{"id":22310,"date":"2025-03-22T07:00:00","date_gmt":"2025-03-22T05:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/an-ethereum-stealing-cheat-smishing-at-binance-and-other-cybersecurity-news\/"},"modified":"2025-03-22T07:00:00","modified_gmt":"2025-03-22T05:00:00","slug":"an-ethereum-stealing-cheat-smishing-at-binance-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/an-ethereum-stealing-cheat-smishing-at-binance-and-other-cybersecurity-news\/","title":{"rendered":"An Ethereum-stealing cheat, smishing at Binance, and other cybersecurity news"},"content":{"rendered":"<p>Here are the week\u2019s most significant cybersecurity developments.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\">\n<li>Bitcoin-wallet owners lured by game cheats.<\/li>\n<li>Binance warns of smishing texts and Trojanised apps.<\/li>\n<li>Coding-focused AI models face a new attack class.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Bitcoin-wallet owners lured by game cheats\u00a0<\/strong><\/h2>\n<p>Criminals are placing links in YouTube descriptions under videos advertising game cheats that download an archive whose contents install the Arcane infostealer, according to researchers at Kaspersky Lab.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? Think twice before downloading that &#8220;free cheat.&#8221;<\/p>\n<p>Cybercriminals are now using ArcanaLoader\u2014a sneaky downloader that claims to install cheats, cracks, and other \u201cuseful\u201d gaming tools, but which actually infects devices with the Arcane stealer ?<\/p>\n<p>Full story:\u2026 <a href=\"https:\/\/t.co\/7sZ4Ht0pQQ\">pic.twitter.com\/7sZ4Ht0pQQ<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/1903055370152464704?ref_src=twsrc%5Etfw\">March 21, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Among other things, the malware targets crypto wallets including Armory, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda and Coinomi. It also exfiltrates system information and user data from browsers, VPN clients, networking tools, messengers, email and gaming services.<\/p>\n<p>Most infections so far are in Russia, Belarus and Kazakhstan.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Binance warns of smishing and Trojan apps<\/strong><\/h2>\n<p>The cryptocurrency exchange Binance <a href=\"https:\/\/www.binance.com\/en\/blog\/security\/stay-safe-from-smishing--activate-your-antiphishing-code-today-4461490969893941512\">warned<\/a> users about a new wave of smishing\u2014fraudulent SMS messages sent in the name of the platform\u2019s administrators.<\/p>\n<p>Attackers send a bogus alert about suspicious account activity, then, under various pretexts, try to get the user to contact them and move funds to a \u201csafe\u201d wallet.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-1-9.webp\" alt=\"unnamed-1-9\" class=\"wp-image-254675\"\/><figcaption class=\"wp-element-caption\">Data: Binance.<\/figcaption><\/figure>\n<p>The exchange reiterated that it never asks users to make calls or compels them to move assets.<\/p>\n<p>Binance also <a href=\"https:\/\/www.binance.com\/en\/blog\/security\/web3-wallet-security-halting-trojan-horses-at-the-gates-of-your-crypto-fortress-8988411396830175237\">warned<\/a> about Trojans disguised as legitimate software. Recently, crypto holders were hit by the Bom app, which masqueraded as a mining tool.<\/p>\n<p>After installation it requested access to local files and scanned them for private keys or seed phrases. The campaign led to more than $650,000 being stolen across several blockchains.<\/p>\n<h2 class=\"wp-block-heading\"><strong>AI coding models hit by a new attack vector<\/strong><\/h2>\n<p>Researchers at Pillar Security found a new attack vector against GitHub Copilot and Cursor that compromises the code they generate.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The rise of <a href=\"https:\/\/twitter.com\/hashtag\/VibeCoding?src=hash&#038;ref_src=twsrc%5Etfw\">#VibeCoding<\/a> together with developers&#8217; inherent &#8220;automation bias&#8221; creates the perfect attack surface. We discovered a New Rules File Backdoor attack, that allows hackers to poison AI-powered tools like <a href=\"https:\/\/twitter.com\/hashtag\/GitHub?src=hash&#038;ref_src=twsrc%5Etfw\">#GitHub<\/a> Copilot &#038; <a href=\"https:\/\/twitter.com\/hashtag\/Cursor?src=hash&#038;ref_src=twsrc%5Etfw\">#Cursor<\/a> , and inject hidden malicious code into\u2026<\/p>\n<p>\u2014 Pillar Security (@Pillar_sec) <a href=\"https:\/\/twitter.com\/Pillar_sec\/status\/1903039472259760314?ref_src=twsrc%5Etfw\">March 21, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Malicious instructions are planted in tool configuration files using invisible Unicode characters. As a result, the models start producing backdoored and otherwise vulnerable code that slips past standard checks.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"536\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-20-1024x536.png\" alt=\"unnamed-20\" class=\"wp-image-254674\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-20-1024x536.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-20-300x157.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-20-768x402.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-20-1536x804.png 1536w, https:\/\/u1f987.com\/wp-content\/uploads\/unnamed-20.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data: Pillar Security.<\/figcaption><\/figure>\n<p>Following the disclosure, GitHub and Cursor said users are responsible for reviewing code proposed by their AI models.<\/p>\n<h2 class=\"wp-block-heading\"><strong>WhatsApp patches zero-day used in Paragon attacks<\/strong><\/h2>\n<p>WhatsApp representatives told <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks\/\">Bleeping Computer<\/a> the company fixed a zero-day vulnerability that was used to install Paragon\u2019s Graphite spyware.<\/p>\n<p>The fix was shipped at the end of 2024 and did not require additional client-side action.<\/p>\n<p>The service contacted potential victims directly, including journalists and members of civil society.<\/p>\n<h2 class=\"wp-block-heading\"><strong>A major RuNet outage linked to Cloudflare blocking<\/strong><\/h2>\n<p>On March 20th, some Russian users experienced problems accessing popular sites and services, including YouTube, Twitch and TikTok. Complaints were logged by <a href=\"https:\/\/xn--90aqok.xn--p1ai\/\">\u0421\u0431\u043e\u0439.\u0440\u0444<\/a> and <a href=\"https:\/\/downdetector.su\/\">Downdetector<\/a>.<\/p>\n<p>According to their data, customers of several Russian ISPs were affected. In some regions, mobile operators also suffered outages.<\/p>\n<p>In comments to <a href=\"https:\/\/t.me\/rbc_news\/114236\">RBC<\/a>, Roskomnadzor said the disruptions were related to \u201cthe use of foreign server infrastructure, where technical failures were recorded.\u201d The watchdog recommended Russian firms move to local hosting platforms.<\/p>\n<p>Meanwhile, participants of the ntc.party technical forum <a href=\"https:\/\/ntc.party\/t\/cloudflare-%D0%B7%D0%B0%D0%B1%D0%BB%D0%BE%D0%BA%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BB%D0%B8\/15202\">reported<\/a> the <a href=\"https:\/\/ping-admin.com\/free_test\/result\/1742439753p3b0ie018al86j113fz104.html\">unavailability<\/a> of the US <span data-descr=\"Content Delivery Network \u2014 a geographically distributed network infrastructure\" class=\"old_tooltip\">CDN<\/span> service Cloudflare. They argued that the fact not all ISPs were affected points to a Roskomnadzor block rather than a server-side failure.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Britain sets a timeline for post-quantum cryptography<\/strong><\/h2>\n<p>The UK\u2019s National Cyber Security Centre (NCSC) <a href=\"https:\/\/www.ncsc.gov.uk\/guidance\/pqc-migration-timelines\">urged<\/a> critical organisations to implement post-quantum cryptography (PQC) by 2035.<\/p>\n<p>The guidance primarily addresses government agencies, large enterprises, operators of critical national infrastructure, and technology and software vendors with bespoke IT systems. All must ensure full migration of their systems, services and products by the deadline.<\/p>\n<p>NCSC listed the risks of falling behind the proposed roadmap.<\/p>\n<p>The United States set a similar PQC migration schedule in <a href=\"https:\/\/csrc.nist.gov\/csrc\/media\/Presentations\/2024\/u-s-government-s-transition-to-pqc\/images-media\/presman-govt-transition-pqc2024.pdf\">National Security Memorandum No. 10<\/a>.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>RWA protocol Zoth suffered <a href=\"https:\/\/u1f987.com\/en\/news\/zoth-protocol-suffers-8-4-million-hack\">an $8.4 million exploit<\/a>.<\/li>\n<li>Ben Zhou: most of the funds stolen from Bybit <a href=\"https:\/\/u1f987.com\/en\/news\/ben-zhou-majority-of-stolen-bybit-funds-remain-traceable\">can be traced<\/a>.<\/li>\n<li>Experts warned <a href=\"https:\/\/u1f987.com\/en\/news\/experts-warn-of-malware-infested-tradingview-premium-software\">about infected software<\/a> in TradingView Premium.<\/li>\n<li>Gotbit\u2019s CEO <a href=\"https:\/\/u1f987.com\/en\/news\/gotbit-ceo-admits-fraud-agrees-to-pay-23-million\">pleaded guilty<\/a> to fraud and agreed to pay $23 million.<\/li>\n<li>Crypto address \u201cpoisoning\u201d netted hackers <a href=\"https:\/\/u1f987.com\/en\/news\/crypto-address-poisoning-nets-hackers-1-2-million-in-three-weeks\">$1.2 million in three weeks<\/a>.<\/li>\n<li>Media: prosecutors <a href=\"https:\/\/u1f987.com\/en\/news\/south-korean-prosecutors-seek-10-year-sentence-for-attacker-of-haru-invest-ceo\">sought 10 years<\/a> in prison for the attacker of Haru Invest\u2019s CEO.<\/li>\n<li>The US <a href=\"https:\/\/u1f987.com\/en\/news\/us-withdraws-claims-against-bitclout-founder\">withdrew claims<\/a> against the creator of the BitClout social network.<\/li>\n<li>Hackers began laundering crypto while posing <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-disguise-as-novice-traders-to-launder-cryptocurrency\">as novice traders<\/a>.<\/li>\n<li>Microsoft warned of a <a href=\"https:\/\/u1f987.com\/en\/news\/microsoft-warns-of-trojan-targeting-cryptocurrency-wallets\">Trojan<\/a> targeting crypto wallets.<\/li>\n<li>Wallet explained its <a href=\"https:\/\/u1f987.com\/en\/news\/wallet-explains-its-approach-to-freezing-user-wallets\">approach to blocking<\/a> user wallets.<\/li>\n<li>Wemix explained the <a href=\"https:\/\/u1f987.com\/en\/news\/wemix-clarifies-delay-in-disclosing-6-2-million-hack\">delay in disclosing the $6.2 million hack<\/a>.<\/li>\n<li>Bitcoin held by North Korean hackers <a href=\"https:\/\/u1f987.com\/en\/news\/north-korean-hackers-bitcoin-holdings-surpass-those-of-el-salvador-and-bhutan\">surpassed the reserves of El Salvador<\/a> and Bhutan.<\/li>\n<li>Users reported <a href=\"https:\/\/u1f987.com\/en\/news\/phishing-emails-impersonate-coinbase-and-gemini-users-warned\">phishing emails<\/a> impersonating Coinbase and Gemini.<\/li>\n<li>Reporters learned of <a href=\"https:\/\/u1f987.com\/en\/news\/chinese-authorities-impose-restrictions-on-deepseek-employees\">restrictions<\/a> on DeepSeek employees in China.<\/li>\n<li>Jameson Lopp <a href=\"https:\/\/u1f987.com\/en\/news\/jameson-lopp-proposes-burning-quantum-vulnerable-bitcoins\">proposed burning<\/a> quantum-vulnerable bitcoins.<\/li>\n<li>OKX <a href=\"https:\/\/u1f987.com\/en\/news\/okx-halts-dex-aggregator-amid-hacker-activity\">suspended its DEX aggregator<\/a> due to hacker activity.<\/li>\n<li>Hackers posted <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-spread-false-alerts-in-kaitos-name\">fake warnings<\/a> on behalf of Kaito.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>With Vladimir Menaskop, we examine the importance of consensus and its role in preventing hacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here are the week\u2019s most significant cybersecurity developments. Bitcoin-wallet owners lured by game cheats. Binance warns of smishing texts and Trojanised apps. Coding-focused AI models face a new attack class. Bitcoin-wallet owners lured by game cheats\u00a0 Criminals are placing links in YouTube descriptions under videos advertising game cheats that download an archive whose contents install [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":22309,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-22310","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"57","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/22310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=22310"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/22310\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/22309"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=22310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=22310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=22310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}