{"id":75030,"date":"2023-03-04T06:00:00","date_gmt":"2023-03-04T04:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=75030"},"modified":"2025-09-10T03:09:54","modified_gmt":"2025-09-10T00:09:54","slug":"gadget-reboot-triggered-by-youtube-clip-trezor-phishing-attack-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/gadget-reboot-triggered-by-youtube-clip-trezor-phishing-attack-and-other-cybersecurity-news\/","title":{"rendered":"Gadget reboot triggered by YouTube clip, Trezor phishing attack and other cybersecurity news"},"content":{"rendered":"<p>We round up the week&#8217;s most important cybersecurity news.<\/p>\n<div class=\"wp-block-text-wrappers-keypoints article_keypoints\">\n<ul class=\"wp-block-list\" id=\"block-0cf8e7ba-961a-489d-ad8a-289db9d11d7a\">\n<li>Trezor users fell victim to a mass phishing campaign.<\/li>\n<li>Hackers hid a Monero miner in pirated macOS software.<\/li>\n<li>A YouTube video caused Pixel smartphones to reboot.<\/li>\n<li>The Dota 2 developer baited and caught more than 40,000 cheaters.<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"wp-block-heading\"><strong>Trezor users fall victim to a mass phishing campaign<\/strong><\/h2>\n<p>Starting February 27, attackers have targeted Trezor hardware wallet users via email and SMS messages about a purported data breach. Security researcher Mich noted this.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? <a href=\"https:\/\/twitter.com\/Trezor?ref_src=twsrc%5Etfw\">@Trezor<\/a> <\/p>\n<p>\u26a0 \/supports-tresor.buzz<br \/>\u26a0 \/private-tresor-support.ink<br \/>\u26a0 \/supports-tresor.buzz<\/p>\n<p>\u2623 AS22612 [198.54.115.46]<\/p>\n<p>? <a href=\"https:\/\/twitter.com\/Namecheap?ref_src=twsrc%5Etfw\">@Namecheap<\/a><br \/>? Namecheap<a href=\"https:\/\/twitter.com\/ActorExpose?ref_src=twsrc%5Etfw\">@ActorExpose<\/a> <a href=\"https:\/\/twitter.com\/bunnymaid?ref_src=twsrc%5Etfw\">@bunnymaid<\/a> <a href=\"https:\/\/twitter.com\/CryptoPhishing?ref_src=twsrc%5Etfw\">@CryptoPhishing<\/a> <a href=\"https:\/\/twitter.com\/CryptoScamDB?ref_src=twsrc%5Etfw\">@CryptoScamDB<\/a> <a href=\"https:\/\/twitter.com\/JAMESWT_MHT?ref_src=twsrc%5Etfw\">@JAMESWT_MHT<\/a> <a href=\"https:\/\/twitter.com\/JCyberSec_?ref_src=twsrc%5Etfw\">@JCyberSec_<\/a> <a href=\"https:\/\/twitter.com\/sniko_?ref_src=twsrc%5Etfw\">@sniko_<\/a> <a href=\"https:\/\/twitter.com\/nullcookies?ref_src=twsrc%5Etfw\">@nullcookies<\/a> <a href=\"https:\/\/twitter.com\/Spam404?ref_src=twsrc%5Etfw\">@Spam404<\/a><a href=\"https:\/\/twitter.com\/hashtag\/fraud?src=hash&#038;ref_src=twsrc%5Etfw\">#fraud<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/scam?src=hash&#038;ref_src=twsrc%5Etfw\">#scam<\/a> <a href=\"https:\/\/t.co\/AuoJwvCIWW\">pic.twitter.com\/AuoJwvCIWW<\/a><\/p>\n<p>\u2014 Mich (@dubstard) <a href=\"https:\/\/twitter.com\/dubstard\/status\/1630634978110259214?ref_src=twsrc%5Etfw\">February 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Phishing messages purportedly from the company urge recipients to click the link to protect their device.\u00a0<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/YtRW_251_gO7-rwp5SHaYGZQAp8ZOk2wt34KLjGTsE3nLYpYZcP6I02vL7fTbpuKqQLJnIWjkgB22i63lfoToKSBNlGisFWmPXYTMAkbaeH59acGwvIvrnRqtwk5W2-gLBXfv-Vj9f613TzqMMHiydw\" alt=\"Gadget reboot triggered by YouTube clip, Trezor phishing attack and other cybersecurity events\"\/><figcaption>Data: <a href=\"https:\/\/twitter.com\/dubstard\/status\/1630634978110259214\">Mich<\/a>.<\/figcaption><\/figure>\n<p>A fake site displays a warning that user assets may be at risk. After pressing the Start button, a seed phrase is requested supposedly to restore access to the account. In reality the attackers gain access to the funds in the wallet this way.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/TLpPpj7x3etslAu7iZfKnEXManKxJRebpW4Wy7L5cpZVxBKrcRWsoQuIZKR8qnb-pNpJzEVidUMOD0Brh_RCHdZfzdbt8n0DxENoxBB8Zj7qCww25EvAlID2XExBSXolvSNWB6x6P5mMl6wFfdc9rqA\" alt=\"Gadget reboot triggered by YouTube clip, Trezor phishing attack and other cybersecurity events\"\/><figcaption>Landing page of the phishing site. Data: Urlscan.<\/figcaption><\/figure>\n<p>Developers at Trezor have acknowledged the phishing campaign and urged users to stay vigilant. They also said they found no evidence of a recent data breach in their internal systems.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">? Beware of the active phishing scam!<\/p>\n<p>The attackers contact the victims via phone call, SMS and\/or email to say that there\u2019s been a security breach or suspicious activity on their Trezor account.<\/p>\n<p>\u27a1\ufe0f Please ignore these messages as they are not from Trezor. \u2b05\ufe0f<\/p>\n<p>More info in?? <a href=\"https:\/\/t.co\/nzfSzfwcZ1\">pic.twitter.com\/nzfSzfwcZ1<\/a><\/p>\n<p>\u2014 Trezor (@Trezor) <a href=\"https:\/\/twitter.com\/Trezor\/status\/1630526933199998977?ref_src=twsrc%5Etfw\">February 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Postal addresses and phone numbers of Trezor customers were apparently obtained by the attackers via a marketing list stolen in a MailChimp breach in March 2022.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Data thieves attacked cloud services under the guise of a crypto miner<\/strong><\/h2>\n<p>Sysdig researchers uncovered a large-scale hacking campaign, SCARLETEEL, targeting cloud services.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">\u2694 Sysdig TRT just uncovered a nasty cloud attack. SCARLETEEL began with a compromised container &#038; ended with privilege escalation into an <a href=\"https:\/\/twitter.com\/hashtag\/AWS?src=hash&#038;ref_src=twsrc%5Etfw\">#AWS<\/a> account to steal proprietary software. Read more on the attack &#038; takeaways to help you stay safe in the cloud: <a href=\"https:\/\/t.co\/fME8ASYyrt\">https:\/\/t.co\/fME8ASYyrt<\/a><\/p>\n<p>\u2014 Sysdig (@sysdig) <a href=\"https:\/\/twitter.com\/sysdig\/status\/1630635967261335556?ref_src=twsrc%5Etfw\">February 28, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In compromised cloud environments, attackers deployed cryptominers. However, experts say the cryptojacking attack is a mere sideshow compared with the real goals: stealing proprietary software.<\/p>\n<p>According to Sysdig, the hackers used a vulnerable public service in a self-managed Kubernetes cluster hosted on Amazon Web Services. They installed the XMRig miner and a credential-extraction script.<\/p>\n<p>The obtained data later helped attackers create backdoor users and groups for propagation in the company\u2019s cloud environment.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hackers hid a Monero miner in pirated macOS software<\/strong><\/h2>\n<p>Malicious versions of some macOS programs, distributed including through pirated torrents, were found to be infected with a hidden Monero miner, according to researchers at Jamf Threat Labs.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Check out our latest blog post authored by <a href=\"https:\/\/twitter.com\/mattbenyo?ref_src=twsrc%5Etfw\">@mattbenyo<\/a> on a family of <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&#038;ref_src=twsrc%5Etfw\">#malware<\/a> Jamf Threat Labs has been following that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&#038;ref_src=twsrc%5Etfw\">#security<\/a> community. <a href=\"https:\/\/t.co\/PrY6nZfJ6S\">https:\/\/t.co\/PrY6nZfJ6S<\/a><\/p>\n<p>\u2014 Jamf (@JamfSoftware) <a href=\"https:\/\/twitter.com\/JamfSoftware\/status\/1628783677923631104?ref_src=twsrc%5Etfw\">February 23, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>They found a The Pirate Bay forum user nicknamed wtfisthat34698409672, who has published malicious apps since 2019, including Adobe Photoshop, Logic Pro X, Final Cut Pro and others.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/leYHgMAM6nBBOZd8qGZRFghfQmAaMIy7zfM7_of-ceP7LoFY8_FsiXeXNnLpWWnhZpW06d2Zc262D2h4EXZmsgCOAWI-9riiIZpPxgCsGVdiiLO863dZv3s12NWvG-_R61Aol3QmCPMjO6C_SoDggmk\" alt=\"Gadget reboot triggered by YouTube clip, Trezor phishing attack and other cybersecurity events\"\/><figcaption>Screenshot from The Pirate Bay. Data: Jamf Threat Labs.<\/figcaption><\/figure>\n<p>The latest version of the malware contains a special script that terminates malicious processes when the system utility Activity Monitor starts, allowing it to stay hidden longer.<\/p>\n<p>Apple said they are aware of the problem and are working on updates to effectively block the malware.<\/p>\n<h2 class=\"wp-block-heading\"><strong>YouTube video rebooted Pixel smartphones<\/strong><\/h2>\n<p>Reddit users noted that Pixel devices powered by Google Tensor processors reboot when trying to watch a 4K HDR clip from the movie &#8216;Alien&#8217;.<\/p>\n<p>A discussion participant under the nickname OGPixel5 identified the issue on Google Pixel 6, 6a and 7. Others added that after this crash mobile service stops working and to re-enable it you need to reboot the device again, but manually.<\/p>\n<p>They speculated that something in the video format triggers the phones\u2019 error. The exact cause remains unknown.\u00a0<\/p>\n<p>According to ArsTechnica, Google has already remotely fixed the bug, without releasing any update or patch.<\/p>\n<h2 class=\"wp-block-heading\"><strong>The Dota 2 developer nabbed more than 40,000 cheaters with a lure<\/strong><\/h2>\n<p>Valve created a special patch honeypot, through which it identified and blocked more than 40,000 cheaters in Dota 2.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Cheaters Will Never Be Welcome in Dota<a href=\"https:\/\/t.co\/D0keeCjKIF\">https:\/\/t.co\/D0keeCjKIF<\/a><\/p>\n<p>\u2014 DOTA 2 (@DOTA2) <a href=\"https:\/\/twitter.com\/DOTA2\/status\/1628162283649241088?ref_src=twsrc%5Etfw\">February 21, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Developers added a data-section in the game client that ordinary players did not read, but that triggered when using third-party cheating tools and exploits aimed at locating internal data.<\/p>\n<p>This wave of bans was among the most widespread in history. Valve added that after the cleanup they closed the hole exploited by cheaters.\u00a0<\/p>\n<h2 class=\"wp-block-heading\"><strong>BidenCash carders exposed data for 2.1 million bank cards<\/strong><\/h2>\n<p>The BidenCash operators freely posted on a hacker forum a file containing information on 2.1 million compromised bank cards.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The recent release of 2.1M compromised credit cards by card shop BidenCash underscores the importance of leveraging threat intel to prevent card fraud.<\/p>\n<p>Read more about BidenCash and the evolving state of the illicit credit card marketplace: <a href=\"https:\/\/t.co\/RMcR6IK8QW\">https:\/\/t.co\/RMcR6IK8QW<\/a><\/p>\n<p>\u2014 Flashpoint (@FlashpointIntel) <a href=\"https:\/\/twitter.com\/FlashpointIntel\/status\/1631370275802456076?ref_src=twsrc%5Etfw\">March 2, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Flashpoint researchers, the dump includes:<\/p>\n<ul class=\"wp-block-list\">\n<li>cardholder name and address;<\/li>\n<li>full card number;<\/li>\n<li>expiration date;<\/li>\n<li>CVV number;<\/li>\n<li>bank name.<\/li>\n<\/ul>\n<p>The expiration date on about 70% of the leaked cards expires in 2023. 50% of the cards belong to individuals or entities from the US, with another about 5% stolen from users in China and the United Kingdom.<\/p>\n<p>Mostly card data was obtained from web skimmers \u2014 malicious scripts attackers embed on checkout pages of online stores.<\/p>\n<p>BidenCash ranks among the top five carding shops by card count.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/WdlZsnOA_ZyGmggjRVUwoiX9YZBowBJRsF7aK9J5w3_jAKXzz4HaElqWXhJJ_G27rhlJC_B723x7sYcpd2qg8kgDfmR-XBO2a7nH9zvzMOmv3shFocaR1Ex7oLYQV76kwO5c1TEhfWwKssvP7Ns6PGQ\" alt=\"Gadget reboot triggered by YouTube clip, Trezor phishing attack and other cybersecurity events\"\/><figcaption>Data: Flashpoint.<\/figcaption><\/figure>\n<p>Although the freely available dump is among the largest in the past year, researchers believe that the expiration dates of most of the disclosed cards will soon pass, or financial institutions already know about the related fraud.<\/p>\n<p>Also on ForkLog:<\/p>\n<ul class=\"wp-block-list\">\n<li>In TikTok viral video featuring <a href=\"https:\/\/u1f987.com\/en\/news\/video-on-tiktok-of-colombias-bitcoin-scammer-number-one-goes-viral\">\u00abBitcoin Scammer No. 1\u00bb<\/a> from Colombia.<\/li>\n<li>The attacker sent out <a href=\"https:\/\/u1f987.com\/en\/news\/attacker-circulated-phishing-emails-to-the-sandbox-users\">phishing emails<\/a> to The Sandbox users.<\/li>\n<li>Bitzlato warned about <a href=\"https:\/\/u1f987.com\/en\/news\/bitzlato-warned-about-aml-flags-on-bitcoin-withdrawals-from-the-platform\">AML tags<\/a> on Bitcoin withdrawals from the platform.<\/li>\n<li>MyAlgo wallet users were <a href=\"https:\/\/u1f987.com\/en\/news\/myalgo-wallet-users-urged-to-withdraw-funds-after-hacks\">asked to withdraw funds<\/a> due to a breach.<\/li>\n<li>The SEC accused a former FTX top executive of <a href=\"https:\/\/u1f987.com\/en\/news\/sec-accuses-former-ftx-top-executive-of-deceiving-investors\">defrauding investors<\/a>.<\/li>\n<li>The LaunchZone token <a href=\"https:\/\/u1f987.com\/en\/news\/launchzone-token-plunges-82-after-hack\">dropped by 82%<\/a> as a result of the hack.<\/li>\n<li>In Bali, a Russian blogger had <a href=\"https:\/\/u1f987.com\/en\/news\/in-bali-a-russian-crypto-blogger-had-284000-in-cryptocurrency-stolen\">$284,000 stolen<\/a> in cryptocurrency.<\/li>\n<li>The Solana network <a href=\"https:\/\/u1f987.com\/en\/news\/solana-network-rebooted-after-validator-software-update-error\">was restarted<\/a> after a bug in validators&#8217; software update.<\/li>\n<li>The Oasis platform <a href=\"https:\/\/u1f987.com\/en\/news\/oasis-platform-confiscates-assets-tied-to-wormhole-hack\">confiscated<\/a> assets stolen during the Wormhole hack.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>What to read this weekend?<\/strong><\/h2>\n<p>In the Cryptorium educational section we explain why deepfakes are dangerous and how to spot them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We have compiled the week&#8217;s most important cybersecurity news.<\/p>\n","protected":false},"author":1,"featured_media":75031,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1238,1233],"class_list":["post-75030","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity-digest","tag-industry-digests"],"aioseo_notices":[],"amp_enabled":true,"views":"30","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/75030","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=75030"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/75030\/revisions"}],"predecessor-version":[{"id":75032,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/75030\/revisions\/75032"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/75031"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=75030"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=75030"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=75030"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}