{"id":12996,"date":"2024-04-27T07:00:00","date_gmt":"2024-04-27T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/cybersecurity-highlights-antivirus-exploits-telegram-restrictions-and-more\/"},"modified":"2024-04-27T07:00:00","modified_gmt":"2024-04-27T04:00:00","slug":"cybersecurity-highlights-antivirus-exploits-telegram-restrictions-and-more","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/cybersecurity-highlights-antivirus-exploits-telegram-restrictions-and-more\/","title":{"rendered":"Cybersecurity Highlights: Antivirus Exploits, Telegram Restrictions, and More"},"content":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>The FBI warned US citizens against using crypto services without KYC.<\/li>\n<li>Developers of El Salvador&#8217;s Bitcoin wallet denied a code leak.<\/li>\n<li>Hackers concealed wallet-stealing malware in an antivirus update.<\/li>\n<li>Telegram will restrict content access for Ukrainian users on iOS.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>FBI Warns US Citizens Against Using Crypto Services Without KYC<\/strong><\/h2>\n<p>US citizens should avoid using cryptocurrency money transfer services not registered with <span data-descr=\"Financial Crimes Enforcement Network under the US Department of the Treasury\" class=\"old_tooltip\">FinCEN<\/span>. This warning was issued by the <a href=\"https:\/\/www.ic3.gov\/Media\/Y2024\/PSA240425\">FBI<\/a>.<\/p>\n<p>The agency also advises avoiding platforms that do not collect <span data-descr=\"Know Your Customer\" class=\"old_tooltip\">KYC<\/span> information from clients and do not adhere to <span data-descr=\"Anti-Money Laundering\" class=\"old_tooltip\">AML<\/span> procedures.<\/p>\n<p>Crypto services facilitating illegal operations are legitimate targets for law enforcement investigations. In such cases, their clients may lose access to funds, the FBI warned.<\/p>\n<h2 class=\"wp-block-heading\"><strong>El Salvador Bitcoin Wallet Developers Deny Breach, Admit External Leak<\/strong><\/h2>\n<p>On April 23, the hacker group CiberInteligenciaSV posted part of the source code and VPN credentials for accessing Chivo Bitcoin ATMs in El Salvador on BreachForums, as reported by <a href=\"https:\/\/cointelegraph.com\/news\/el-salvador-hacks-leak-state-bitcoin-wallet\">Cointelegraph<\/a>.<\/p>\n<p>According to the hackers, this information pertains to the state cryptocurrency wallet of the same name.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/34Zj1mWtp7mAH-NEc8zy5f07LcEsCXvaiun68nOTTWBBNNuOBtqm6BG1LqbzOd4MrJausHVQnV1qcmPbSOqArxjl2zJ2bhcM0b6xq1u4xMp-ZtgJfEHGNuQ1DVq_Q3wN7K0J3ghygRNenANEkytlL2k\" alt=\"Cybersecurity Highlights: Antivirus Exploits, Telegram Restrictions, and More\"\/><figcaption class=\"wp-element-caption\">Data: BreachForums.<\/figcaption><\/figure>\n<p>Commenting on the incident, Chivo wallet developers reported a leak in March 2023 affecting &#8220;one ATM in the city of San Miguel.&#8221; However, they stated that &#8220;the wallet&#8217;s security has never been compromised, and user data is protected.&#8221;<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"es\" dir=\"ltr\">COMUNICADO DE PRENSA<\/p>\n<p>Los datos de nuestros usuarios est\u00e1n protegidos y en ning\u00fan momento se ha violado la seguridad de CHIVO. <\/p>\n<p>PRESS RELEASE <\/p>\n<p>Our users\u2019 data is protected and CHIVO security has not been breached. <a href=\"https:\/\/t.co\/uGq3FhJ6ld\">pic.twitter.com\/uGq3FhJ6ld<\/a><\/p>\n<p>\u2014 chivo (@chivowallet) <a href=\"https:\/\/twitter.com\/chivowallet\/status\/1782992751354655118?ref_src=twsrc%5Etfw\">April 24, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Previously, the same hackers released confidential information of over 5 million users related to the wallet&#8217;s KYC procedures. It included full names, unique identification numbers, birth dates, addresses, phone numbers, emails, and photographs of Salvadorans.<\/p>\n<p>In June 2021, the country&#8217;s authorities offered citizens $30 in Bitcoin for registering in the Chivo app.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hackers Conceal Wallet-Stealing Malware in Antivirus Update<\/strong><\/h2>\n<p>The North Korean hacker group Kimsuki used the eScan antivirus update mechanism to deliver the GuptiMiner malware, as reported by <a href=\"https:\/\/decoded.avast.io\/janrubin\/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining\/\">Avast<\/a> experts.<\/p>\n<p>With its help, the attackers installed a hidden Monero miner, XMRig, and two separate backdoors in large corporate systems. These backdoors scanned the local network for vulnerabilities and the presence of cryptocurrency wallets and their private keys.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/920xnfKuyVNzYeC7IxM-fuKPjs1ycmbkm88B_TdTLLYyJcRmH6yfzbBuLLxrme6RWON1mKb0jYAbHi8l48DCmwuQTyrUhNEfTLEzAXoLzkAPiTrsOjb8gpFs_IClfxEEzTIV1CMSFB9hZ76ivfzFOTk\" alt=\"Cybersecurity Highlights: Antivirus Exploits, Telegram Restrictions, and More\"\/><figcaption class=\"wp-element-caption\">GuptiMiner attack chain. Data: Avast.<\/figcaption><\/figure>\n<p>The eScan antivirus provider confirmed that the issue has been resolved.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Experts Discover Malware in GitHub Comments<\/strong><\/h2>\n<p>Malicious actors leave comments with attached malicious files on GitHub of well-known companies. Due to the URL linking to legitimate repositories, these comments gain user trust, as reported by <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/github-comments-abused-to-push-malware-via-microsoft-repo-urls\/\">Bleeping Computer<\/a>.<\/p>\n<p>Microsoft repositories are most commonly used for this scheme. The download link is automatically generated when a file is added to a comment and remains active even if the publication is canceled or deleted.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-eu.googleusercontent.com\/HNOVPGxEMY446MoOiN-uvLPAkx1lqMonjoD89G4NKeQCzj2NNxIed4-KH3TOZVK1MnrRm80rkbXW1XBvtjNaK2EcZx8WkJYK-F5-o5tq2NXO4jhQG7m1VmighuEHNlZrsbikmVkvdB_SmiDhsFkNKv4\" alt=\"Cybersecurity Highlights: Antivirus Exploits, Telegram Restrictions, and More\"\/><figcaption class=\"wp-element-caption\">Data: Bleeping Computer.<\/figcaption><\/figure>\n<p>A similar issue, according to <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting\/\">media<\/a>, affected the GitLab service as well.<\/p>\n<p>Protection against abuse is only possible by disabling comments.<\/p>\n<p>At the time of writing, the malware from Microsoft repositories has been removed, but it remains available in several other projects.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Ukraine Reports Russian Cyberattack on 20 Critical Infrastructure Objects<\/strong><\/h2>\n<p>Experts from <span data-descr=\"Computer Emergency Response Team under the Government of Ukraine\" class=\"old_tooltip\">CERT-UA<\/span> <a href=\"https:\/\/cert.gov.ua\/article\/6278706\">reported<\/a> a large-scale attack by Russian hackers Sandworm on internal systems of utility companies in ten regions of Ukraine. The incident occurred in March.<\/p>\n<p>This group is linked to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).<\/p>\n<p>In at least three cases, hackers managed to penetrate the target network, deliver compromised or vulnerable software, and gain access to the organization&#8217;s maintenance and support systems.<\/p>\n<p>CERT-UA&#8217;s report detailed the tools used during the attacks.<\/p>\n<p>Experts believe the Russian side aimed to amplify the effect of missile strikes on infrastructure objects.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Telegram to Restrict Content Access for Ukrainian Users on iOS<\/strong><\/h2>\n<p>Telegram founder Pavel Durov <a href=\"https:\/\/t.me\/durov\/266\">announced<\/a> that Apple has demanded the hiding of certain news and propaganda channels for users accessing the messenger on iPhones with Ukrainian SIM cards.<\/p>\n<p>Which channels will be blocked remains unknown.<\/p>\n<p>Durov emphasized that to avoid removal from app stores, Telegram must comply with such requests.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cIf it were entirely up to us, we would always provide our users with what they ask for: access to uncensored information and opinions so they can make their own decisions. However, this is not always up to us,\u201d he noted.<\/p>\n<\/blockquote>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>A US blogger was sentenced to seven years in prison for crypto fraud.<\/li>\n<li>The SEC accused Bitcoin miner Geosyn Mining of $5.6 million fraud.<\/li>\n<li>Five Russian banks began testing Bitcoin transaction tracking.<\/li>\n<li>Samourai Wallet founders arrested for laundering $100 million.<\/li>\n<li>A scam scheme &#8220;earning&#8221; on Toncoin was discovered on Telegram.<\/li>\n<li>Tether announced plans to block payments circumventing sanctions.<\/li>\n<li>Experts refuted the presence of a high-risk label on KuCoin transactions.<\/li>\n<li>The &#8220;Red Admin&#8221; of WEX was ordered to pay an additional 18 billion rubles.<\/li>\n<li>A failure occurred in the Polkadot ecosystem.<\/li>\n<li>The winner of &#8220;Crypto: The Game&#8221; donated the prize to Tornado Cash developers.<\/li>\n<li>12 presale tokens on Solana were abandoned after a month.<\/li>\n<li>ZKasino accused of stealing $33 million from users.<\/li>\n<li>An Indian resident confessed to stealing $9.5 million from Coinbase users.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Weekend Reading Suggestions<\/strong><\/h2>\n<p>We explore the structure of decentralized social networks that allow publishing and distributing content without censorship and with monetization opportunities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the most significant cybersecurity news of the week. The FBI warned US citizens against using crypto services without KYC. Developers of El Salvador&#8217;s Bitcoin wallet denied a code leak. Hackers concealed wallet-stealing malware in an antivirus update. Telegram will restrict content access for Ukrainian users on iOS. FBI Warns US Citizens Against [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12995,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-12996","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"34","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/12996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=12996"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/12996\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/12995"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=12996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=12996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=12996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}