Hacked cryptosmers, fools against WhatsApp and other cybersecurity events

We have collected the most important news from the world of cybersecurity in a week.

• Durov announced the full access of hackers to the content of phones through WhatsApp.
• Cryptocurrency scams became victims of Water Labbu crackers.
• Hundreds of Microsoft SQL servers attacked Backdor Maggie.
• DNS retailer confirmed the leakage of personal customer data.

Durov announced the full access of hackers to the content of phones through WhatsApp

The founder of Telegram Pavel Durov warned users of the WhatsApp messenger about the potential access of hackers to the contents of their phones.

According to him, this became possible due to the security problem discovered by WhatsApp developers last week. She allowed hackers to launch the remote code, sending the victim a malicious video or starting a video call in the application.

Durov emphasized that the update of WhatsApp to the latest version does not solve the problem, since the developers have found similar vulnerabilities regularly since 2017. Until 2016, there was no encryption at all in the messenger.

“Every year we learn about some problem in WhatsApp, which jeopardizes all user devices. This means that almost certainly there is already a new gap in the security system. Such problems are unlikely to be random – they are laid backdors, ”Durov wrote.

The founder of Telegram recommended refusing to use WhatsApp, which, according to him, “is already 13 years old, is a surveillance tool”.

At the same time, the META Corporation sued several Chinese companies for the development and alleged use of “unofficial” WhatsApp for Android for theft of more than a million accounts since May 2022.

DNS retailer confirmed the leakage of personal customer data

On October 1, the Telegram channel “Information leaks” found in the public domain a partial dump with 16.5 million records with data from customers of the DNS household appliances and electronics chain.

• name and surname (not for everyone);
• email address (7.7 million unique addresses);
• phone number (11.4 million unique numbers);
• Username.

Partial dump was received no earlier than September 19. Its source is the author of the September drain of the database of customers of the online store “Online Trade.RU”.

In addition, in the public domain there is another DNS SQL DAMP of June 12, 2008. It can be found in it, among other things, user hash passwords.

October 2, DNS confirmed the leak of personal data of customers and employees. The company did not reveal the number of victims and the nature of the information that fell into open access, specifying only that passwords and bank cards were not affected.

“Hacking was produced from servers located outside of Russia. We have already found gaps in protecting our information infrastructure and are working to strengthen information security in the company, ”added to DNS.

Now the retailer is conducting an investigation and eliminates the consequences of the attack.

Hundreds of Microsoft SQL servers attacked Backdor Maggie

DCSO Cytec security researchers have discovered a new Maggie Malvar aimed at Microsoft SQL servers.

In OUR LATEST BLOG Post, We Analyze ‘Maggie’, A Novel Backdoor for Mssql Servers, Implemented As an Extended Stored Procedure and Only Controlled US.https: // t.CO/A6SQ3LLHPE

– DCSO CYTEC (@Dcso_cyTec) October 4, 2022

She has already infected hundreds of cars in South Korea, India, Vietnam, China, Russia, Thailand, Germany and the USA.

Backdor disguises itself for Extnded Stored Procedure Dll (SQLMaggieantivirus_64.DLL) with digital signature of DeepSoft Co. Ltd, which, apparently, is based in South Korea.

Hackers manage Maggie using SQL requesting, allowing it to call system information, run programs, interact with files and folders, turn on the remote desktop services, start the SOCKS5 proxy server and configure port forwarding.

Malfur is also able to brush up the administrator’s accounting data to penetrate other Microsoft SQL servers.

Malvar has a simple TCP redirect function, which helps attackers connect to any IP address available to MS-SQL infected server.

It is currently unclear how hackers use Maggie after infection, how Malvar is introduced on servers, and who is behind these attacks.

Cryptocurrency scams became victims of Water Labbu crackers

Water Labbu hacker group hacked the sites of cryptocurrency benches and abducted the means of their victims. This was reported by Trend Micro experts.

In July, the FBI warned of fraudulent Dapps, which steal cryptocurrencies under the guise of liquidity mining. Water Labbu introduces malicious scripts on such sites. They track recently connected Tether and Ethereum-pickers with a balance above 22,000 USDT or 0.005 ETH, respectively.

If the victim uses a mobile device, the script proposes to confirm the transaction through the website of the decentralized application, creating the impression that it came from the most fraudulent resource. If the request is approved, all funds come to the address of Water Labbu operators.

For Windows users, hacked sites display a fake notice of the need to update Flash Player. Such a “installer” is actually a backdor loaded directly from GitHub.

According to Trend Micro, the profit received by Water Labbu is at least $ 316,728 based on records of transactions of nine identified victims.

Australia police arrested the teenager who decided to earn on the hack

The Australian Federal Police (AFP) arrested a 19-year-old resident of Sydney on charges of using the data of OPTUS operator for extortion.

According to the agency, the teenager sent SMS to the Optus September hacking from September for two days to pay 2000 Australian dollars ($ 1300). Otherwise, he threatened to sell their personal data to other hackers.

To get a ransom, the fraudster used an account with Commonwealth Bank of Australia. The bank provided the police with information about the holder.

AFP claims that the arrested young man allegedly sent messages to 93 customers Optus, whose data hacker published on the Internet forum. However, none of them paid the ransom.

A teenager is accused of blackmail and unlawful use of identification data. He faces up to 17 years in prison.

Hackers are still not established for Optus hacking, the investigation continues.

Experts established the connection of the organizers of the hacker attacks on 35 countries with special services

An unnamed elite Chinese group related to special services intensified the theft of confidential data of companies and state institutions around the world. This was written by CNN with reference to the study of the consulting company PricewaterhouseCoopers (PWC).

Attackers explore the networks in search of information about foreign or trade policy, but also use cryptocurrency fraud. The group is called the most active and influential of all that PWC tracks.

According to experts, during 2022, hackers attacked organizations in at least 35 countries. In the United States, government agencies, technological companies and developers in the United States were. Analysts did not specify the details about the injured.

PWC researcher Chris MacConki previously revealed the grouping campaign, determining the estimated whereabouts of hackers from China, Iran and other countries.

Another expert Adam Kozi, who followed the Chinese hackers in the FBI from 2011 to 2013, said that officers of the People’s Liberation Army of the PRC conducted cyber attacks on Taiwan. He emphasized that this is the main area of ​​China in disinformation.

Also on FORKLOG:

• Transit SWAP decentralized exchange lost $ 21 million as a result of a hacker attack.
• Transit Swap cracker sent assets at Tornado Cash.
• The Discord server of the artist Beeple was subjected to a phishing attack.
• Elliptic: more than $ 4 billion in cryptocurrencies washed through DEX and cross-car.
• In the third https://gagarin.news/news/metaverse-welcomes-an-nba-star-steph-curry-to-create-curryverse/ quarter, the crypto industry lost $ 428 million from hacks and scam.
• The ZCash network was spam-atac.
• The BNB Chain team restored the network after hacking by $ 100 million.
• Celsius Network revealed detailed data on user transactions.

What to read on the weekend?

In this popular material, we tell how to read blocked resources and stay in touch with loved ones even after a complete disconnection of the Internet.

Read the FORKLOG Bitcoin News in our Telegram-cryptocurrency news, courses and analytics.