Security News

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January last year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

The Satoshi Island we're talking about isn't a tale of fiction, but a real-life private island dedicated to the crypto community. Located in the tropical paradise of Vanuatu, between Australia and Fiji, the island is owned by Satoshi Island Holdings Ltd., which intends to turn it into "The crypto capital of the world"- a place where crypto enthusiasts and professionals can thrive.

As the war in Ukraine unfolded, one way of helping was to donate cryptocurrency which resulted in over $50 million in crypto donations. Cybercriminals were quick to move and take advantage of this lucrative situation and inattentive victims.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. "This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.

They're leveraging new iOS features - TestFlight and WebClips - to get fake apps onto victims' phones without being subject to the rigorous app store approval process. According to a Sophos report last fall, the attackers' M.O. is to begin there, then move the conversation to messaging apps.

Coinbase, one of the most popular cryptocurrency exchange platforms, announced today that it's blocking access to more than 25,000 blockchain addresses linked to Russian individuals and entities. When the United States sanctioned a Russian national in 2020, it specifically listed three associated blockchain addresses. Through advanced blockchain analysis, we proactively identified over 1,200 additional addresses potentially associated with the sanctioned individual, which we added to our internal blocklist," Grewal said.

The development follows Ukraine's successful effort of raising over $37 million in crypto donations from all around the world amid the country's ongoing invasion by Russian troops. 'Help Ukraine' crypto donation scams on the rise.

Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining. Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.

The deputy governor of the Reserve Bank of India, T Rabi Sankar, has delivered an extremely unflattering assessment of cryptocurrencies - worse than Ponzi schemes, wreckers of economies, and richly deserving of a ban within India. Speaking at the Indian Banks' Association's 17th Annual Banking Technology Conference, Sankar argued that cryptocurrencies are poorly named, as unlike fiat currencies they "Do not have an issuer, they are not an instrument of debt, nor commodities, nor do they have any intrinsic value."

Cryptocurrency platform Wormhole has recovered upwards of $326 million stolen in this week's crypto hack, thanks to a major bailout. Being a cross-chain crypto platform, Wormhole allows users to transfer cryptocurrency across different blockchains, such as Ethereum, Solana, and Binance Smart Chain, among others.