Tag Archive for: Tricked

How the Ledger Connect hacker tricked users into making malicious approvals

/in


The ‘Ledger hacker’ who siphoned away at least $484,000 from multiple Web3 apps on Dec. 14 did so by tricking Web3 users into making malicious token approvals, according to the team behind blockchain security platform Cyvers.

According to public statements made by multiple parties involved, the hack occurred on the morning of Dec. 14. The attacker used a phishing exploit to compromise the computer of a former Ledger employee, gaining access to the employee’s node package manager javascript (NPMJS) account.

Once they gained access, they uploaded a malicious update to Ledger Connect’s GitHub repo. Ledger Connect is a commonly used package for Web3 applications.

Some Web3 apps upgraded to the new version, causing their apps to distribute the malicious code to users’ browsers. Web3 apps Zapper, SushiSwap, Phantom, Balancer, and Revoke.cash were infected with the code.

As a result, the attacker was able to siphon away at least $484,000 from users of these apps. Other apps may be affected as well, and experts have warned that the vulnerability may affect the entire Ethereum Virtual Machine (EVM) ecosystem.

How it could have happened

Speaking to Cointelegraph, Cyvers CEO Deddy Lavid, chief technology officer Meir Dolev, and blockchain analyst Hakal Unal shed further light on how the attack may have occurred.

According to them, the attacker likely used malicious code to display confusing transaction data in the user’s wallet, leading the user to approve transactions they didn’t intend to.

When developers create Web3 apps, they use open-source “connect kits” to allow their apps to connect with users’ wallets, Dolev stated. These kits are stock pieces of code that can be installed in multiple apps, allowing them to handle the connection process without needing to spend time writing code. Ledger’s connect kit is one of the options available to handle this task.

Source…

Children’s computer game Roblox insider tricked by hacker for access to users’ data

/in



Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in
The hacker had access to personal information, the ability to change passwords and two-factor authentication, and could steal valuable in-game items from some of the ‘richest’ players in the game
Find your bookmarks in your Independent Premium section, under my profile
A hacker who bribed a worker for the online video game Roblox managed to gain access to the personal information of a smaller number of users, the ability to change passwords and email addresses, and allocate in-game currency.
The hacker first paid an insider to look up data about users, and then targeted a customer support representative. They said they did it to “prove a point” to the company.
Speaking to Motherboard under the condition of anonymity, the hacker could also change security settings, enact bans, and steal items from other users.
Roblox is a free-to-play game that “lets you play, create, and be anything you can imagine,” according to its description on the Microsoft Store. It is available on a number of platforms, including Android and iOS smartphones, Xbox game consoles, and Windows computers.
Players can customise characters and then navigate ‘minigames’ such as running obstacle courses, scuba diving, acting as a superhero, and many other activities.
According to Techcrunch, its millions of users rage from between eight and 18, although its key demographic is between nine and 15 years old.
“A lot of kids come to Roblox to play with their friends,” Craig Donato, Roblox Chief Business Officer told Techcrunch. “It’s like a virtual playground where they tend to jump from game to game with their friends – almost like jumping like I used to jump from the swing set to the monkey bars.”
In screenshots reportedly seen by Motherboard, the hacker claimed to show a customer support panel containing user data from high-profile players such as YouTuber Linkmon99 – known for being the “richest” player due to the value of their in-game items.
The YouTuber confirmed to Motherboard that the email address shown was one “secretly”…

Source…

A Clever Honeypot Tricked Hackers Into Revealing Their Secrets

/in


Plenty of people tried to access the system. Over the past three years, it has captured 21 million login attempts, with more than 2,600 successful logins by attackers brute-forcing the weak password they purposefully used on the system. They recorded 2,300 of these successful logins, gathered 470 files that were uploaded, and analyzed 339 of the videos with useful footage. (Some recordings were just a couple of seconds long, and proved less useful.) “We cataloged the techniques, the tooling, everything done on these systems,” Bilodeau says.

Bergeron and Bilodeau have grouped the attackers into five broad categories based on character types from the role-playing game Dungeons and Dragons. Most common were the rangers: once these attackers were inside the trap RDP session, they would immediately start exploring the system, removing Windows antivirus tools, delving into folders, looking at the network it was on and other elements of the machine. Rangers wouldn’t take any action, Bergeron says. “It’s basic recon,” she says, suggesting they may be evaluating the system for others to enter it.

Barbarians were the next most frequent kind of attackers. These use multiple hacking tools, such as Masscan and NLBrute, to brute-force their way into other computers, the researchers say. They work through a list of IP addresses, usernames, and passwords, trying to break into the machines. Similarly, the group they call wizards use their access to the RDP to launch attacks against other insecure RDPs—potentially masking their identity across many layers. “They use the RDP access as a portal to connect to other computers,” Bergeron says.

The thieves, meanwhile, do what their name implies. They try to make money out of the RDP access in any way possible. They use traffic monetization websites and install crypto miners, the researchers say. They might not earn a lot in one go, but multiple compromises can add up.

The final group Bergeron and Bilodeau observed is the most haphazard: the bards. These people, the researchers say, may have purchased access to the RDP and are using it for a variety of reasons. One person the researchers watched Googled the “strongest virus ever,”…

Source…

Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

/in


In a novel sting operation, the Dutch law enforcement officials tricked the Deadbolt ransomware gang into handing over decryption keys, providing the victims an opportunity to get encrypted files back without paying a ransom. Using the keys, they can unlock files for free.

Dutch Police is probably one of the most active and committed agencies when it comes to taking down cyber criminals and cybercrime. In 2018, the agency was behind in seizing two of the largest dark web marketplaces including AlphaBay and Hansa.

How Dutch Police Tricked Notorious Ransomware Gang

The Dutch National Police collaborated with cybersecurity firm RESPONDER.NU AND successfully obtained 150 decryption keys from the Deadbolt ransomware group. 

NU said they could unlock the computers of all Dutch victims who had filed complaints. With the availability of decryption keys, the department could retrieve encrypted servers and files, including photos and administrative content, and the victims didn’t need to give in to the ransom demands of the Deadbolt extortionists.

According to the NU officials, they stole the decryption keys from the criminal group. The department’s cybercrime teams transferred funds in bitcoins to the extortionists as ransoms, but as soon as the gang gave them the decryption key, they withdrew funds.

Later, the police aided the victims of Deadbolt ransomware gangs by providing them with the decryption key and also helped international victims. Authorities claim it to be a ‘nasty blow’ to the cybercriminals as the police made it clear that they cannot run away from international law enforcement agencies.

Details of Deadbolt Attacks

In a press release, the police confirmed that Deadbolt ransomware attacks mainly focused on NAS (network-attached storage). The gang had encrypted over 20,000 QNAP and Asustor devices, and the victims were spread worldwide. Around a thousand of its victims were located in the Netherlands.

  1. How Dutch Police Busted Hansa Dark Web Marketplace
  2. Dutch Police takes down 15 DDoS-for-hire services in one week
  3. DDoS booter customers received warning letters by Dutch police
  4. Dutch Police Nabs Romanian Gang for Stealing…

Source…