Phishing attacks on cryptocurrency owners, Emotet “revival” and other cybersecurity events

We have collected the most important news from the world of cybersecurity for the week.

Proofpoint researchers said,how attackers attack cryptocurrency owners through phishing.
The new Emotet module began to steal bank card data from Chrome users.
IBM announced the complete withdrawal from the Russian Federation.

Report: Phishers are actively attacking cryptocurrency owners

With the growing popularity of cryptocurrencies and NFTs, scammers are increasingly targeting this sector, Proofpoint said.

According to the observations of researchers, in 2022, attackers regularly tried to gain access to cryptocurrency wallets by sending emails with infected files or links.

Often, they sent emails from supposedly cryptocurrency platforms (such as Binance or OpenSea) encouraging victims to enter seed phrases on fake pages.

«Liquidated» by law enforcement, Emotet is active again. New module aimed at Chrome users

A new Emotet botnet module is aimed at stealing bank card data through the Chrome browser, researchers have found.

Recall that at the beginning of last year, law enforcement officersannounced the elimination of Emotet during the international operation, calling it the most dangerous malware in the world. It was later reported that the botnet self-destructed on all infected devices.

IBM announced the complete cessation of work in the Russian Federation

The largest manufacturer and supplier of hardware and software, IBM, announced a complete cessation of work in the Russian Federation. 

In March, the company announced the suspension of operations in Russia due to the latter's invasion of Ukraine. Now IBM has announced a «systematic winding down» business in the country.

Attackers started selling the decryptor through the Roblox gaming platform

Researchers have discovered the WannaFriendMe ransomware. It does not require a ransom in cryptocurrency, but offers to buy a decryption program on the Roblox gaming platform through the Roblox Game Pass store.

WannaFriendMe operators pass him off asRyuk ransomware, however, experts note that in fact it is one of the variations of the Chaos ransomware. According to Bleeping Computer, ransomware like Chaos not only encrypts data, but in many cases destroys it.

In the vast majority of cases, ransomware operators demand a ransom in cryptocurrencies. ForkLog figured out what this means for the industry.

«Ransomware pandemic»: what is causing the wave of hacker attacks and how will it affect Bitcoin

In Russia, they proposed to detail Internet calls and geolocation of users

The Ministry of Digital Development of the Russian Federation proposed changing the requirements for systems of operational investigative measures (SORM) installed on communication networks according to the Yarovaya Law. 

The Russian authorities want SORM to separately identify and store Internet call traffic, the user's geolocation and browser history. 

Also on ForkLog:

Hackers have hacked into the Discord servers of the Bored Ape Yacht Club project.
The STEPN app was subjected to a massive DDoS attack.
Law enforcement officers liquidated a marketplace selling personal data of 24 million people for cryptocurrencies.
An unknown person stole 20 million OP tokens due to a mistake by the Wintermute market maker, and then returned most of it.
Hackers hacked into the website of the Ministry of Construction of the Russian Federation and demanded a ransom of 0.5 BTC.
Telegram denied leaking more than 137 GB of messages from cryptocurrency chats.
The head of the Ministry of Digital Development of the Russian Federation spoke about the plan for disconnecting the country from the European Internet network.
The Osmosis blockchain has been suspended due to a critical vulnerability.

What to read this weekend? 

One of the most popular and easiest ways to bypass restrictions and censorship on the network are VPN services. In several cards, we explain what a VPN is and how to choose the right one.