- \n
- “Test” video games spread crypto-stealing malware.<\/li>\n
- Russians warned about an app that clones bank cards.<\/li>\n
- Telegram blocks cut data leaks.<\/li>\n<\/ul>\n<\/div>\n
Experts uncover another way to steal crypto via Zoom<\/strong><\/h2>\n
The director of cybersecurity firm Trail of Bits encountered<\/a> a Zoom-borne cyberattack after being invited to an interview with Bloomberg Crypto. The attackers contacted the target on social media and scheduled the call via Calendly links.<\/p>\n
Calendly page used to schedule the interview. Data: Trail of Bits.<\/figcaption><\/figure>\n During the call, the hackers initiated screen sharing and sent a request for remote control. At that moment, the caller changed their display name to “Zoom”, making the prompt look legitimate to the victim: “Zoom is requesting remote control of your screen”.<\/p>\n
If approved, the attacker gains full remote control of the system, enabling theft of confidential data, installation of malware and initiation of crypto transactions.<\/p>\n
Russians warned about a card-cloning app<\/strong><\/h2>\n
Company F6 discovered<\/a> a new malicious build of the legitimate NFCGate app for attacks on bank customers. It is tailored for fraudulent call centres.<\/p>\n
Instead of intercepting NFC data from a user’s card, the attackers create a clone of their own card on the victim’s device. They then, under various pretexts, direct the victim to an ATM to deposit money supposedly to themselves. In fact, all transfers go to the scammers.<\/p>\n
Fraud scheme. Data: F6.<\/figcaption><\/figure>\n Losses of Russian bank customers from all malicious versions of NFCGate in Q1 2025 totalled 432m rubles. The average loss from the new version in March is estimated at 100,000 rubles.<\/p>\n
“Test” video games spread crypto-stealers<\/strong><\/h2>\n
“Test” video games have appeared on popular gaming platforms, used by cybercriminals to steal users’ confidential information, noted<\/a> Flashpoint.<\/p>\n
After the victim downloads an archive, the AgeoStealer malware lands on the computer. It scans Chrome, Firefox, Microsoft Edge and Opera for stored credentials, authentication tokens and browsing history.<\/p>\n
A Blogspot page delivering an archive containing AgeoStealer. Data: Flashpoint.<\/figcaption><\/figure>\n The stealer prioritises logins and passwords, cookies and cryptocurrency wallet data.<\/p>\n
AgeoStealer can mask its activity and evade detection by traditional antivirus tools for prolonged periods.<\/p>\n
Telegram blocks reduced the number of leaks<\/strong><\/h2>\n
In the first quarter of 2025, F6 specialists recorded<\/a> 67 cases of publishing databases of Russian companies, 29% fewer than in the same period last year (95 leaks).<\/p>\n
Experts linked the decline to active blocking of closed Telegram chats where stolen information was distributed.<\/p>\n
More than 46% of all public leaks in 2025 fall on retail and online stores, 13% on the public sector. IT companies, internet services, telecoms and educational portals are also at risk.<\/p>\n
Roughly 99.7m rows ended up in open access, including full names, home addresses, passwords, dates of birth, passport data and phone numbers.<\/p>\n
Americans asked to help catch hackers<\/strong><\/h2>\n
The FBI requested<\/a> information from the public about Chinese hackers Salt Typhoon, behind large-scale breaches of telecommunications providers’ networks in the US and worldwide. Their activity led to theft of call detail records and a limited number of private messages.<\/p>\n
Authorities are interested in any information that could help identify and locate the cybercriminals.<\/p>\n
Separately, the State Department offers a reward of up to $10m for information on foreign hackers involved in malicious activity against US critical infrastructure.<\/p>\n
Scammers built an “AI-based investment project” in WhatsApp’s name<\/strong><\/h2>\n
The phishing site WhatsApp AI dupes users by promising monthly earnings from \u20ac14,000, experts at Solar AURA told ForkLog.<\/p>\n
The platform is promoted as “a new solution for automated stock trading via the popular messenger”. Clients are enticed with minimal investments \u2014 it is enough to leave personal data and deposit funds for access to the system.<\/p>\n
After payment, the money stays with the scammers, and the victim receives no profit.<\/p>\n
Also on ForkLog:<\/p>\n
- \n
- The Zora team was suspected of selling tokens<\/a> ahead of the airdrop.<\/li>\n
- CloneX NFT avatars returned<\/a> after “disappearing”.<\/li>\n
- Hackers from North Korea created shell companies<\/a> to deceive users.<\/li>\n
- Tether froze 28.7m USDT<\/a> across 13 addresses.<\/li>\n
- Crypto scammers stole<\/a> $2.8bn from elderly Americans in 2024.<\/li>\n
- ZKsync reached a deal with a hacker<\/a> to return $5m.<\/li>\n
- In NABU’s bitcoin declarations, inaccurate data<\/a> were found.<\/li>\n
- Operators of crypto-theft malware have begun renting out tools<\/a>.<\/li>\n
- The SEC accused PGI Global’s CEO of crypto fraud<\/a> worth $198m.<\/li>\n
- Unicoin rejected the SEC’s settlement offer<\/a>.<\/li>\n
- A hacker attacked XRP holders<\/a> via a JavaScript library.<\/li>\n
- WazirX will resume operations<\/a> after a $235m hack.<\/li>\n
- The UN voiced concern about money laundering<\/a> via mining.<\/li>\n
- Binance’s founder received 90m fake tokens<\/a> Grok.<\/li>\n
- Durov denied handing over<\/a> private Telegram chats to authorities.<\/li>\n
- Bitget will compensate losses after manipulation<\/a> with the VOXEL token.<\/li>\n
- In Kazakhstan, three pyramids had 3.8m USDT seized<\/a>.<\/li>\n
- Bybit’s CEO: more than half of stolen assets can be traced<\/a>.<\/li>\n
- HashFlare’s founders were asked to leave the US<\/a> despite a court order.<\/li>\n
- BestChange reported another block<\/a> in Russia.<\/li>\n<\/ul>\n
What to read this weekend?<\/strong><\/h2>\n
The story of the founder of the OneCoin crypto pyramid scheme. How did Ruja Ignatova live, and where did she disappear to?<\/p>\n","protected":false},"excerpt":{"rendered":"
We round up the week’s key cybersecurity news. “Test” video games spread crypto-stealing malware. Russians warned about an app that clones bank cards. Telegram blocks cut data leaks. Experts uncover another way to steal crypto via Zoom The director of cybersecurity firm Trail of Bits encountered a Zoom-borne cyberattack after being invited to an interview […]<\/p>\n","protected":false},"author":1,"featured_media":23442,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-23443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"86","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/23443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=23443"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/23443\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/23442"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=23443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=23443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=23443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- CloneX NFT avatars returned<\/a> after “disappearing”.<\/li>\n
- The Zora team was suspected of selling tokens<\/a> ahead of the airdrop.<\/li>\n
![\"Crypto](\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXe0Eqogmezpyjr-2p6uu17xB6Z78XJH5Iby4iKKwIP09Hi2T9eoIkjywTSpqLpVipjUjZ2zSBs27nQ8EgNNcfJB6do8GfPApZ-ELMfUIZCAzJXiksUNtotf4wlM-Pn6Ym86Zhnjjw?key=H9NjcvkvDmvNnL3sFfSfvSHq\")
![\"Crypto](\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXdF2XxnXlrooOdDlsWBraxgYfkv8NMarvf1sJUfDiikyz9vaT272QcfKiwqNq82UMHd5HKDqu6HnPBJ1Z6NHGacalgYyZLbf4Wa1d8S0kHgbtwFLncFCBCxlRlUbrYJyEsA5JXKxg?key=H9NjcvkvDmvNnL3sFfSfvSHq\")
![\"Crypto](\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXf6JiJ7FC8poly5ruKff1sDPVNsl68VMyHH9Msj4wTA-pTJTtAHiVIzBGAcTfTLOD8kN-ubArKb7mNGhyTc6ZPZuXd_BJm1fkO7jfsyUaK4TgER84OABPU-L_ngj7WJ--mzuK8uHg?key=H9NjcvkvDmvNnL3sFfSfvSHq\")