Search This Blog

Showing posts with label Crypto Hacking. Show all posts

Mattress Company Hit by a Magecart Attack, Suffers Data Breach

Emma Sleep Company confirmed that it was hit by a Magecart attack which allowed hackers to steal customer's credit card and debit card data from the company website. The customers were told about the attack via emails last week. The company mentioned "subject to a cyberattack leading to the theft of personal data" but didn't specify in the message the date of breach incident. The attack was sophisticated, targeting checkout process of the company website and stealing personal information, including credit card data, whether the customer made a purchase doesn't matter. 

It is believed to be a Magecart attack, as suggested by the Adobe Magento e-commerce platform. "Currently there is "no evidence" personal or payment data has been abused in the wild, the company said to customers in the email. Nevertheless, it advised them to contact their banks or credit card provider and "follow their advice," and check for unusual or suspicious activity," reports The Register. The Magecart attack has affected customers across 12 countries, associated with a malicious code that was attached to checkout pages that skimmed card data from a user's browser. 

The attack was targeted, and the hacker made copy-cat URLs according to the needs. According to the mattress company, it is positive that the digital platforms were upto date with the latest security fixes. In a famous Magecart attack that happened in 2018 where it exposed 40 million British Airways customers' data (it was fined €20m for the act), it used shady skimming techniques to extract credit cards and debit cards credentials. The hackers get access to the site either via third-party apps or directly, and deploy malicious JavaScript which is responsible for stealing the information. 

The company admits that the security measures had been implemented in an effective way, in accordance with the Javascript code implementation and dynamically loaded from the hacker's server and via highly advanced escape techniques to evade detection, and also plan out countermeasures to avoid analysis. Hence, the technology that kept track of scripts in the web pages couldn't identify it. 

"In February this year, Adobe issued two out-of-bounds patches in a single week when critical security bugs affecting its Magento/Adobe Commerce product emerged, with the vendor warning the vulns were being actively exploited," reports the Register.

New Golang Botnet Drains Windows Users’ Cryptocurrency Wallets

 

A new Golang-based botnet has been ensnaring hundreds of Windows PCs, each time its operators launch a new command and control (C2) server. This previously undiscovered botnet, dubbed Kraken by ZeroFox researchers in October 2021, utilizes the SmokeLoader backdoor and malware downloader to proliferate to new Windows systems. 

The botnet adds a new Registry key after compromising a new Windows device in order to accomplish persistence across system restarts. It also includes a Microsoft Defender exclusion to assure that its installation directory is never examined, and use the hidden attribute to hide its binary in Window Explorer. 

Kraken has a basic feature set that allows attackers to download and run additional malicious payloads on infected devices, such as the RedLine Stealer malware. RedLine is the most extensively used data thief, capable of gathering victims' passwords, browser cookies, credit card information, and cryptocurrency wallet information. 

ZeroFox stated, "Monitoring commands sent to Kraken victims from October 2021 through December 2021 revealed that the operator had focused entirely on pushing information stealers – specifically RedLine Stealer. It is currently unknown what the operator intends to do with the stolen credentials that have been collected or what the end goal is for creating this new botnet." 

The botnet, however, has built-in data-stealing skills and can steal cryptocurrency wallets before dropping other data thieves and cryptocurrency miners. Kraken can steal information from Zcash, Armory, Bytecoin, Electrum, Ethereum, Exodus, Guarda, Atomic, and Jaxx Liberty crypto wallets, according to ZeroFox. This botnet appears to be adding almost USD 3,000 to its masters' wallets every month, according to data obtained from the Ethermine cryptocurrency mining pool. 

The researchers added, "While in development, Kraken C2s seem to disappear often. ZeroFox has observed dwindling activity for a server on multiple occasions, only for another to appear a short time later using either a new port or a completely new IP."

Regardless, "by using SmokeLoader to spread, Kraken quickly gains hundreds of new bots each time the operator changes the C2."

Hackers Steal Around $320M+ from Crypto Firm Wormhole

 

A threat actor abused a vulnerability in the Wormhole cryptocurrency platform to steal $322 million worth of Ether currency. 

Wormhole Portal, a web-based application—also known as a blockchain "bridge"—that enables users to change one type of bitcoin into another, was the target of the attack earlier. Bridge portals transform an input cryptocurrency into a temporary internal token, which they then turn into the user's preferred output cryptocurrency using "smart contracts" on the Ethereum blockchain. 

The attacker is suspected to have taken advantage of this method to deceive the Wormhole project into releasing significantly more Ether (ETH) and Solana (SOL) tokens than they originally provided. The attacker allegedly stole crypto-assets worth $322.8 million at the time of the attack, according to reports. As per reports, the attacker acquired crypto-assets worth $322.8 million at the time of the incident, which have since depreciated to $294 million due to price swings since the breach became public. 

While a Wormhole official is yet to respond to a request for comment on today's incident. The firm verified the incident on Twitter and put its site on maintenance while it investigates. The Wormhole attack is part of a recent pattern of abusing [blockchain] bridges, according to Tal Be'ery, CTO of bitcoin wallet app ZenGo who informed The Record about the Wormhole Attack. 

A hacker stole $80 million from Qubit Finance just a week ago, in a similar attack against another blockchain bridge. As per data compiled by the DeFiYield project, if Wormhole officially acknowledges the number of stolen funds, the incident will likely become the biggest hack of a cryptocurrency platform so far this year, and the second-largest hack of a decentralised finance (DeFi) platform of all time. 

Wormhole offered a $10 million "bug bounty" to a hacker. Be'ery pointed out that, similar to the Qubit hack, Wormhole is now appealing to the attacker to return the stolen funds in return for a $10 million reward and a "whitehat contract," which indicates that the platform will most likely not file any criminal complaints against the attacker. 

As per Wormhole's most recent Twitter update, posted on Thursday, February 3, the vulnerability has been fixed. However, as one former Uber executive discovered, such contracts exonerating hackers are illegal in some areas, and authorities may still investigate the hacker.


Hackers Hit 483 Users in Crypto.com Attack That Witnessed $31M+ Coins Withdrawn

 

Crypto.com has issued an official remark on the situation that saw it halt its users' ability to withdraw money after hinting at final numbers earlier in the week. Unauthorized bitcoin withdrawals on 483 individuals' accounts were reported by the firm on Monday.

The company stated, "In the majority of cases we prevented the unauthorized withdrawal, and in all other cases customers were fully reimbursed. Unauthorised withdrawals totalled 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies." 

The value of ether was just shy of $14 million at the time of writing, whereas the fiat worth of bitcoin was just over $17 million. Overall, depending on the unpredictable cryptocurrency pricing on any given day, the entire sum may be approximately $31 million. Users' two-factor authentication was not used, according to Crypto.com, which noticed transactions early Monday morning UTC. 

"Crypto.com revoked all customer 2FA tokens and added additional security hardening measures, which required all customers to re-login and set up their 2FA token to ensure only authorized activity would occur. Downtime of the withdrawal infrastructure was approximately 14 hours," it stated.

"In an abundance of caution, we revamped and migrated to a completely new 2FA infrastructure." 

The company also announced a new policy requiring customers to wait 24 hours before withdrawing funds to a whitelisted address, as well as a scheme that will reimburse consumers up to $250,000 if unauthorised withdrawals are made and certain requirements are fulfilled. 

Users must employ multi-factor authentication on all transactions when possible, set an anti-phishing code at least 21 days before the unauthorised withdrawal, make a police report and send a copy to the corporation, and undertake a "questionnaire to facilitate a forensic investigation," among other terms. 

"Terms and conditions may vary by market according to local regulations. Crypto.com will make the final determination of eligibility requirements and approval of claims," the company said.