Security News

Paris prosecutors asked investigating judges on Wednesday to order a criminal trial for Alexander Vinnik, a Russian suspected of money laundering on the bitcoin exchange BTC-e, and who is also wanted by Washington and Moscow. They have also sought an order for Vinnik's continued detention since his extradition in January from Greece, where he was arrested on an American warrant in 2017, the prosecutor's office told AFP. Vinnik, 40, operated the BTC-e exchange until his arrest at the northern Greek tourist resort of Halkidiki, which set off a three-way extradition tussle between the United States, France and Russia.

Twitter has said that around 130 accounts were targeted by miscreants this week as high-profile individuals and businesses had their accounts hijacked to promote a Bitcoin scam. The estimate comes days after the social media biz admitted the blitz - which snared the accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber and former President Barack Obama - was the result of "Coordinated social engineering".

The Twittersphere went into overdrive on Wednesday as a bunch of prominent, verified Twitter accounts were hijacked and started promoting a COVID-19 cryptocurrency giveaway scam. The attackers simultaneously compromised Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Jeff Bezos, Joe Biden, Mike Bloomberg, Apple, Uber, as well as those of cryptocurrency exchanges Binance, Coinbase, KuCoin and Gemini, the CoinDesk news site and other top crypto accounts.

The Twitter accounts of Microsoft co-founder Bill Gates, Tesla CEO Elon Musk, and other celebrities were briefly taken over on Wednesday, along with the accounts of various cryptocurrency businesses and affiliated executives, to promote a Bitcoin scam. Twitter also silenced verified blue-tick accounts temporarily to prevent more abuse while it got to the bottom of the kerfuffle.

Our experts have deconstructed a strain of malware called Glupteba that uses just about every cybercrime trick you've heard of, and probably several more besides. The most interesting feature that we learned about in the report is how Glupteba uses the Bitcoin blockchain as a communication channel for receiving updated configuration information.

For the past year, a site called Privnotes.com has been impersonating Privnote.com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn't quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. KrebsOnSecurity has learned that the phishing site Privnotes.com uses some kind of automated script that scours messages for bitcoin addresses, and replaces any bitcoin addresses found with its own bitcoin address.

Crypto scammers hijacked three YouTube channels to impersonate Elon Musk's SpaceX channel, offering bogus BTC giveaways that earned them nearly USD $150,000 over the course of two days. According to Bleeping Computer and the reports filed in the BitcoinAbuse database, the scammers took over legitimate YouTube accounts and changed the branding to look like that of Elon Musk's rocket company.

A Brit public sector-owned office supplies company shrugged off a ransomware demand for 102 Bitcoins after a staffer opened a phishing email. A local blogger, publishing the Vox Medway site, claimed the attack froze all CSG services at 01:30 UK time on 2 April.

A researcher has uncovered malicious packages in the RubyGems repository, one of which was downloaded more than 2,000 times. The research found over 400 suspect gems including "Atlas-client", which was downloaded 2,100 times by developers likely looking for the legitimate gem named atlas client.

A legitimate file may be called "Thisisafile.exe," while a malicious impersonator may call itself "This1safile.exe." Unobservant users could thus download the malicious file by mistake. If developers accidentally downloaded the rogue files instead of the legitimate gems they were looking for, the software packages they built using the libraries would automatically harbor the Bitcoin-stealer, endangering all users of that software.