Monday, January 13, 2025
HomeNewsCrypto Users Might be In Trouble of Markopolo’s Scam

Crypto Users Might be In Trouble of Markopolo’s Scam

Recent investigations by cybersecurity experts have unveiled the operations of ‘Markopolo’, a sophisticated cybercriminal mastermind orchestrating extensive cryptocurrency thefts. This threat actor has been systematically targeting users across various social media platforms, employing a potent information-stealing malware.

In-depth analysis reveals that this malware is disseminated via ‘Vortax’, a commonly used virtual meeting application, along with 23 other software programs. These applications serve as conduits for the deployment of malicious tools such as ‘Rhadamanthys’, ‘StealC’, and ‘Atomic macOS Stealer’ (AMOS), which are instrumental in the execution of these heists.

Some information confirmed the threat actor’s involvement in a previous Vortax campaign leveraging trap phishing techniques. A statement by Future’s Insikt group insinuated, “This campaign, primarily targeting cryptocurrency users, marks a significant rise in macOS security threats and reveals an expansive network of malicious applications.” The threat actor is also moving to get Vortax grounded on social media and the Internet.

Zero Day Flaw in Kraken Crypto Exchange Results in $3 Million Theft

In a case that seems like a security researcher gone rogue, Kraken, a crypto exchange, has revealed the exploitation of a zero-day flaw to steal $3 million. The company’s CSO confirmed receiving a bug bounty alert, drawing the company’s attention to users’ ability to inflate their balance. However, before anything could be done about the situation, the undisclosed researcher took advantage of the situation to steal digital assets worth $3 million.

The company shared information stating that the security issue identified allows users to make an incomplete deposit and still withdraw money into their accounts. However, the cryptocurrency exchange company confirmed that the situation has no effect on any client’s risk, and the security flaw was addressed within 47 minutes of discovery.

Flaws in Mailcow Mail Server Aids Remote Code Execution

Two security flaws, CVE-2024-30270 and CVE-2024-31204, with CVSS scores of 6.7 and 6.8, respectively, have opened the Mailcow mail server to exploitation by threat actors skilled enough to run remote code execution. Further details about each of the vulnerabilities revealed CVE-2024-30270 is a path traversal vulnerability impacting a function named “rspamd_maps()” that could result in the execution of arbitrary commands on the server by allowing a threat actor to overwrite any modifiable file with the “www-data” user. CVE-2024-31204, on the other hand, is a cross-site scripting (XSS) vulnerability via the exception handling mechanism when not operating in the DEV_MODE.

According to details revealed about the vulnerability, it impacts all versions of the software released before 2024-04. A vulnerability researcher at SonarSource named Paul Gerste also revealed, “An attacker can combine both vulnerabilities to execute arbitrary code on the admin panel server of a vulnerable mail cow instance.”

Chinese Users at Risk of Installing Malicious VPN Installers

Void Arachne, a campaign aimed at delivering a command-and-control framework names Winos 4.0 by leveraging malicious Windows Installer (MSI) files for virtual private networks (VPN), is currently targeting Chinese users. Some details about the campaign revealed, “The campaign uses [Search Engine Optimization] poisoning tactics and social media and messaging platforms to distribute malware.”

Some Trend Micro cybersecurity researchers (Peter Girnus, Aliakbar Zahravi, and Ahmed Mohamed Ibrahim) insinuated, “The campaign also promotes compromised MSI files embedded with modifiers and deep fake pornography-generating software, as well as AI voice and facial technologies.”

Cactus ransomware group attacked Suminoe, a textile company in the United States with over 500 employees. The attack on the company, whose annual revenue is $71.3 million, resulted in the disclosure of data worth 278GB.

 

 

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular