AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/28/2021

Thousands of online gaming accounts hit in major cyberattack

Cybercriminals are increasingly targeting gamers as well as their accounts online with a new malware dubbed BloodyStealer according to Kaspersky. Back in March of this year, the cybersecurity firm’s experts discovered an ad for BloodyStealer that said the malware is able to steal passwords, cookies, bank card details, browser autofill data, device data, screenshots, Desktop and uTorrent client files, logs and Bethesda, Epic Games, GOG, Origin, Steam, Telegram and VimeWorld client sessions. Despite the fact that BloodyStealer is relatively new, the malware has already been used to target and infect users in Europe, Latin America and the Asia-Pacific region. What has allowed this malware to spread so easily online is that its creators use a malware-as-a-service (MaaS) distribution model where BloodyStealer can be purchased  on the dark web for either $10 per month or around $40 for a “lifetime license”.


Malicious ‘Safepal Wallet’ Firefox add-on stole cryptocurrency

A malicious Firefox add-on named “Safepal Wallet” scammed users by emptying out their wallets and lived on the Mozilla add-ons store for seven months. Safepal is a cryptocurrency wallet application capable of securely holding more than 10,000 types of assets, including Bitcoin, Ethereum, and Litecoin. Although the malicious browser add-on has been taken down, BleepingComputer has seen the phishing website set up by the threat actors is still up. “Today I browsed [through] the add-on list of Mozilla Firefox, I was searching for Safepal wallet extension to use my cryptocurrency wallet also in the web browser,” explains a Mozilla add-ons user who goes by the name, Cali. Little did Cali know what was coming for them. A few hours after installing and logging in to the add-on with their real Safepal credentials, the user saw their wallet balance drop to $0.


Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims

Less than 48 hours before the deadline for Iowa-based grain cooperative New Cooperative to pay the BlackMatter ransomware group’s demands, negotiations seemed to take an interesting turn. BlackMatter, which has threatened to leak sensitive data allegedly stolen from New Cooperative, ramped up those threats this week after claiming the company “violated our data recovery guidelines” during negotiations by allegedly working with recovery firm Coveware. The victim shot back with a surprising barb. “The only thing we violated was your mother,” the victim said, according to chat logs shared by Dmitry Smilyanets, an analyst at threat intelligence company Recorded Future. Except, there was a problem: The “victim” wasn’t actually New Cooperative. It was a random troll. “We don’t know who the user ‘victim’ is but it is not us. Please close this TOR page so no more random people from the internet make posts here,” a user that appears to be a negotiator for New Cooperative wrote after escalating threats from BlackMatter to leak the data.


Spotify is to be blamed for your iPhone’s terrible battery life on iOS 15

If you updated your iPhone to iOS 15, and are facing high battery drain, well, Spotify is to be blamed. Spotify has officially acknowledged that its app is causing battery drain and overheating issues on the latest iOS 15 and iOS 14.8 updates. “We’ve passed your info on to the relevant team and we can confirm they are currently looking into it,” said the company in a support post. “Aside from trying restarting and/or a clean reinstall of the app, it’d be great if you’d give disabling Background App Refresh a shot: this could be found under Settings → General → Background App Refresh.” One user was seen reporting, “Battery would drain within an hour if I let it run, but have not as to how hot it gets.” Another user wrote, “I have tried disconnecting the Wi-Fi, toggling background app refresh, did the clean reinstall twice, restarted my phone multiple times, offloaded the app, and deleted the cache. Basically tried every solution mentioned on this website and nothing works. It’s really frustrating.”


Malwarebytes research shows an unequal, unsafe Internet

If the Internet was as safe and as private as it is essential for everyday life—increasingly required for job applications, bank transfers, doctor’s appointments, and filing taxes—then we’d likely have fewer online scams, better privacy protections, smaller data breaches, and a lower overall risk of individual cybercrimes that can wreak havoc on a person’s life. Importantly, if the Internet were to achieve such a promise, then everyone, no matter their gender, race, income level, education, or age, could feel as safe and as private online as they deserve. But according to the latest research by Malwarebytes, this is far from the case. Not only do a large number of people feel neither safe or private on the Internet, but many groups, including women, teenagers, and those who are Black, Indigenous, or People of Color (BIPOC), feel less private and safe than their counterparts. Some of these populations said they suffered more frequent cyberattacks, more recent cyberattacks, and were more substantially stressed by the cyberattacks themselves.


Related Posts