cyber-news – CyberAngels

One week after Axie Infinity was hacked, hackers cracked another NFT game

admin — Wed, 13 Apr 2022 15:40:36 +0000

The publishers of the play-to-earn blockchain-based video game WonderHero were forced to temporarily shut down all of their services as the value of its tokens dropped catastrophically after an unknown hacker minted the game’s tokens and managed to withdraw about $300,000.

WonderHero representatives confirmed a cyberattack on its crosschain bridge, which allows the transfer of cryptocurrency on one blockchain to another. The attacker managed to get a signature and mint 80 million WND (game cryptocurrency).

According to CoinMarketCap, the value of the WonderHero token (WND) dropped by about 50% after the cyberattack.

WonderHero is an anime-inspired mobile RPG game set in the future. The Earth has been contaminated by the waste of a nuclear war, and the last human civilization is moving to live on a huge space station. Players collect characters, weapons, and items, all from NFT. Players must buy or earn WND cryptocurrency to upgrade characters.

The attack comes just a week after hackers managed to steal more than $600 million in cryptocurrency from the cross-chain bridge of another play-to-earn game, Axie Infinity. With the help of hacked private keys, the attackers faked the withdrawal of funds. They exploited a bridge in the Ronin blockchain network that communicates with the Ethereum-based Axie Infinity, seizing control of most of its validator node, which validates and approves transactions.

As ZenGo IS expert Tal Be’ery explained, the hackers were most likely able to gain access to WonderHero’s private key, which allowed them to mint new tokens. It’s impossible to determine how the attackers got their hands on the private key, but there’s no doubt they got it, Be’ery assured.

“How do we know the private key was stolen? In order to add someone as a ‘checker,’ you need a private key to sign the transaction in question,” the expert explained to Motherboard.

The WonderHero attacker minted tokens for the game and was able to withdraw about $300,000.

Online banking malware intercepts support calls

admin — Wed, 13 Apr 2022 15:26:50 +0000

Fakecalls mimics the mobile apps of popular Korean banks, including KB (Kookmin Bank) and KakaoBank.

Cybersecurity researchers from Kaspersky Lab told about a banking Trojan called Fakecalls. In addition to the usual spy features, it has an interesting ability to “talk” to the victim, imitating communication with a bank employee.

When installed, the Trojan requests a number of permissions, including access to contacts, microphone and camera, geolocation, call processing, etc.

Unlike other banking Trojans, Fakecall can mimic phone calls to customer service. If the victim calls the bank’s hotline, the Trojan discreetly breaks the connection and opens its fake call screen instead of the normal call app. While the user suspects nothing, the attackers take control of the situation.

The only thing the Trojan can give away is a fake call screen. Fakecalls has only one interface language – Korean. This means that if a different system language is selected on the phone, the victim is likely to smell trouble.

After the call is hijacked, two scenarios are possible. In the first, Fakecalls connects the victim directly to cybercriminals, since the app has permission to make outgoing calls. In the second case, the Trojan plays a pre-recorded sound that imitates the standard bank greeting. The attackers recorded several phrases in Korean, usually uttered by employees of a voicemail or call center. The scammers, disguised as a bank employee, may try to lure payment information or other sensitive information from the victim.

In addition to outgoing calls, Fakecalls can also spoof incoming calls. When attackers want to contact the victim, the Trojan displays its screen over the system screen. As a result the user sees not the real number used by cybercriminals but the one shown by the malicious program, e.g. the bank support phone number.

Fakecalls imitates mobile applications of popular Korean banks, including KB (Kookmin Bank) and KakaoBank. In addition to familiar logos, the creators of the Trojan display Fakecalls the support numbers of corresponding banks. The phone numbers appear to be real (one of the numbers can be found on the main page of the official site of KakaoBank).

The world’s largest hacker forum for trading stolen databases shut down

admin — Wed, 13 Apr 2022 15:19:42 +0000

The U.S. authorities blocked the work of RaidForums. That’s what the U.S. Justice Department said in a statement on Tuesday. The site was shut down by law enforcement agencies in the United States, the United Kingdom, Sweden, Portugal and Romania during Operation TOURNIQUET, coordinated by Europol.

U.S. and European authorities blocked RaidForums, “one of the world’s largest hacker forums,” where stolen data was being traded online, its administrator faces charges. According to the prosecution, RaidForums was “a known marketplace for cybercriminals to sell and buy data obtained through hacking.”

U.S. authorities charged the forum’s founder and chief administrator, 21-year-old Diego Santos Coelho of Portugal. He was detained on January 31 in Britain at the request of the U.S. side. The U.S. Department of Justice is seeking his extradition, after which he will appear in the U.S. District Court for the Eastern District of Virginia. Coelho is charged with six counts, including conspiracy, obtaining access to devices fraudulently and aggravated identity theft in connection with his alleged role as chief administrator of RaidForums from Jan. 1, 2015, through Jan. 31, 2022. In doing so, the defendant and his possible accomplices, according to investigators, designed and administered the software and computer infrastructure of said platform, established rules for users, and advertised RaidForums’ illegal services.

The department said it had received court approval to seize three different domain names hosting the RaidForums website: raidforums.com, Rf.ws and Raid.lol.

According to the U.S. Justice Department, RaidForums had previously been used to sell “hundreds of databases” containing stolen information. The site sold stolen bank account access information, credit card information, login credentials and Social Security numbers.

The RaidForums marketplace, according to the U.S. Department of Justice, had hundreds of pieces of information containing more than 10 billion credentials of individuals living in the United States and other countries.

In addition to illegal data trafficking, back when the forum was founded in 2015, RaidForum served as a platform to organize and support online bullying in the form of suppressing victims’ communication devices by transmitting an overwhelming flow of data or the practice of falsely notifying law enforcement of alleged situations requiring immediate significant or even armed intervention by such agencies.

RaidForums had over 530,000 registered users