Tag Archive for: cryptocurrency

Cryptocurrency Scammers Exploit ChatGPT-Powered Botnet on Social Platform X

/in


Source: Adobe / safriibrahim

A recent investigation by researchers at Indiana University Bloomington has unveiled the use of a botnet powered by ChatGPT, a sophisticated AI language model developed by OpenAI, to promote cryptocurrency scams on X (formerly known as Twitter).

The botnet – dubbed Fox8 due to its connection with crypto-related websites – was composed of 1,140 accounts that utilized ChatGPT to generate and post content as well as engage with other posts. The auto-generated content aimed to entice unsuspecting users into clicking on links that led to crypto-hyping websites.

The researchers detected the botnet’s activity by identifying a specific phrase, “As an AI language model…,” which ChatGPT occasionally uses in response to certain prompts.

This led them to manually scrutinize accounts they suspected were operated by bots. Despite the relatively unsophisticated methods employed by the Fox8 botnet, it managed to publish seemingly convincing messages endorsing cryptocurrency sites, illustrating the ease with which AI can be harnessed for scams.

Micah Musser, an expert in AI-driven disinformation, believes that this discovery might only scratch the surface of a larger issue, given the popularity of large language models and chatbots.

“This is the low-hanging fruit,” Musser said in an interview with WIRED. “It is very, very likely that for every one campaign you find, there are many others doing more sophisticated things.”

OpenAI’s usage policy explicitly prohibits the use of its AI models for scams and disinformation. Researchers stress the challenge of identifying such botnets when they are effectively configured, as they could evade detection and manipulate algorithms to spread disinformation more effectively.

Filippo Menczer, a professor spearheading the University’s research into Fox8, said they only noticed the botnet because the scammers were sloppy. “Any pretty-good bad guys would not make that mistake,” he stated.

Spam Bots On X

Spam bots have long plagued the online crypto community, and are a common grievance among influencers within the space. Such bots are…

Source…

Gozi strikes again, targeting banks, cryptocurrency and more

/in


ttps://securityintelligence.com/posts/gozi-strikes-again-targeting-banks-cryptocurrency-and-more/”http://www.w3.org/TR/REC-html40/loose.dtd”>

In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest.

Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms, recognizing the lucrative nature of these sectors.

The history of Gozi

In 2006, a Russian developer named Nikita Kurmin created the first version of Gozi CRM. While developing the malware, Kurmin borrowed code from another spyware called Ursnif, also known as Snifula, developed by Alexey Ivanov around 2000. As a result, Gozi v1.0 featured a formgrabber module and was often classified as Ursnif/Snifula due to the shared codebase. With these capabilities, Gozi CRM quickly gained attention in the cybercriminal community.

In September 2010, a significant event occurred that would shape the future of Gozi. The source code of a specific Gozi CRM dynamic link library (DLL) version was leaked, exposing its inner workings to the wider world. This leak had far-reaching consequences, as it enabled the creation of new malware strains that leveraged Gozi’s codebase.

In June 2023, Mihai Ionut Paunescu, a Romanian hacker, was sentenced to three years in U.S. federal prison for his role in running a “bulletproof hosting” service called PowerHost[.]ro. This service aided cybercriminals in distributing various malware strains, including Gozi Virus, Zeus Trojan, SpyEye Trojan and BlackEnergy malware.

New Gozi campaigns aim high

Cryptocurrency companies are an attractive target, and the latest iteration of Gozi has brought new elements to its modus operandi. Notably, it is now spreading across Asia, broadening its reach beyond its previous target regions. 

A key weapon in Gozi’s arsenal is the use of web injects. These…

Source…

Infamous British Hacker ‘PlugwalkJoe’ Receives Five-Year US Prison Sentence for Cryptocurrency Theft

/in


Join Our Telegram channel to stay up to date on breaking news coverage

In a groundbreaking ruling, British hacker Joseph O’Connor, known as PlugwalkJoe in the online world, has been handed a five-year prison sentence in the United States.

Notorious British Hacker Sentenced to Five Years in US Prison for Cryptocurrency Theft

British hacker Joseph O’Connor, who is famously recognized as PlugwalkJoe in the digital realm, has received a significant five-year prison sentence in the United States. Following his arrest in Spain in July 2021, O’Connor was subsequently extradited to the US on April 26, 2023. His guilty plea in May encompassed various charges related to computer intrusions, wire fraud, and money laundering conspiracies.

The announcement of O’Connor’s sentencing was disclosed by the US Attorney’s Office for the Southern District of New York on June 23.

According to the statement, O’Connor has not been named, but it confirms that he gained unauthorized access to the accounts and computing systems of the exchange where the targeted executive worked by employing a SIM-swapping technique.

The court’s ruling includes not only the prison term but also a three-year period of supervised release. Additionally, O’Connor has been ordered to forfeit the exact amount he pilfered, which totals $794,012.64.

Furthermore, O’Connor’s criminal activities extend beyond the aforementioned SIM swap attack. He and his accomplices orchestrated the high-profile Twitter hack in July 2020, which netted them approximately $120,000 in stolen cryptocurrency.

The Twitter hack involved the deployment of social engineering techniques and SIM-swapping attacks, enabling O’Connor and his associates to seize control of around 130 prominent Twitter accounts.

Other Illegal Activities

In addition to their activities on Twitter, the group of cybercriminals also gained unauthorized access to two prominent accounts on TikTok and Snapchat. Exploiting their scheme, they deceived unsuspecting Twitter users and profited by selling access to compromised accounts.

One notable incident involved O’Connor attempting to blackmail a Snapchat victim by threatening to release private messages…

Source…

3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms

/in


More information has come to light on the recent 3CX supply chain attack, which appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency companies.

Cybersecurity firm Kaspersky has conducted its own analysis of the incident and found links to attacks observed by the company back in 2020. 

Those attacks involved a backdoor dubbed Gopuram, which had been spotted on systems belonging to a Southeast Asian cryptocurrency firm. Gopuram was present at the time on compromised devices alongside AppleJeus, malware linked to North Korea’s Lazarus group.

Kaspersky has seen only few Gopuram infections since 2020, but there was a surge in March 2023 and an analysis revealed that the surge was a result of the 3CX supply chain attack. The hackers behind the 3CX attack likely delivered the Gopuram malware to victims that were deemed of interest.

According to Kaspersky, Gopuram was deployed on less than 10 devices as part of the 3CX attack, mainly belonging to cryptocurrency companies, which suggests that the operation was aimed at this sector. 

This would not be surprising considering that North Korean state-sponsored hackers have been known to steal significant amounts of cryptocurrency. UN experts said recently that last year they stole between $630 million and more than $1 billion worth of virtual assets. Cryptocurrency is used by Pyongyang to fund its national priorities and objectives, including cyber operations.

Kaspersky’s investigation further points to North Korean government-backed hackers being behind the 3CX attack, after companies such as CrowdStrike and Sophos also found links to the Lazarus group. 

3CX says its business communication products are used by 600,000 companies worldwide, including major brands. The malware distributed through 3CX may have been pushed to thousands of companies, but the hackers were not interested in all of these companies. Instead, based on Kaspersky’s data, they were looking for cryptocurrency companies to which they could deliver the full-fledged Gopuram backdoor, which the security firm believes is the main implant and the final payload in the attack chain.

Fortinet and BlackBerry previously reported

Source…