Hackers Are Distributing a Vulnerable Tor Browser Version to Spy and Steal User’s Bitcoin

The researchers of the IT security company ESET have recently discovered a new way that hackers use to invade people’s computers. According to them, several hackers have been distributing a malicious version of the Tor Browser, which is generally used to access the deep web or to browse incognito.

This malicious version, however, is set to steal cryptocurrencies from the users and to spy on their computers. So far, the trojan has only led users to lose a very small amount of Bitcoin, but the problem is serious, so the researchers warned the users to be careful when using the software.

According to the researchers from ESET, the tokens are generally taken because the hackers change the address of the wallets when the user tries to make a payment using the fake browser.

Anton Cherepanov, the senior malware researcher at the company, affirmed that the wallets belonging to the criminals have received several transactions, however, most of them had small values. So far, the wallets have received only about 4.8 BTC ($38,700 USD), a huge gain for the hackers, but not a huge loss to people, as these transactions came from many different victims. He added;

“Each such wallet contains relatively large numbers of small transactions; we consider this a confirmation that these wallets indeed were used by the trojanized Tor Browser.”

Initially, the hackers targeted Russian users and then they decided to target other victims as well. The malicious software is being distributed by forums, according to Tor. The victim is generally redirected to one of two sites. The first site affirms that their software is out of date and they have to change it. This is when the victims get into the second site, in which they can download the fake app.

Read Original/a>
Author: Silvia A

Sucuri Discovers Fake WordPress Plugins Privately Mining Cryptocurrencies

The researchers of Sucuri just discovered a new threat that affects WordPress users. According to them, new malicious plugins for WordPress are appearing at a fast rate. These plugins are exploiting an issue by running the Linux binary code.

They get access to the computer of the person and then mine cryptos illegally. Most of the time, the victims do not even perceive that their computing power is being used until the criminals have already made a considerable amount of money from them. According to Sucuri, the plugins are also used as a way to maintain access to compromised servers, which are used for cryptojacking, too.

Most of the malware disguised as plugins are clones of software that are legitimate. However, a small part of them has been altered in a way that it makes easier for the hackers to invade the computer.

According to Sucuri, the hackers have been using several names for these fake plugins and they keep creating other ones so that more people will be fooled if the prior plugins are discovered. Some examples of plugins that contained malware were updrat123 and initiatorseo.

While all these plugins have different names, all of them are pretty similar to UpdraftPlus, a popular plugin used for backup and restore sites. This happened mainly for two reasons. It is easier to use something that already exists as a base and also to trick people into using it because they may mistake it for another piece of software.

Read Original/a>
Author: Gabriel Machado

New Crypto-Jacking Malware ‘Graboid’ Infects Thousands of Computers to Mine Monero (XMR)

Palo Alto Networks’ Unit 42 researchers discovered a new crypto-jacking malware that infected over 2000 victim’s computers.

The malware infects unsuspecting users’ computers to mine Monero (XMR), a privacy-based cryptocurrency. The crypto-jacking worm, named Graboid, spread using containers in the Docker Engine (Community Edition) to unsecured hosts’ computers.

Docker images spread the crypto-jacking malware

In a new intelligence report by the Unit 42 team, Graboid worm, targets Docker, a Linux and Windows based, platform as a service (PaaS) solution, which allows users to create, develop and deploy applications in a virtual environment.

The platform however is vulnerable to attacks from the newly found malware that on average mined XMR for 250 seconds with the miners active 63% of the time.




1Crypto-jacking malware, Graboid, activity overview. (Source: PaloAlto)

According to the report,

“The attacker compromised an unsecured Docker daemon, ran the malicious Docker container pulled from Docker Hub, downloaded a few scripts and a list of vulnerable hosts from C2 and repeatedly picked the next target to spread the worm.”

After identifying the 2,000+ cases of malicious activity on the Docker Engines (CE), Unit 42 partnered with Docker in a bid to stop the worm from spreading. Jay Chen, Unit 42’s Senior Cloud Vulnerability and Exploit Researcher, hopes tighter security protocols will be set on Docker images to reduce the instances of malware. He said,

“We’re continuing to see instances where the failure to properly configure containers can lead to the loss of sensitive information and as a result, default configurations can be significant security risks for organizations.”

Hike in crypto-jacking activities

In August, BEG reported over 850,000 computers were infected with another crypto-jacking software mining Monero on the users computers. Retadup Monero, was quickly stopped by Paris police officers after a tip off by Avast software security company.

On Oct.8, ESSET, a security firm, also discovered a new crypto-jacking software rampant in South and Latin America spreading on users’ computers. Casbaneiro, or Metamorfo, attacks users cryptocurrency wallets and banking services to reveal personal information.

Read Original/a>
Author: Lujan Odera

Newly Discovered Spyware Uses Telegram Bots to Steal Cryptocurrency from a Number of Wallets

Jupiter Threat Labs recently released a report about a newly discovered commercial spyware called “Masad Clipper and Stealer.” It uses Telegram bots as its command and control (C2) to phish information from Windows and Android users, along with the capability to steal cryptocurrency from unsuspecting victims, while dumping more malware on their devices.

The report discussed various interesting features of the newly discovered malware, however, the main feature that caught the attention of researchers was its ability to send phished data from victims to Telegram bots and then use it as a command hub. They believed this is a twist to the known mechanism of C2 world.

How does malware work?

Masad first sends a Getme to confirm that the bot is still active, and then the malware puts all the poised data of the victims in a zip folder and sends it to the hot. The analyst explained,

“Upon receiving this request, the bot replies with the user object that contains the username of the bot. This username object is useful for identifying possible threat actors related to this malware. This is an important consideration because of the off-the-shelf nature of this malware – multiple parties will be operating Masad Stealer instances for different purposes.”

The researchers noted that there are more than 1000 variants of Masad and 338 unique Telegram C2 bots currently operating in the market. The researcher added further:

“From this data, we can estimate the number of threat actors – or at least the number of different campaigns being run using the Masad Stealer malware – and the size of their operations,”

The research further found out that the malware has the ability to replace crypto wallets from the capability with their own. The researchers explained,

“This malware includes a function that replaces wallets on the clipboard, as soon as it matches a particular configuration. If the clipboard data matches one of the patterns coded into Masad Stealer, the malware replaces the clipboard data with one of the threat actors’ wallets, which are also found in its binary.”

The malware steals a number of cryptocurrency including Bitcoin, DogeCoin, Ethereum, Litecoin, Monero, Neo and several others.

Read Original/a>
Author: James W

New Open-Source Code Vulnerability Was Found and Fixed In Facebook’s Libra

A recently discovered vulnerability on the open-source protocol of Facebook’s Libra was just fixed. The vulnerability was originally discovered by OpenZeppelin, a third-party audit company that is focused on crypto products.

The developers of the company have found some vulnerabilities in the scripting language created by Facebook, which is called Move. According to the company, the vulnerabilities were pretty severe and could lead to huge problems if the code went online before they were addressed.

OpenZeppelin’s CEO Demian Brener affirmed that one of the vulnerabilities allowed hackers to use smart contracts disguised as inline comments and they could use it to steal money. Fortunately, the issues have been patched as soon as possible, so these flaws will never actually see the light of day.

The auditor company was originally created back in 2015 and it has worked with several high-profile initiatives so far, including organizations such as the Ethereum Foundation, Coinbase, and the Brave browser.

The Move script was mostly devised by the developers of Calibra, the company created by Facebook to handle the project. They have defined the most important features of the technology, but since the code is open, anyone can give their opinions on what works or not.

According to Brener, audits are becoming more important to the industry each day. Crypto projects are getting considerably bigger as time passes, so more third-party audits are needed for them to work well, as no team can completely audit them alone.

Libra has a very complex system, just like many other recent tokens. These products will be used to manage a lot of money, so making sure that they work well is needed.

Read Original/a>
Author: Gabriel Machado

Two out of Five Millenials Look At Crypto During A Recession, eToro Survey Discovers

A new survey has discovered that 40% of the Millenials in America would rather invest in crypto assets than any other kind of asset during an upcoming recession. According to the study, which was conducted by eToro with 1,000 online investors in the U. S. recently, Millenials are the most open investors to crypto.

According to the data, two-thirds of the investors are afraid of a recession, but their solutions for how to handle it are different. While 40% of Millenials have chosen crypto, 50% of Generation Z had chosen real estate. Generation X is more inclined to invest in commodities, with 38% of them choosing this kind of asset.

Another trend is that fractional ownership interest has spiked. 92% of the investors affirmed that they would like to own pieces of artwork during a recession while 55% of them were eager to sell a portion of their current portfolios if they could find new investments that could be more profitable than the ones that they have right now.

Finally, the study also concluded that high net worth individuals are more likely to invest in Bitcoin than any other kind of crypto asset, as it is the most famous and powerful one.

The managing director at the company, Guy Hirsch, affirmed that during a recession most portfolios would end up shrinking. The main difference now is that crypto provides a true new path. The investment would not be confined only to people with a high net worth. Retail investors and not only institutional ones could gain money during the recession.

Hirsch also affirmed that current investors want more freedom besides just following the status quo of investments and they see an opportunity in Bitcoin.

Read Original/a>
Author: BEG News Desk

Scammers Attempt To Use The Prime Minister’s Name In Order To Dupe Investors In Singapore

Scammers Attempt To Use The Prime Minister’s Name In Order To Dupe Investors In Singapore

The Monetary Authority of Singapore (MAS), the most important regulator of the country, has recently discovered a new Bitcoin scam. This new scam is using fake claims from the country’s former Prime Minister in order to convince investors to give them their money.

According to the institution, this site invites the users to invest in Bitcoin using an article that is basically fake. The scam attributes fake claims to Goh Chok Tong, which acted as the Prime Minister of Singapore from 1990 to 2004. The regulator has affirmed that all the statements were either taken out of context or completely falsified by the scammers.

The site, named Bitcoin Loophole, presented an article in which the former Prime Minister would “reveal his method to become rich in 7 days”.

It was clearly a fake attempt, but some incautious investors could end up taking the bait because of the image of the Prime Minister. It’s just like those scams in which Elon Musk wants to give you Bitcoin but you gotta give him a few bucks to prove that you are “serious”.

The scam demanded that investors should deposit at least $250 USD on the trading platform to start. The idea was that the service used an automated trading service that would only make winning trades. This was, obviously, another fake claim.

Also, according to the Singapore authority, the scammers asked for credit card details and banking account of the victim, so there may be a secondary scam as part of the move.

This is not even the first time that Bitcoin Loophole tries to use the face of someone famous to dupe investors. Last month, the company used the face of the crown prince of Abu Dhabi in another scam on Facebook, which deleted the post.

Unfortunately, this is why you should be extremely cautious when dealing with this kind of company. Scammers are everywhere and they are ready to take your hard-earned money if you are not careful.

Remember to always avoid companies that promote unreasonable return on investments and to always check with the regulators whether a company is legitimate or not before you make any investment.

Read Original/a>
Author: Gabriel Machado

A Look into Top 50 Crypto Mining Pools from Around the World: China, the US and Hong Kong Leaders


Having discovered the power of mining in numbers, mining pools are increasingly solidifying the place as the backbone of the entire crypto ecosystem. These pools inherited duty-to-fuel transactions, besides now being something of a rubberstamp, guaranteeing absolute credibility.

Mining pools ideally cooperate by unanimously contributing the mining hash power so that they share block rewards. But while the world has countless of these blocks, three countries are wrestling to control the planet’s largest mining pools: China, the US and Russia.

Miners operating in each of the three countries know that beyond the prestige of being the global powerhouse lays the ultimate prize, which, of course, is the block rewards. But it seems there are some even more aggressive mining pools elsewhere.

According to a recent report, which highlighted the planet’s leading 50 mining pools, China and the US already have an unlikely partner in their midst. Based exclusively on the total number of cryptos mined, and effectively, the level of involvement in crypto and Blockchain each of the countries has, the report painted a rather unexpected picture.

Led by Bitcoin with worth of $154 billion in market cap, the best 10 cryptocurrencies mined cumulatively had a market cap of over $0.5 billion. The others on the graph included Ethereum, Litecoin, Bitcoin Cash, ZCash, Bitcoin SV, Dash and Monero respectively.

According to the graph, however, all of the coins had an annual economic value totaling $8.6 billion, with 75% of the economic value created attributed to Bitcoin. Further, total day-to-day mining amounted to $24 million for Bitcoin, Ethereum coming second with about $4 million in contributions.

But perhaps the most unexpected of all data is when it was revealed that China, U.S. and Hong Kong, instead of Russia, controlled a whopping 70% of all top 50 global mining pools. China, being one of the largest economies in the world today, controls about 50% of the entire yearly value generated, even as the government tightens the noose on market leaders.

China couldn’t have topped the list without BTC.com, the planet’s largest mining pool, which generates $3 million in daily economic value. But given the way things are in the country, coupled with the looming fall in the mining sector, it is highly likely that the US will take over and be the heartbeat of mining operations.

Not every player in the crypto industry, however, is happy about it. According to some experts, the downfall of China could finally the industry to stop being decentralized. This, they say, could eventually make transactional costs and trading values prone to manipulations.

From the data, it seems that the upsurge in mining operations, plus the value generated means no good to the industry. In fact, to many in the industry, the impending halving may finally prove to be the key to sustainability in the cryptocurrency platform.

All of Today’s Bitcoin Price Analysis, Chart Forecasts and Industry News

Read Original/a>
Author: Lillian Peter