SHOs

Attention all cryptocurrency users! Critical Alert: The Trust Wallet browser extension may currently be compromised. Recent reports indicate that the latest version of the extension for Chrome and other browsers contains malicious code designed to steal sensitive information, including: 🔑 Private Keys 🌱 Seed Phrases / Recovery Phrases There has been no official statement from the Trust Wallet team yet, which is increasing concern. Numerous users are reporting real-time loss of funds from their wallets. 😱 💸 Estimated Scale of the Damage (Unconfirmed): Preliminary estimates suggest losses have already reached millions of dollars. Specific reports mention a hacker attack resulting in damages of around $7 million. Important Update: According to the latest unconfirmed information, Trust Wallet plans to compensate all affected users. However, this does not eliminate the critical need for immediate action. 🛡️ Immediate Steps to Take: STOP USING the Trust Wallet browser extension immediately. Do not open it. If you have used it recently, urgently move your funds to a new, secure wallet (preferably a hardware wallet or one on a clean device). You can do this via the mobile app (if unaffected) or by importing your seed phrase on a completely secure and trusted device. NEVER enter your seed phrase on any website. Exercise extreme caution and monitor official channels for verified updates. The security of your assets is in your hands!

The notorious ransomware group Akira has just thrown a major punch in the cyber-underground. 💥 On October 29th, they publicly claimed responsibility for hacking the Apache OpenOffice project. The Claim: The cybercriminals boast of stealing a whopping 23 GB of sensitive data. They're now holding it hostage, threatening to leak everything unless a ransom is paid. 🏴‍☠️💰 What's Allegedly in the Loot? According to their darknet post, the stolen trove includes: Employee PII: Addresses, phone numbers, birthdates, driver's license & social security numbers, and even bank card details. 👤🔐 Corporate Secrets: Financial documents, internal communications, and bug/development reports. 📄💬 "We will soon publish 23 GB of corporate documents," the group's message states. Potential Fallout: If true, this isn't just a data dump. This stolen info could fuel devastating phishing and social engineering attacks against employees of the Apache Software Foundation. 🎣⚔️ A small silver lining: The actual OpenOffice source code appears untouched, meaning user security is not directly at risk. Why OpenOffice is a Target: 🎯 Apache OpenOffice is a legendary, free, open-source suite. But its community-driven, non-profit model often means limited cybersecurity resources, making it a vulnerable target for groups like Akira. Who is Akira? 👺 Active since March 2023, they've already extorted tens of millions. Masters of double-extortion: steal data first, encrypt systems second. They attack both Windows and Linux/ESXi systems. Known for aggressive tactics, even hijacking webcams to pressure victims. Official Stance? 🤐 Radio Silence. The Apache Software Foundation has neither confirmed nor denied the breach and has declined to comment. Independent experts are still verifying the leaked data samples. P.S. A Glimmer of Hope: ☀️ Remember this? Last spring, researcher Johannes Nugroho released a free decryption tool for files locked by Akira's Linux version. Its secret weapon? Using GPU power to crack encryption keys. A small win in the ongoing war.

Forget simple data theft — meet the next-gen web skimmer that's also a master of disguise. This isn't just a pickpocket; it's a full-blown con artist that uses your stolen info to create a perfectly convincing fake PayPal checkout page. 🎭💳 Here’s the sneaky play-by-play: The Trojan Horse 🐎: The malware is hidden inside a harmless-looking image file (using steganography) to slip past security scanners. Clever, right? The Silent Observer 👁️: Once planted on a hacked e-commerce site, it silently records everything you type into the order form. The Big Switch 🔄: When you click "Pay with PayPal," it doesn't take you to the real site. Instead, it loads a flawless fake PayPal page inside an invisible frame (iFrame). The "Helpful" Auto-Fill 🤖: This is the killer feature! To make the fake page look 100% legit, the skimmer auto-fills it with YOUR stolen data — even down to your cart items, taxes, and shipping costs! It's chillingly personalized. The Smart Filter 🧠: Not all stolen data is useful. This skimmer is picky! If your info looks fake or incomplete, it simply closes the scam page and lets you proceed normally. It only attacks high-value targets. The Heist & Clean Exit 🏃‍♂️💨: Once you've entered your payment details on the fake page and hit "Pay," your complete financial data is sent to the attackers' server. Then, with a final sneaky move, it clicks the real checkout button behind the scenes, sending you back to the legitimate site. You might not even notice anything was wrong! 🔗 The Connection: The stolen data flows to a domain (apptegmaker[.]com) that's linked to tawktalk[.]com — a domain known from Magecart credit card theft campaigns. The cybercriminal family tree is showing! 🛡️ The Tough Defense: Simply blocking JavaScript can help, but it's not a silver bullet. If hackers compromise a trusted, "whitelisted" online store you use regularly, this skimmer can still slip through. This attack blurs the line between "safe" and "infected" sites. Bottom line: This isn't just stealing your data; it's weaponizing it against you in real-time to build ultimate trust. A scary evolution in digital fraud. ⚠️

The Gist: Group-IB researchers stumbled upon a poorly secured malware server online. This server was used to control two types of PoS malware, MajikPOS and Treasure Hunter, and was packed with over 167,000 stolen credit card records! 💳🕵️‍♂️ The Details: Target: 133 Point-of-Sale terminals, mostly in the US. Timeframe: The server collected data from Feb 2021 to Sept 2022. Who's behind it? Still a mystery. 👻 Value: Analysts estimate the stolen data could be worth over $3.3 million on the dark web. Cha-ching! 💰 Victims: So far, 11 US-based companies have been identified. The Malware Evolution: The hackers started with Treasure Hunter (an old-school RAM scraper from 2014, whose code is freely available online). Then, this year, they upgraded to MajikPOS (first seen in 2017). Why the switch? MajikPOS is simply better—it has a nicer admin panel, more detailed logs, and uses encryption. Both are built from leaked source codes and infect systems the same way: by scanning for poorly secured VNC/RDP ports and guessing passwords. 🤖 The Big Picture: Even though PoS malware isn't as trendy with criminals as it used to be (thanks to better industry security), it's far from dead. PoS systems are still everywhere and often have vulnerabilities. Plus, notorious groups like FIN7 (Carbanak) still use these attacks. So, the threat is still real! ⚠️ What's Being Done: Group-IB has shared all its findings with US financial threat intelligence networks. 🚨