{"id":10777,"date":"2024-02-17T07:00:00","date_gmt":"2024-02-17T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-updates-bitcoin-botnet-enhancements-and-gru-spy-network-disruption\/"},"modified":"2024-02-17T07:00:00","modified_gmt":"2024-02-17T05:00:00","slug":"cybersecurity-updates-bitcoin-botnet-enhancements-and-gru-spy-network-disruption","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-updates-bitcoin-botnet-enhancements-and-gru-spy-network-disruption\/","title":{"rendered":"Cybersecurity Updates: Bitcoin Botnet Enhancements and GRU Spy Network Disruption"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Bitcoin blockchain-based malware gains a new feature.<\/li>\n<li>The FBI halts operations of the Warzone RAT trojan and Moobot botnet.<\/li>\n<li>Leader of the hacker group JabberZeus pleads guilty.<\/li>\n<li>New malware caught secretly scanning faces for deepfake creation.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Bitcoin Blockchain Botnet Gains New Feature<\/strong><\/h2>\n<p>The modular botnet Glupteba has acquired a previously undocumented Unified Extensible Firmware Interface loader feature, allowing it to control processes in infected operating systems and providing additional stealth. This was reported by experts from Unit42, the incident response division of Palo Alto Networks.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Glupteba?src=hash&#038;ref_src=twsrc%5Etfw\">#Glupteba<\/a> is a modular <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&#038;ref_src=twsrc%5Etfw\">#malware<\/a> that can perform <a href=\"https:\/\/twitter.com\/hashtag\/CredentialStealing?src=hash&#038;ref_src=twsrc%5Etfw\">#CredentialStealing<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/cryptojacking?src=hash&#038;ref_src=twsrc%5Etfw\">#cryptojacking<\/a> and more. Distributed through a pay-per-install system, a campaign from 2023 revealed a novel feature \u2014 a UEFI bootkit. We analyze both the bootkit and the campaign. <a href=\"https:\/\/t.co\/pLxM5rCBMO\">https:\/\/t.co\/pLxM5rCBMO<\/a> <a href=\"https:\/\/t.co\/L1LZHyroKe\">pic.twitter.com\/L1LZHyroKe<\/a><\/p>\n<p>\u2014 Unit 42 (@Unit42_Intel) <a href=\"https:\/\/twitter.com\/Unit42_Intel\/status\/1757030818495558106?ref_src=twsrc%5Etfw\">February 12, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The malware uses the Bitcoin blockchain as a backup command-and-control center, making it resilient to shutdown attempts.<\/p>\n<p>Glupteba has been known since the early 2010s and is a full-featured <span data-descr=\"a program for collecting information from third-party resources\" class=\"old_tooltip\">grabber<\/span> and backdoor capable of cryptocurrency mining and deploying proxies on infected hosts.\u00a0<\/p>\n<p>Additionally, it can steal digital assets, credit card data, Google accounts, and other programs, as well as use routers for remote administrative access.<\/p>\n<p>The botnet&#8217;s developers continually refine its multi-stage infection chain.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"339\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/word-image-132484-1-2-1024x339.png\" alt=\"word-image-132484-1-2\" class=\"wp-image-226260\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/word-image-132484-1-2-1024x339.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/word-image-132484-1-2-300x99.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/word-image-132484-1-2-768x254.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/word-image-132484-1-2-1536x509.png 1536w, https:\/\/u1f987.com\/wp-content\/uploads\/word-image-132484-1-2.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data: Palo Alto Networks, Inc.<\/figcaption><\/figure>\n<p>In 2023, Glupteba affected various sectors in Greece, Nepal, Bangladesh, Brazil, South Korea, Algeria, Ukraine, Slovakia, Turkey, Italy, and Sweden. <\/p>\n<h2 class=\"wp-block-heading\"><strong>FBI Halts Warzone RAT Trojan and Moobot Botnet<\/strong><\/h2>\n<p>The FBI <a href=\"https:\/\/www.justice.gov\/opa\/pr\/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales\">seized four domains and the main website<\/a> of the Warzone RAT remote access trojan, and arrested two individuals involved in its operations.<\/p>\n<p>27-year-old Daniel Meli from Malta has been charged with unauthorized damage to protected computers and conspiracy to infiltrate information systems.<\/p>\n<p>31-year-old Prince Onyeoziri Odinakachi from Nigeria is accused of providing customer support to cybercriminals who purchased access to Warzone RAT from June 2019 to March 2023.\u00a0<\/p>\n<p>Meli faces up to 25 years in prison, while Odinakachi could face up to 15 years. Each may incur a fine of at least $500,000.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"646\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/2024-02-16-16.56.13-1024x646.jpg\" alt=\"2024-02-16-16.56.13\" class=\"wp-image-226256\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/2024-02-16-16.56.13-1024x646.jpg 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-02-16-16.56.13-300x189.jpg 300w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-02-16-16.56.13-768x485.jpg 768w, https:\/\/u1f987.com\/wp-content\/uploads\/2024-02-16-16.56.13.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data: FBI.<\/figcaption><\/figure>\n<p>Created in 2018, Warzone RAT allowed hidden access to remote desktops, theft of cookies and passwords, keystroke logging, webcam video recording, and process management within the system. The malware&#8217;s server infrastructure was located in Canada, Croatia, Finland, Germany, the Netherlands, and Romania.<\/p>\n<p>Additionally, the FBI <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian\">dismantled<\/a> the Moobot botnet, consisting of hundreds of routers, used by the Russian General Staff&#8217;s Main Intelligence Directorate as a global cyber espionage tool.<\/p>\n<p>The hackers targeted government and military structures, as well as security services and corporate organizations in the US and other countries.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Leader of Hacker Group JabberZeus Pleads Guilty<\/strong><\/h2>\n<p>Ukrainian citizen Vyacheslav Penchukov <a href=\"https:\/\/www.justice.gov\/opa\/pr\/foreign-national-pleads-guilty-role-cybercrime-schemes-involving-tens-millions-dollars\">admitted<\/a> his leadership role in the hacker groups Zeus and IcedID.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/2024-02-16-16.57.36.webp\" alt=\"2024-02-16-16.57.36\" class=\"wp-image-226255\"\/><figcaption class=\"wp-element-caption\">Data: FBI.<\/figcaption><\/figure>\n<p>Before his arrest in Switzerland in November 2022, he was on the FBI&#8217;s most wanted cybercriminals list for nearly a decade.\u00a0<\/p>\n<p>Last year, Penchukov was extradited to the US, where he is held responsible for infecting thousands of computers with malware and extorting millions of dollars.<\/p>\n<p>The court hearing is scheduled for May 9. Penchukov faces up to 40 years in prison.<\/p>\n<h2 class=\"wp-block-heading\"><strong>New Trojan Caught Secretly Scanning Faces for Deepfake Creation<\/strong><\/h2>\n<p>Group-IB specialists discovered the GoldPickaxe trojan, which spreads under the guise of government applications and popular mobile services.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/hashtag\/GoldDigger?src=hash&#038;ref_src=twsrc%5Etfw\">#GoldDigger<\/a> family grows: Group-IB&#8217;s TI Unit finds GoldPickaxe.iOS, the first <a href=\"https:\/\/twitter.com\/hashtag\/iOS?src=hash&#038;ref_src=twsrc%5Etfw\">#iOS<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Trojan?src=hash&#038;ref_src=twsrc%5Etfw\">#Trojan<\/a> harvesting <a href=\"https:\/\/twitter.com\/hashtag\/FacialRecognition?src=hash&#038;ref_src=twsrc%5Etfw\">#FacialRecognition<\/a> data for unauthorized bank access, targeting <a href=\"https:\/\/twitter.com\/hashtag\/APAC?src=hash&#038;ref_src=twsrc%5Etfw\">#APAC<\/a>. It is linked to the GoldDigger family discovered last October. Learn more: <a href=\"https:\/\/t.co\/pC4AAubb47\">https:\/\/t.co\/pC4AAubb47<\/a> <a href=\"https:\/\/t.co\/APRROpufHb\">pic.twitter.com\/APRROpufHb<\/a><\/p>\n<p>\u2014 Group-IB Threat Intelligence (@GroupIB_TI) <a href=\"https:\/\/twitter.com\/GroupIB_TI\/status\/1758039944516268174?ref_src=twsrc%5Etfw\">February 15, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The malware operates semi-autonomously. It can discreetly photograph the victim&#8217;s face, intercept incoming SMS, and request identification documents through social engineering. This information is later used by attackers to create deepfakes or gain unauthorized access to bank accounts.<\/p>\n<p>The trojan has versions for iOS and Android. So far, the attacks, which began in October 2023, mainly target the Asia-Pacific region. However, the methods used could be effective worldwide.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Data of 200,000 Facebook Marketplace Users Leaked on Darknet<\/strong><\/h2>\n<p>An unknown hacker under the alias IntelBroker has posted 200,000 records containing confidential information of Facebook Marketplace users on a hacker forum, reports <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/200-000-facebook-marketplace-user-records-leaked-on-hacking-forum\/\">Bleeping Computer<\/a>.<\/p>\n<p>The leaked data includes names, phone numbers, email addresses, Facebook IDs, and social media profile information. All of this can be used for further phishing attacks or SIM card swapping.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"347\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Facebook-Marketplace-leak-1024x347.webp\" alt=\"Facebook-Marketplace-leak\" class=\"wp-image-226254\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Facebook-Marketplace-leak-1024x347.webp 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Facebook-Marketplace-leak-300x102.webp 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Facebook-Marketplace-leak-768x260.webp 768w, https:\/\/u1f987.com\/wp-content\/uploads\/Facebook-Marketplace-leak.webp 1381w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data: Bleeping Computer.<\/figcaption><\/figure>\n<p>According to available information, the leak was obtained in October 2023 as a result of a breach of a third-party contractor managing Facebook&#8217;s cloud services.<\/p>\n<p>Meta has not commented on the incident.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Canada Bans Import and Sale of Flipper Zero<\/strong><\/h2>\n<p>Canada&#8217;s Department of Innovation, Science and Economic Development announced a <a href=\"https:\/\/www.canada.ca\/en\/public-safety-canada\/news\/2024\/02\/federal-action-on-combatting-auto-theft.html\">ban<\/a> on the import, sale, and use of the Flipper Zero device, along with other hacking gadgets, as part of efforts to combat car theft.<\/p>\n<p>According to the Canadian government, approximately <a href=\"https:\/\/www.canada.ca\/en\/public-safety-canada\/news\/2024\/02\/statement-of-intent-on-combatting-auto-theft.html\">90,000 cars<\/a> are stolen annually in the country (one every six minutes).\u00a0<\/p>\n<p>The portable programmable tool Flipper Zero allows interaction with various hardware and digital equipment through multiple protocols, including <span data-descr=\"Radio Frequency Identification\" class=\"old_tooltip\">RFID<\/span>, radio, NFC, infrared, and Bluetooth.<\/p>\n<p>Users have repeatedly demonstrated how it can unlock cars, open garage doors, activate doorbells, and clone various digital keys.<\/p>\n<p>Flipper Devices, the developer of the device, told <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/canada-to-ban-the-flipper-zero-to-stop-surge-in-car-thefts\/\">Bleeping Computer<\/a> that the gadget is useless for stealing cars manufactured in the last 24 years, as they use rolling codes.\u00a0<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cMoreover, to intercept the original signal, one would need to actively jam the owner&#8217;s signal, which the Flipper Zero hardware cannot do. Flipper Zero is designed for testing and developing security systems, and we have taken necessary precautions to ensure the device cannot be used for criminal purposes,\u201d the developers added.<\/p>\n<\/blockquote>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>CoinMetrics assessed the cost of a 51% attack on Bitcoin and Ethereum.<\/li>\n<li>Bitcoin mixer YoMix replaced sanctioned Sinbad for North Korean hackers.<\/li>\n<li>A vulnerability was found in the Trust Wallet app for iOS.<\/li>\n<li>OpenAI blocked state-sponsored hackers from accessing ChatGPT.<\/li>\n<li>Chainlink and Telef\u00f3nica to enhance Web3 application security.<\/li>\n<li>Hackers breached the X-account of the Notcoin project.<\/li>\n<li>The MINER experimental token team reported an attack on the smart contract.<\/li>\n<li>Crypto casino Duelbits lost $4.6 million in a hack.<\/li>\n<li>PlayDapp gaming platform suffered $290 million in damages from two exploits.<\/li>\n<li>A trader lost over $100,000 purchasing an ERC-404 token.<\/li>\n<li>Vitalik Buterin provided <a href=\"https:\/\/u1f987.com\/en\/news\/vitalik-buterin-offers-guidance-on-detecting-deepfakes\">guidance on detecting deepfakes<\/a>.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Weekend Reading Suggestions<\/strong><\/h2>\n<p>We publish an excerpt from Laura Shin&#8217;s book &#8220;The Cryptopians&#8221; about how Ethereum managers defended against hacker attacks during the ICO boom.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. Bitcoin blockchain-based malware gains a new feature. The FBI halts operations of the Warzone RAT trojan and Moobot botnet. Leader of the hacker group JabberZeus pleads guilty. New malware caught secretly scanning faces for deepfake creation. Bitcoin Blockchain Botnet Gains New Feature The modular [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10776,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-10777","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"22","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/10777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=10777"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/10777\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/10776"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=10777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=10777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=10777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}