Last Week In Blockchain and Cybersecurity News – December 3, 2019

Data of 21 Million Mixcloud Users up for Sale on the Dark Web

Online music streaming service Mixcloud confirmed last Saturday that it had experienced a data breach affecting 21 million users. And the hacker behind the breach has contacted several journalists, providing data samples to prove its legitimacy.

The stolen data includes usernames, email addresses, hashed passwords, registration dates, IP addresses, and more. Mixcloud has stated that the hashed passwords should remain safe as they are salted and encrypted using SHA256; however, they have advised users to reset their passwords for additional protection.

The person(s) behind the breach goes by the name A_W_S and has previously worked with other hackers such as Gnosticplaters. A_W_S has also claimed to be responsible for data breaches involving Vanva, Chegg, StockX, PromoFarma, and more. According to ZDNet, the data for the previous breaches were put on sale earlier this year. And the stolen Mixcloud data is currently being advertised on the dark web for $2,000.

ZDNet

ZDNet

 Read more here

Europol Shuts Down ‘Imminent Monitor’ RAT Operations with 13 Arrests

Imminent Monitor, a remote administration framework used by cybercriminals, was shut down by a coordinated international law enforcement operation. According to Europol, both buyers and sellers of the Imminent Monitor Remote Access Trojan (IM-RAT) were targeted during the operation. Over 14,500 individuals have bought the IM-RAT, and it’s been used to attack victims throughout 124 countries.

High-ranking customers of the IM-RAT were also arrested throughout the operation. These arrests were conducted throughout Australia, Colombia, Czechia, the Netherlands, Poland, Spain, Sweden, and the United Kingdom. According to TheHackerNews, the IM-RAT allows full control over the victims’ devices, allowing the malicious actor to conduct these actions:

  • record keystrokes,

  • steal data and passwords from browsers,

  • spy on victims via their webcams,

  • download/execute files,

  • disable anti-virus and anti-malware software,

  • terminate running processes,

  • perform dozens of other actions.

The trojan itself costs as little as $25 with lifetime access, making a cheap and accessible weapon to those who want to carry out malicious attacks.

You can find Europol’s press release here.

Read more here

Upbit Cryptocurrency Exchange Hacked, $48.5 Million Worth of ETH Stolen

Upbit, a South Korean cryptocurrency exchange, has disclosed a security breach resulting in the theft of $48.5 million worth of cryptocurrency from its hot wallets. Malicious actors were able to siphon 342,000 ETH, further establishing the importance of minimizing the use of hot wallets to store large sums of cryptocurrency. The cryptocurrency has been transferred to a wallet – 0xa09871AEadF4994Ca12f5c0b6056BBd1d343c029.

Upbit states that the exchange will cover the stolen funds, and it will restore regular operations in a few weeks. As a security precaution, all funds that are currently in its hot wallets have been transferred to a cold wallet.

Some users are suspicious of the incident, stating that the theft of the funds is due to an exit scam or inside job.

Get more information here

Adobe Magento Marketplace Exposes User Info in Data Breach

Magento Marketplace, a repository that provides free and paid extensions/themes for the e-commerce platform, has been breached, resulting in the theft of account information. Last year, Adobe acquired Magento for $1.68 billion.

Data from the breach includes names, emails, MageIDs, billing and shipping addresses, and phone numbers. According to BleepingComputer, other compromised information includes the percentages of payments to developers.

Magento explains that a vulnerability within the platform allowed an unauthorized third party to gain access to their system; however, the vulnerability was identified and quickly fixed.

Read more here

Dexphot Malware Hijacks 80K+ Devices to Mine Cryptocurrency

Dexphot has utilized a complex attack chain combined with antivirus evasion techniques to infect more than 80,000 devices. Once a device is infected, the malware siphons its CPU power to mine cryptocurrency. To evade security solutions, Dexphot implements “layers of obfuscation, encryption and randomized file names to hide its installation process.”

The malware also contains a script that monitors services and checks the status of the malicious processes running on the victims’ computers. If one process is interrupted, others will continue to run, adding redundancy to the malware attack.

Microsoft’s Defender ATP Research Team has released a blog post describing the malware. You can find it here.

Read more here

Leave a Reply

Your email address will not be published. Required fields are marked *