RF against VPN, malware targeting cryptocurrency owners and other cybersecurity events

We have collected the most important news from the world of cybersecurity for the week.

Experts spoke aboutClipminer malware. With its help, attackers engage in hidden mining and steal cryptocurrencies.
Roskomnadzor continued its attempts to block VPN services.
Europol announced the elimination of «one of the fastest spreading mobile malware».

Experts have discovered malware aimed at hidden mining and theft of cryptocurrencies

The Symantec Threat Hunter team has identified a hackera group that distributes Clipminer malware. It potentially netted operators at least $1.7 million in stealth mining and theft of cryptocurrencies.

Clipminer spreads through infected fileshacked or pirated software. The malware can use the resources of compromised computers for mining, and also change the contents of the clipboard, redirecting crypto transactions of victims.

«Every time the clipboard is updated, itscans the contents of the clipboard for wallet addresses, recognizing address formats used by at least a dozen different cryptocurrencies. Then they are replaced with addresses of wallets controlled by attackers,” experts noted.

Europol eliminated FluBot botnet

Europol officials reported the elimination of «one of the fastest-spreading mobile malware» — FluBot, aimed at Android users.

FluBot spread via SMS, after which it stole passwords, online banking data and other confidential information from infected smartphones around the world. 

Using FluBot, attackers gained access to victims' devices and used it to steal credentials for banking applications or accounts belonging to cryptocurrency owners.  

Clop ransomware resumed activity

After suspending activity for a long time, the Clop ransomware is active again. Bleeping Computer writes about this with reference to NCC Group experts.

In April, Clop ranked fourth in activity among all ransomware viruses, attacking 21 companies. Almost half of the attacks were on industrial organizations, 27% on technology companies.

Let us recall that last year the cyber police of Ukraine reported that they had identified Clop hackers and blocked channels for the legalization of illegally obtained cryptocurrencies. 

However, according to ForkLog sources, the searches took place at the OTC traders through which ransomware operators' bitcoins passed, and not at the hackers themselves.

Later, the Binance exchange confirmed its participation in the law enforcement operation to identify persons who laundered the funds of the Clop hackers.

Roskomnadzor continued the war with VPN

This week, Russian users reported problems accessing Proton VPN and NordVPN services.

Representatives of the Proton VPN team suggested that the Russian authorities began to block the service. Later, Roskomnadzor announced work to block VPN services, calling them a threat. 

What is a VPN?

According to experts, Proton VPN is blocked using TSPU equipment installed under the so-called law on sovereign runet.

Meanwhile, the head of Roskomnadzor, Andrei Lipov, came under EU sanctions. 

Attackers began to steal data using SMS about exporting data from Telegram 

Hackers began sending SMS warnings about the supposedly launched export of data from Telegram. To reverse this, victims are asked to click on a phishing link. 

Also on ForkLog:

Belarusian government websites went offline because of Anonymous hackers.
The court seized the crypto wallet of the alleged Hydra administrator, but cannot access it.
The hacker withdrew $90 million from the Mirror protocol. This was discovered seven months later.
The Zcash developers have activated the Network Upgrade 5 update.

What to read on the weekend?

The Russian Federation continues to restrict free access to the Internet and information. We look at the most popular VPN services and tips for bypassing Internet censorship. 