Posted on

Israeli Citizen Accused of Stealing Over $1.7 Million in Crypto

A Tel Aviv resident has been arrested and accused of international phishing fraud, using a collection of websites to steal cryptocurrencies.

Eliyahu Gigi, a 31-year-old from Tel Aviv, has been charged with stealing over $1.7 billion in a variety of cryptocurrencies. Gigi allegedly stole BTC, Ethereum, and Dash from users in the Netherlands, Belgium, and Germany. 

Lawyer Yeela Harel of the cyber department in the State Attorney’s Office filed charges against Gigi on July 17, according to a report published the same day by Globes. Gigi has reportedly been charged with crimes including theft, fraud, and money laundering, among others.

According to the report, Harel’s indictment claims that Gigi set up a network of scam websites to steal crypto through the use of malware. He is accused of using a number of methods to cover his tracks, including employing remote servers and shuffling the stolen funds around through different wallets. 

Gigi and his brother, a demobilized soldier, were reportedly arrested in June. The pair were suspected of being involved in international phishing fraud, but Harel moved to indict only Gigi.

The police apparently first began to look into Gigi when they received information suggesting that he was dropping scam links on digital wallet forums. According to the report, Gigi would link to a website that appeared to have a downloadable wallet manager. However, Gigi appeared to have collected and misappropriated users’ account credentials to steal their crypto.

As previously reported by Cointelegraph, an employee at Microsoft was recently arrested on suspicion of stealing $10 million in crypto. Volodymyr Kvashuk allegedly stole and flipped crypto gift cards for Microsoft products, selling them for a profit to customers over the Internet.

Posted on

Researchers Uncover Threat of ‘Unusual’ Virtual Machine Crypto Mining

Cybersecurity firm ESET has detected what it describes as an unusual and persistent cryocurrency miner distributed for macOS and Windows since August 2018.

Cybersecurity firm ESET has detected what it describes as an unusual and persistent cryocurrency miner distributed for macOS and Windows since August 2018. The news was revealed in a report from ESET Research published on June 20.

According to ESET, the new malware, dubbed “LoudMiner,” uses virtualization software — VirtualBox on Windows and QEMU on macOS — to mine crypto on a Tiny Core Linux virtual machine, thus having the potential to infect computers across multiple operating systems.

The miner itself reportedly uses XMRig — an open-source software used for mining privacy-focused altcoin monero (XMR) — and a mining pool, thereby purportedly thwarting researchers’ attempts to retrace transactions.

The research revealed that for both macOS and windows, the miner operates within pirated applications, which are bundled together with virtualization software, a Linux image and additional files.

Upon download, LoudMiner is installed before the desired software itself, but conceals itself and only becomes persistent after reboot.

ESET notes that the miner targets applications whose purposes are related to audio production, which usually run on computers with robust processing power and where high CPU consumption — in this case caused by stealth crypto mining — might not strike users as suspicious.

Moreover, the attackers purportedly exploit the fact that such complex applications are usually complex and large in order to conceal their virtual machine images. The researchers add:

“The decision to use virtual machines instead of a leaner solution is quite remarkable and this is not something we routinely see.”

ESET has identified three strains of the miner targeted at macOS systems, and just one for Windows thus far.

As a warning to users, the researchers state that “obviously, the best advice to be protected against this kind of threat is to not download pirated copies of commercial software.”

Nonetheless, alongside high CPU consumption, they offer several hints to help users detect something might be awry, included trust popups from an unexpected, “additional” installer, or a new service added to the startup services list (Windows) or a new Launch Daemon (macOS).

Network connections to unusual domain names — due to scripts inside the virtual machine that contacting the C&C server to update the miner’s configuration — are another giveaway, the researchers add.

Yesterday, Cointelegraph published an in-depth report analyzing various malware deployments within the crypto industry, including for stealth crypto mining.

Posted on

Report: Android Phishing Malware Impersonates Turkish Cryptocurrency Exchange

New Android malware sidesteps Google’s SMS permissions restrictions to get hold of two-factor authentication codes received via SMS.

The cybersecurity company behind major antivirus software NOD32, ESET, reported on June 17 that new Android malware sidesteps Google’s SMS permissions restrictions to get hold of two-factor authentication (2FA) codes received via SMS.

Per the report, some malicious apps are capable of accessing one-time-passwords sent to users via SMS by circumventing the restrictions recently implemented by Google. Furthermore, the same technique reportedly also allows for accessing email-based codes.

According to the author, the apps in question impersonate Turkish cryptocurrency exchange BtcTurk and phish for login details to the service. The malware, “instead of intercepting SMS messages to bypass 2FA protection on users’ accounts and transactions, these malicious apps take the OTP from notifications appearing on the compromised device’s display.” The app also takes measures to prevent the user from noticing the ongoing attack:

“Besides reading the 2FA notifications, the apps can also dismiss them to prevent victims from noticing fraudulent transactions happening.”

The first app to act as such was uploaded onto Google’s Play Store on June 7 under the name BTCTurk Pro Beta by developer account BTCTurk Pro Beta and has been installed by over 50 users before ESET allegedly reported it to Google. After this first instance, another two versions of the app were uploaded and then subsequently removed from the store.

As Cointelegraph reported earlier this month, peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials. In a message to clients, the exchange stressed the importance of property security measures

Also in June, cyber security researchers found a Trojan-spreading website masquerading as that of Cryptohopper, a site where users can program tools for automated cryptocurrency trading.

Posted on

Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner

Trend Micro claims to have detected a web address spreading a botnet featuring a monero mining component alongside a backdoor.

Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13.

Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.”

Trend Micro also believes that the creators of the malware in question are still testing and developing it, since it contained some scripts that were included, but not executed. The firm’s telemetry also reportedly detected infection attempts in China.

As Cointelegraph reported earlier this month, Trend Micro had confirmed that attackers have been exploiting a vulnerability in the Oracle WebLogic server to install monero mining malware while using certificate files to obfuscate the endeavor.

In May, Firefox Quantum, the latest version of open-source internet browser Firefox, announced a new privacy toggle that protects against cryptojacking. Users can now toggle an opt-in feature that purportedly blocks would-be cryptojackers from taking advantage of spare computing power to mine cryptocurrencies.

Posted on

BitMEX Observes Increase in Attacks on Accounts, Stresses Security Measures

Crypto exchange BitMEX cautions users to follow security best practices and enable two-factor authentication following an increase in attacks on user accounts.

Hong Kong-based peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials, according to an official blog post on June 11.

In addition to covering a litany of best practices for user security, the cryptocurrency exchange stressed the importance of using two-factor authentication (2FA) in particular. The report summarizes 2FA as follows:

“2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.”

According to BitMEX, research at Google has shown that virtually all attempts to steal account credentials can be prevented by enabling 2FA. BitMEX concurred that 2FA is the best way to prevent such attacks, and is considering making 2FA authentication mandatory on its platform.

BitMEX also noted that compromised accounts on the exchange are typically associated with weak or reused passwords, hacked emails, or computers infected with malware. Additionally, the exchange discovered some new tactics being deployed in these account hacks, and have updated its policies accordingly.  

First, there is no longer an option to disable email notifications about account logins, since hackers were disabling these notifications in order to further hide their tracks. Second, withdrawal requests must now be verified by email, since attackers were making API keys with the hacked accounts, which could be used on their own to authenticate withdrawals.

As previously reported by Cointelegraph, United States-based crypto exchange Kraken made 2FA mandatory for its platform at the end of March. According to Kraken’s announcement, 2FA has been optional on the platform since its inception in 2013. The exchange particularly supports 2FA programs Google Authenticator and YubiKey, as per the announcement.

Posted on

Hodler’s Digest, June 3–9: Top Stories, Price Movements, Quotes and FUD of the Week

Tron CEO Justin Sun gets to lunch with Warren Buffett for $4.5 million, while Facebook’s coin may come out this month.

Coming every Sunday, the Hodler’s Digest will help you track every single important news story that happened this week. The best (and worst) quotes, adoption and regulation highlights, leading coins, predictions, and much more — a week on Cointelegraph in one link.

Top Stories This Week

Mt. Gox’s Karpeles: “Press Rumors About My Blockchain Plans Are False”

Mark Karpeles, the former CEO of long-defunct Japanese cryptocurrency exchange Mt. Gox, denied press claims this week that he is returning to blockchain. Karpeles said that his activities with Tristan Technologies will not involve the cryptocurrency sector, as previously reported, and that the firm is not a startup and not related to blockchain. In comments to Cointelegraph, Karpeles said that he wasn’t “sure how this got reported wrong” and that his main goal is to “try to bring back Japan near the top of the IT industry.” A judge acquitted Karpeles of embezzlement in March and is currently appealing a lesser conviction of data manipulation, all in relation to the hack of Mt. Gox.

Picture 1

SEC Sues Kik for Conducting Allegedly Unregistered $100 Million ICO in 2017

Canadian startup Kik has been sued by the United States Securities and Exchange Commission (SEC) for an unregistered $100 million token offering. According to the SEC’s complaint, the commission alleged that Kik’s digital token sale was not compliant with U.S. securities laws, as it had not registered the offering with the proper authorities. The SEC’s complaint comes right after Kik’s recent announcement that the company is launching a $5 million crypto initiative to fund a lawsuit against the SEC, with a campaign called DefendCrypto. Steven Peikin, co-director of the SEC’s Division of Enforcement, said in a press release that, by conducting its kin token sale, Kik “deprived investors of information to which they were legally entitled and prevented investors from making informed investment decisions.”

Tron’s Justin Sun Wins eBay Charity Auction in $4.57M Bid to Lunch With Warren Buffett

Justin Sun, Tron founder and CEO, has won an eBay charity auction to have lunch with Warren Buffett, renowned investor and CEO of Berkshire Hathaway. In order to win the lunch, which Buffett has participated in for 20 years, Sun allegedly bid a record-breaking $4,567,888. The winner will be able to bring along seven friends to a New York steakhouse, and all proceeds from the auction go to San Francisco-based nonprofit Glide Foundation. Sun wrote in a statement that the bid was a key priority for the Tron and BitTorrent team. Buffett has long been known for his negative stance on cryptocurrencies, although he has made positive comments in regard to blockchain.

Picture 2

LocalBitcoins Confirms Removal of Local Cash Trades

Global peer-to-peer (p2p) crypto exchange LocalBitcoins officially confirmed this week the removal of trading in local fiat currencies. The Finland-based exchange had previously removed the cash trading option on June 1 with no announcement, which caused some outrage in the crypto community. In an official statement this week, the exchange noted that its liabilities are determined by the Act on Detecting and Preventing Money Laundering and Terrorist Financing, which requires them to follow certain regulations. The move comes on the heels of the news that LocalBitcoins will soon become monitored by the Financial Supervisory Authority of Finland, as the Finnish government passed new legislation for crypto assets earlier this year.

Report: Facebook to Announce Cryptocurrency Project This Month

Social media giant Facebook will reportedly announce its cryptocurrency project this month, and employees will be allowed to take part of their salary in the coin. According to unnamed sources, the white paper for the coin will be released on June 18. As well, Laura McCracken, Facebook’s head of financial services and payment partnerships for Northern Europe, said in an interview this week that the stablecoin would not only involve a U.S. dollar peg. Other media reports this week have noted that there are now 100 people known to be working on the crypto project via profiles on professional networking platform LinkedIn.
Winners and Losers

This week in the markets, bitcoin is below $8,000, trading at around $7,933, ether is at $245 and XRP at $0.41. Total market cap is about $253 billion.

The top three altcoin gainers of the week are posscoin, bitcoin 2 and hempcoin. The top three altcoin losers of the week are bzedge, pandemia and quantis network.

Market analysis

For more info on crypto prices, make sure to read Cointelegraph’s market analysis.

Most Memorable Quotations


“The unwillingness to allow more competitors to offer geared ETFs seems to be another example of denying or curtailing access to a product that would be useful to some investors.”

Hester Peirce, commissioner at the SEC

“What a difference it would have made a decade ago if blockchain technology on a private distributed ledger accessible to regulators had been the informational foundation of Wall Street’s derivatives exposures.”

J. Christopher Giancarlo, United States Commodity Futures Trading Commission (CFTC) Chairman

“I don’t think I’m a Neanderthal, which is what I’ve been called when I’ve said I didn’t want to own bitcoin.”

Stanley Druckenmiller, American billionaire investor

“I don’t recommend bitcoin in either direction because I don’t really care for it in terms of an asset, but I do care for it as a signalling mechanism that I think was a tip-off to this bounce in gold.”

Peter Boockvar, chief investment officer at financial planning and wealth advisory firm Bleakley Advisory Group

“My love for Japan has not changed. Japan used to be engineering superpower in terms of its PCs but right now, taking the cloud for example, it’s the U.S. that dominates. But I still believe in the potential Japan has and I would like to develop that.”

Mark Karpeles, former CEO of the now-defunct bitcoin exchange Mt. Gox

“The lack of financial inclusion is not a ‘bug’ of the traditional financial system. It’s a direct result of the regulatory architecture and the intermediaries policies.”

Andreas Antonopoulos, well-known bitcoin educator and crypto commentator

“I do not know what bitcoin is.”

Jair Bolsonaro, president of Brazil

Picture 3

FUD of the Week

Report: Polish Exchange Shuts Down and Disappears With Customers Funds

Coinroom, a Polish cryptocurrency exchange, has reportedly shut down its operations and disappeared with customer funds. While the total amount lost has not been disclosed, some users said that they had up to 60,000 zloty (around $15,790) in their accounts. Before ending its operations, Coinroom reportedly asked customers in an email to withdraw their money in one day, while in reality, customers have said that they were unable to get all of their money in this final withdrawal. A spokesperson for the district prosecutor’s office in Warsaw said that proceedings had been initiated against Coinroom for unregistered crypto payment services.

New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website

According to Twitter user and malware researcher Fumik0_, a new website is spreading cryptocurrency malware. The aforementioned site reportedly imitates the website for Cryptohopper, a site where users can program tools to perform automatic cryptocurrency trading. After a user goes on the site, which displays the logo of Cryptohopper in an attempt to trick the user, it automatically downloads a setup.exe installer that will infect the computer once it runs. The installer infects the computer with an information-stealing Trojan, which then also installs two other Qulab Trojans for mining and clipboard hijacking deployed once every minute to collect data.

Report: Nearly $10 Million in XRP Stolen in GateHub Hack

Cryptocurrency wallet service GateHub said this week that hackers compromised almost 100 XRP Ledger wallets, resulting in the loss of around $10 million. In a statement, GateHub said that it was notified by community members of the loss of funds, following which it discovered increased application programming interface (API) calls coming from a small number of IP addresses. While one of those who warned GateHub about the breach reported that almost 13,100,000 XRP ($5.37 million) had already been laundered through exchanges and mixer services, GateHub has stated that the investigation is still ongoing.

Picture 4

Best Cointelegraph Features

The Land of the Free: Why Decentralization Matters in the Crypto Republic

After Tezos updated without forking and Iota introduced an ostensibly centralization-killing element, Cointelegraph examines the importance of decentralization by some of the large players in the crypto community.

Satoshi Posers — Why So Many Takers for the Bitcoin Crown?

With some anonymous Satoshi Nakomoto posers coming out of the woodwork, as well as one very not-so-anonymous Craig Wright, Cointelegraph looks at the potential motivations for claiming to be bitcoin’s father.

What Is a Satoshi, the Smallest Unit on the Bitcoin Blockchain?

In this analysis, Cointelegraph explains what exactly a “satoshi” is, why this buzzword has become popular recently, and who came up with the term itself.

Posted on

Trend Micro Detects Major Uptick in New Strain of XMR Malware Targeting China-Based Systems

Cybersecurity firm Trend Micro has detected a major uptick in monero cryptojacking malware targeting China-based systems this spring.

Cybersecurity firm Trend Micro has detected a major uptick in monero (XMR) cryptojacking malware targeting China-based systems this spring. The news was revealed in an official Trend Micro announcement on June 5.

As previously reported, cryptojacking is an industry term for stealth crypto mining attacks that work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

The XMR-focused malware — which wields malicious PowerShell scripts for illicit mining activities on Microsoft-based systems — reportedly surged against Chinese targets in mid-May. Hitting a peak on May 22, the wave of cryptojacking attacks has since ostensibly steadied, according to Trend Micro. China accounted for 92% of the firm’s detections of the new strain.

In an analysis of the attacks, the cybersecurity firm identified that this latest campaign resembles a previous wave of activities that used an obfuscated PowerShell script (dubbed “PCASTLE”) to deliver XMR-mining malware. The earlier campaign, by contrast, targeted a host of different countries — notably Japan, Australia, Taiwan, Vietnam, Hong Kong and India.

Trend Micro’s report describes in detail how the malware’s infection chain functions, and notes that while the campaign is focused on one geographic area, it seems to be indiscriminate in terms of industry. Trend Micro also notes that alongside their cross-industry target field, the attackers’:

“Use of XMRig as their payload’s miner module is […] not surprising. Algorithms for Monero mining are not as resource-intensive compared to other miners, and don’t require a lot of processing power. This means they can illicitly mine the cryptocurrency without alerting users unless they notice certain red flags like performance issues.”

In its conclusion, Trend Micro notes that even while the motivations behind the attackers’ focus on China remain unclear, the campaign demonstrates that fileless malware techniques represent a persistent threat — one of the most prevalent in the current landscape, according to the firm.

As reported earlier this month, Trend Micro also detected a malware dubbed BlackSquid that infects web servers by employing eight different security exploits and installs XMRig monero Central Processing Unit-based mining software.

Posted on

New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website

A new website spreads crypto-stealing malware by imitating the website Cryptohopper, a legitimate website where users can program tools for automatic trading.

Twitter user and malware researcher Fumik0_ has discovered a new website that spreads cryptocurrency malware, according to a report by Bleeping Computer on June 5.

According to the report, the host for transmitting these viruses is a website that imitates the website for Cryptohopper, a website where users can program tools to perform automatic cryptocurrency trading.

When the scam site is visited, it reportedly automatically downloads a setup.exe installer, which will infect the computer once it runs. The setup panel will also display the logo of Cryptohopper in another attempt to trick the user.

Running the installer is said to install the Vidar information-stealing Trojan, which further installs two Qulab trojans for mining and clipboard hijacking. The clipper and miners are then deployed once every minute in order to continuously collect data.

The Vidar information-stealing trojan itself will attempt to scrape user data such as browser cookies, browser history, browser payment information, saved login credentials, and cryptocurrency wallets. The information is periodically compiled and sent to a remote server, after which the compilation is deleted.

The Qulab clipboard hijacker will attempt to substitute its own addresses in the clipboard when it recognizes that a user has copied a string that looks like a wallet address. This allows cryptocurrency transactions initiated by the user to get redirected to the attacker’s address instead.

This hijacker has address substitutions available for ether (ETH), bitcoin (BTC), bitcoin cash (BCH), dogecoin (DOGE), dash (DASH), litecoin (LTC), zcash (ZEC), bitcoin gold (BTG), xrp, and qtum.

One wallet reportedly associated with the clipper has received 33 BTC, or $258,335 at press time, via the substitution address ‘1FFRitFm5rP5oY5aeTeDikpQiWRz278L45,’ although this may not all have come from the Cryptohopper scam.

As previously reported by Cointelegraph, a YouTube-based crypto scam campaign was discovered in May, luring in victims with the promise of a free BTC generator. After users ran the alleged BTC generator, which was automatically downloaded by visiting the associated website, they would be infected with a Qulab trojan. Then, the Qulab trojan would attempt to steal user information and run a clipboard hijacker for crypto addresses.