
We have collected the most important news from the world of cybersecurity for the week.
- Ecuadorian journalists were sent “stuffed with RDX” USB flash drives.
- Bitcoin scammers hacked YouTube channel Linus Tech Tips with 15 million subscribers.
- A trojanized version of ChatGPT for Chrome has been downloaded over 9,000 times.
- The hacker forum BreachForums became unavailable after the arrest of the main admin.
Ecuadorian journalists sent USB flash drives “stuffed with hexogen”
At least six journalists from Ecuador received packages containing USB sticks from unknown persons. One of them detonated after being connected to a computer.
INFORMAMOS
Details sobre las diligencias investigativas de @PoliciaEcuadorante atentados (artefactos explosivos) a medios de comunicación en #GYE.
EN VIVO🔴https://t.co/MsF8aeDjGe pic.twitter.com/EGdykKsKPr
— Policia Ecuador (@PoliciaEcuador) March 20, 2023
According to Arstechnica citing France-Presse, a journalist from the local TV channel Ecuavisa was injured in the incident. He received minor injuries to his hands and face.
According to law enforcement officers, the flash drive that exploded “had a charge of 5 volts and was presumably stuffed with RDX.” The police managed to intercept one of the USB drives and carried out a “controlled bombing”.
Ecuador’s interior ministry confirmed that the same type of USB device was used in all cases. According to the agency, the incidents send “an absolutely clear signal to silence journalists.”
The investigation is ongoing.
Trojanized version of ChatGPT for Chrome downloaded over 9,000 times
Company specialists Guardio Labs found a fake ChatGPT extension in the official Chrome Web Store, aimed at stealing accounts.
The malware offered ChatGPT integration with search results while stealing Facebook session cookies.
This allowed attackers to gain full access to the victim’s profile. Subsequently, the stolen accounts were used to distribute malicious advertising and promote prohibited materials, including propaganda by terrorist organizations.
As a rule, the name and image of the hacked profiles were changed to the fake identity of a certain Lilly Collins.
The extension was uploaded to the Chrome Web Store on February 14, 2023, but the author only started promoting it with ads in Google search on March 14. During this time, it has been downloaded more than 9,000 times.
At the moment, the Google administration has removed the malware from the store.
Bitcoin scammers hacked YouTube channel Linus Tech Tips with 15 million subscribers
On March 23, Linus Tech Tips, a popular technology YouTube channel with 15 million subscribers, was hacked to promote a cryptocurrency scam.
The attackers launched an online broadcast of The ₿ Word 2021 conference with the participation of the head of ARK Invest Kathy Wood, ex-CEO Twitter Jack Dorsey and the current owner of the social network Elon Musk. The link in the description of the video led to a site where they allegedly distributed $100 million worth of coins.
The hackers also managed to launch similar streams on the victim’s other two channels, Techquickie and TechLinked. To attract attention, they used keywords: Tesla, AI, GPT-4 and OpenAI.
Yes I know -_-
— Linus LinusMediaGroup (@linusgsebastian) March 23, 2023
The account was hijacked by malware that stole cookies and gave attackers remote access to the victim’s computer.
After a complaint from the channel owner, the YouTube administration blocked the hacked accounts, and later resumed access to them.
The Linus Tech Tips team is currently working on strengthening the security of their accounts.
hacker forum BreachForums became unavailable after the arrest of the main admin
BreachForums, a popular hacking forum, has shut down following the arrest of its founder and administrator, Conor Brian Fitzpatrick, aka Pompompurin. This is reported Bleeping Computer.
The FBI arrested Fitzpatrick on March 15 accusation in conspiracy to commit access device fraud. He has now been released on $300,000 bail and is preparing to appear in court.
The new admin of BreachForums, nicknamed Baphomet, initially promised to move the site to a secure infrastructure. However, the other day he noticed third-party authorization on one of the old CDN-servers.
“This suggests that someone has gained access to the Pompompurin device. In this regard, nothing can be considered secure, whether it be our configurations, source code, or information about our users,” Baphomet wrote in the appeal.
He made the decision to close the site and explore the possibility of migrating the community to a new platform.
Launched in 2022, BreachForums has gained popularity among hackers and ransomware who have used it to post stolen data.
As an administrator of the platform, Pompompurin has been involved in various high-profile incidents, including the compromise of the FBI corporate portal, the theft of Robinhood customer data, and the Twitter leak.
Ferrari was the victim of a ransomware virus
Italian luxury sports car manufacturer Ferrari SpA got a letter about hacking internal systems with a ransom demand.
The data affected included the names, addresses, emails and phone numbers of customers. An ongoing investigation will determine whether bank account numbers or other sensitive billing information was affected by the leak.
Representatives of Ferrari announced their refusal to pay the ransom and notified law enforcement about the incident.
Separately, the company emphasized that it took the necessary measures to protect compromised systems and the attack did not affect operational work.
SberSpasibo has another leak of user data
A new dump with information about users of the mobile application of the SberSpasibo bonus program has become publicly available. This is reported by the Telegram channel “Information Leaks”.
The posted file contains:
- 4.5 million unique phone numbers;
- hashed bank card numbers;
- Date of Birth;
- the date the record was created and updated between June 5, 2022 and January 22, 2023.
Together with the previous leak, a total of 51,977,405 unique phone numbers and 3,298,456 unique postal addresses leaked into the network.
Despite the fact that bank card numbers are stored as a hash, due to the use of the outdated SHA1 hashing method, it is possible to restore their real values by brute force enumeration of all digits.
Thus, researchers are already managed get 96,676,846 card numbers.
- More than 51% of them are identified as Visa cards;
- 32% – Mastercard and Maestro;
- 16% – “Mir”;
- less than 1% – Priority Pass and American Express cards.
Representatives of Sberbank did not comment on the situation.
Also on Cryplogger:
What to read on the weekend?
We tell why Telegram does not guarantee the confidentiality of correspondence, and analyze the top 5 alternative messengers.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!