Tag Archive for: Exchanges

Godfather Android Malware Targets 400+ Banks and Crypto Exchanges


This site may earn affiliate commissions from the links on this page. Terms of use.

After fading away for several months, the newly prevalent Godfather Android malware is back with a vengeance, targeting more than 400 international financial firms. The trojan generates fake login pages to harvest customer login details, and that’s just the start. Godfather also mimics Google’s pre-installed security tools in an attempt to gain full control over devices.

Godfather was discovered by malware analytics firm Group I-B, with the first samples appearing in June 2021. It is believed this malware grew out of another popular bank hacker known as Anubis. Godfather circulated at low levels until June 2022, when it vanished. It appears the operators were simply preparing a new version. Godfather was back with a vengeance in September of this year, targeting a whopping 400 financial companies: 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchanges.

When installed on a device, Godfather will generate fake login pages, which it can use to get usernames and passwords. Many banks and crypto firms have additional login requirements, and that’s where Godfather’s other mechanisms come in handy. After installation, the malware masquerades as a Google Play Protect alert. Thinking this is a legitimate popup from Android’s default security suite, some users will grant the malware accessibility control. At that point, Godfather can record the screen, read SMS, fire off fake notifications, make calls, and more — everything you need to compromise a bank account or crypto vault.

Godfather’s fake Play Protect popup.

The malware appears to be spreading via decoy apps in the Play Store. Group I-B has not determined who created and profits from Godfather, but it heavily suspects that they are Russian speakers. There’s a kill switch in the malware that checks the OS language setting. If it finds the default language is one of those spoken in former Soviet states (other than Ukrainian), it will shut down instead of stealing data. It’s not exactly a smoking gun, but it’s pretty suspicious.

After evaluating Telegram channels, Group I-B believes that Godfather is an example of…

Source…

Long Island Man’s Bitcoin In Limbo As Hackers Target Cryptocurrency Exchanges


NEW YORK (CBSNewYork) — Hackers are now targeting cryptocurrency exchanges like Coinbase and leaving investors without access to their bitcoin.

Loading...

Load Error

As the interest in cryptocurrency continues to climb, the safety and security of investment apps are being called into question.

CBS2’s Natalie Duddridge spoke to a Long Island man whose bitcoin is now in limbo.

“I do believe my account was hacked. It had to be,” Frank Pinto said.

Pinto started investing in bitcoin in 2017.

He used an app called Coinbase, which is like a stock exchange for cryptocurrency.

A few months ago, he tried to log in and got an alert instead saying, “Sorry, account temporarily disabled. Please contact support.”

He tried, but Coinbase has no phone support, so he emailed dozens of times. They finally responded saying: “You will receive a response from the customer complaints officer within 15 business days.”

Pinto then got a call from someone claiming to be from Coinbase and allowed them remote access to his computer. He later learned it was hacker.

“So they were … taking all these steps that you think are legitimate. At some point through that remote access, they said to me, ‘You should log into your bank account since it’s associated with your Coinbase account,’” Pinto said. “And that’s when I hit panic mode and said, no, no, this is definitely a b.s. call.”

But it was too late. Pinto says a hacker managed to drain hundreds of dollars from his regular bank account, which was eventually returned to him. But he still can’t get access to his Coinbase account, which is frozen with more than $20,000.

Duddridge spoke to tech expert Ian Marlow, with FitechGelb.

“Is Coinbase and other crypto exchanges, are they safe to use?” she asked.

“I think the jury is obviously out on that. It’s exciting … Legal has to catch up to technology,” Marlow said. “People then will start to look at situations like this and say regulation will become important.”

Until then, Marlow says the onus is on consumers to understand the risks associated with investing in unregulated assets.

“Would you use Coinbase again after this?” Duddridge asked Pinto.

“I’m not…

Source…

The perils of suing crypto exchanges after ransomware attacks


In October 2019, unknown hackers infiltrated a Canadian insurance company by installing the malware BitPaymer, which encrypted the firm’s data and IT systems. The hackers demanded a ransom of $1.2 million be paid in Bitcoin (BTC) in return for the decryption software needed for the firm to regain access to its systems. 

The firm’s United Kingdom-based insurer — known only as AA — arranged to pay the BTC ransom, and the firm’s systems were back up and running within a few days. Meanwhile, AA started the process of seeking legal avenues to recover the BTC obtained by the hackers. It engaged the blockchain investigations firm Chainalysis, whose investigations revealed that 96 of the 109.25 BTC paid had been transferred to a wallet linked to the Bitfinex exchange.

So far, this story is (unfortunately) far from unusual. Bitcoin accounts for the vast majority of ransomware payments due to its anonymity, accessibility (making it easier for victims to pay the ransom) and verifiability of transactions (allowing criminals to confirm once payment has been made). What is unusual about this story, however, is that it sparked a 14-month-long legal battle between AA and Bitfinex, one that only recently concluded after AA discontinued its claim against Bitfinex in the U.K. High Court.

Having traced the stolen BTC to Bitfinex’s platform — and with the identity of the hackers still unknown — AA started its litigation against Bitfinex in December 2019. Again, this is not unusual: U.K. courts have a wide range of remedies at their disposal to assist victims of fraud in trying to recover their assets. In instances where banks, exchanges or other intermediaries may find themselves unknowingly receiving or holding misappropriated or stolen assets, victims of fraud have been able to rely on:

  • Norwich Pharmacal orders, which require a third party to disclose certain information to the applicant that will assist in recovery efforts. In this context, the information would be the identity of the wallet holder to which the BTC was traced, and/or details of any other transactions involving the BTC since receipt by the wallet linked with the exchange.
  • Freezing orders that prevent defendant…

Source…

Bitcoin exchanges buckle under strain of phantom transactions

Bitcoincharts.com

Mt. Gox, Bitstamp, and other Bitcoin exchanges have temporarily suspended withdrawal transactions after coming under a form of a denial-of-service attack that abuses weaknesses in the way they keep track of fund balances, a security expert said.

The attacks don’t have any permanent effect on the central accounting mechanism for the digital currency, but they are likely the driving force behind a sharp decline in the bitcoin-to-dollar exchange rate over the past 48 hours. Since the attacks began on Monday, the price of one bitcoin on Mt. Gox has fallen from just below $ 700 to well below $ 540 at one point. It has see-sawed ever since and was at about $ 580 as this report was being prepared. Other exchanges showed similar fluctuations.

Andreas M. Antonopoulos, chief security officer of digital wallet developer Blockchain, said the attacks work by flooding exchanges with a large number of malformed transactions that are similar, but not identical, to legitimate transactions that were already made. Exchanges that trust one or more of the fake records instead of the entries in the official Bitcoin blockchain quickly fall out of sync with the rest of the network and must recalculate their fund balances once the mistakes become apparent. Malformed transactions aren’t necessarily new, but over the past 48 hours their numbers have mushroomed, causing logjams that have prevented some exchanges from being able to process withdrawal requests.

Read 7 remaining paragraphs | Comments


    




Ars Technica » Technology Lab