were willing to give away 100 brand new NFTs to the first ones to click on the attached link.

This “YouTube Genesis Mint Pass” campaign (using the youtubenft.art web domain) supposedly allowed users to claim the free token, so several users rushed to click on this post. No surprise, this was a phishing campaign in which hackers were trying to take control of affected accounts and get cryptocurrency transfers.

After the company noticed the malicious activity, they posted a message through its official Twitter account, urging users not to interact with these messages: “Do not click on links in our Discord. We are continuing on investigate this situation and will share information as we have it”.

Discord users mentioned that the phishing message remained published for a considerable time; nonetheless, the server admins believe that less than a dozen users may have fallen victims to this scam, transferring less than 10 Ethereum to the hackers’ cryptocurrency wallet.

Unfortunately, phishing is still a widely used and functional cyberattack method, forcing Internet users to learn how to avoid these scams. OpenSea has listed several anti phishing recommendations, including:

• Do not click on unknown links or download unsolicited files, either via email or through platforms such as Telegram or Discord
• Enable multi-factor authentication to add an extra layer of security to your online accounts
• Do not make transactions outside of OpenSea, since the platform cannot do anything in such cases

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post OpenSea’s Discord server was hacked: Thieves post phishing link to steal cryptocurrency appeared first on Information Security Newspaper | Hacking News.