Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)…
Related Posts
Hackers Using Crypto Drainers in Sophisticated Phishing Attacks
Hackers Using Crypto Drainers in Sophisticated Phishing Attacks
The cryptocurrency industry has had a concerning rise in sophisticated phishing attacks. By employing a crypto wallet-draining technique, these threats are distinct in that they target a broad spectrum of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and nearly twenty more networks.
A cryptocurrency draining kit is designed to simplify cyber theft by draining money from digital wallets. It mostly uses phishing scams to trick victims into entering their wallet information on fake websites.
Crypto drainers, or cryptocurrency stealers, are malicious programs or scripts that steal cryptocurrency from users’ wallets without their permission.
How do Crypto Drainers operate?
Launch of a Malicious Campaign
According to Check Point’s research, attackers create phishing or fake airdrop campaigns, which are frequently advertised via email or social media and offer free tokens to entice consumers.
Deceptive Website
When users try to claim these tokens, they are redirected to a fake website that seems like an official platform for token distribution.
Wallet Connection
Users are asked to connect their wallets to the website, preparing for the subsequent attack phase.
Smart Contract Interaction
Under the pretense of claiming an airdrop, the user is tricked into interacting with a malicious smart contract that covertly increases the attacker’s allowance by using features like approve or permit.
Asset Transfer and Obfuscation
By unintentionally giving the attacker access to their money, the user permits token theft to occur without additional user input. Then, the attackers employ techniques like mixers and numerous transfers to hide their traces and sell the stolen items.
Scammer’s strategy involves verifying the existence of a contract
Token holders can authorize a spender, like a smart contract, to move tokens on their behalf using the permit feature in ERC-20 tokens. This process eliminates the need for an on-chain transaction for each approval.
The Growing Risk of Phishing Attacks Using Crypto Drainers
Researchers discovered a recurring address: 0x412f10aad96fd78da6736387e2c84931ac20313f and 0x0000d38a234679F88dd6343d34E26DCB50C30000, which is known as the Angel Drainer address.
“Angel Drainer” describes a well-known phishing group specializing in cyberattacks, especially in the cryptocurrency industry. The group has been connected to some criminal operations, such as draining cryptocurrency wallets using sophisticated phishing scams.
Using technology tools and being vigilant is the key to preventing these phishing attacks. It is recommended that users:
Be skeptical of airdrop claims, especially those that require wallet interaction.
Understand the implications of approving transactions or signing messages in their wallets.
Verify the legitimacy of smart contracts before interacting with them.
Limit the use of high allowances or regularly review and revoke them using blockchain explorers or wallet interfaces.
Employ hardware wallets for enhanced security, especially for substantial holdings.
The post Hackers Using Crypto Drainers in Sophisticated Phishing Attacks appeared first on Cyber Security News.
Cyber Security News
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
[[{“value”:”Threat actors have been exploiting the newly disclosed zero-day flaw in Palo
Alto Networks PAN-OS software dating back to March 26, 2024, nearly three
weeks before it came to light yesterday.
The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Spyware Vendors Behind 50% of 0-day Exploits: Google Said
Spyware Vendors Behind 50% of 0-day Exploits: Google Said
[[{“value”:”
Spyware is a crucial tool for the surveillance and data collection of high-risk individuals. The functionalities of spyware have undergone significant advancements and have become more sophisticated than ever before.
Commercial surveillance vendors (CSVs) offer state-of-the-art spyware technology to governments and private companies, which can exploit security vulnerabilities to surveil individuals.
CSVs pose a significant threat to Google users, as half of all known 0-day exploits against Google products and Android devices can be attributed to them.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
CSVs Behind 50% of 0-day Exploits
Google has recently published a comprehensive report that meticulously outlines 40 companies involved in spyware development, sales, and deployment. The report offers detailed insights into the practices of these entities and their contribution to the spyware industry.
Google has discovered that several less popular CSVs were crucial in developing highly advanced spyware.
The use of spyware by governments is becoming outdated as the private sector is now leading in the development of highly advanced tools. Google Threat Analysis Group has identified that many of these sophisticated tools are now being created by the private sector.
In 2023, the Threat Analysis Group (TAG) uncovered 25 zero-day vulnerabilities being exploited in the wild. Out of these, 20 zero-days were exploited by CSVs.
In the initial quarter of 2024, 72 zero-day vulnerabilities have been identified in Google products that are being actively exploited. Of these 72 vulnerabilities, 35 are linked to Comma Separated Values (CSVs).
CSVs Highligted by Google
Cy4Gate and RCS Lab: Founded in Italy in 2014, it is known for developing “Epeius” spyware targeting Android and iOS systems.
Intellexa: Founded in Cyprus in 2019, known for developing “predator” spyware targeting Android and iOS systems
Negg Group: Founded in Italy in 2013, it is known for developing “Skygofree” spyware targeting Android & Windows systems.
NSO Group: one of the highest-profile CSVs, operating from Israel, known for its Pegasus spyware targeting Android and iOS systems.
Variation: Founded in Spain in 2018, it is known for developing “Heliconia framework” spyware targeting Chrome, Android, iOS, Firefox, and Microsoft Defender.
Google is heavily investing in enhancing its threat detection and defense capabilities. The primary focus is to rapidly detect and disrupt existing cyber operations, thereby making it arduous for attackers to regroup and launch new attacks.
Google implements cutting-edge security features and measures across all its products to ensure the safety and security of its users. These measures are industry-leading and designed to protect users against potential threats.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Spyware Vendors Behind 50% of 0-day Exploits: Google Said appeared first on Cyber Security News.
“}]] Read More
Cyber Security News