Cyber threats are showing no sign of diminishing, which lately seem to be characterized by a certain operational versatility, also targeting digital wallets, as has just emerged in two very recent cases.
The attacks on the digital security of users continue and, just a few hours after having to deal with an attack capable of carrying out environmental interception, they have now been targeted again, as highlighted in two new cases.
The first hacker threat of this middle week concerns Mailchimp, a well-known newsletter management service which, to The Verge, confirmed that it had suffered, on March 26, an intrusion into its systems: in practice, some cyber pirates, with social engineering technicians, have obtained from its employees access to tools used for account management and customer support. In this way, data were obtained, including the API keys with which to launch marketing campaigns from websites, of about 100 customers, active in the finance and cryptocurrency sectors, as in the case of Trezor.
In the latter case, the data of 319 accounts were displayed, 102 of which were reached by phishing emails: these emails, sent from [email protected], feared a security problem for which it was necessary to download an alleged new version of the Trezor Suite which, in reality, concealed a virus, capable of exfiltrating various information from the victim, including the seed phrases which, allowing the key tree to be regenerated, are in practice used to recover access to the crypto wallets of the users with the result, in this specific case, of emptying everything that was deposited in said digital wallets.
Mailchimp confirmed that it had disabled the compromised accounts of employees, and advised the users involved to activate two-factor authentication: even Trezor, for his part, has tried his hand at advice on how to avoid similar traps by cybercriminals but, to date, it has not provided any statements regarding any reimbursements for the already established victims of the attack.
The second hacker threat was detected by the American security house Cyble, engaged in monitoring the surface, deep and dark web, which found the circulation, it is not known whether freely distributed or offered for sale in the markets of the deep web, of a baptized malware like the surreal journalist Borat, created by the creative flair of the comedian Sacha Baron Cohen.
According to what has been observed, the malware in question has a certain modularity (so much so that it is considered a ransomware, a spyware and a RAT remote access trojan) since, depending on the type of attack you decide to undertake, it can be built with various modules, which allow it to do wiretapping from microphone and webcam, to conduct DDoS attacks, to perform the reverse proxy, to keep track of everything you type via keylogging, to take data hostage, and to offer a platform (remote desktop) for total control of the victim’s device. All resulting “totally invisible”.