New Crypto-Mining Malware Attacks, Phone SIM Attacks And Disappearing Exchanges

B
BakerHostetler

Contributor

BakerHostetler logo
Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
According to recent reports, scores of crypto users were hit last week by SIM-swapping attacks in what appears to have been a coordinated wave of attacks. SIM swapping, also known as SIM jacking
United States Technology

According to recent reports, scores of crypto users were hit last week by SIM-swapping attacks in what appears to have been a coordinated wave of attacks. SIM swapping, also known as SIM jacking, is a form of account takeover (ATO) attack, where hackers use techniques like social engineering to transfer a victim's phone number to their own SIM card in order to reset passwords or obtain two-factor verification codes to access protected accounts. Victims of the recent attacks were reportedly all members of the crypto community living in the United States, with one victim admitting to losing over $100,000 of cryptocurrency.

A China-based malware campaign dubbed the "Nansh0u campaign" has been in progress since February, reportedly breaching more than 50,000 servers across the world and infecting more than 700 new victims a day with crypto-mining malware. According to reports, most of the firms affected are in the healthcare, telecom, media and IT sectors, and the malware packages were written using sophisticated Chinese language tools and placed on Chinese language servers.

According to recent reports, a new malware called BlackSquid employs at least eight of the most dangerous exploits currently available to hackers to infect servers and install Monero coin mining software on them. The majority of BlackSquid attacks so far apparently have occurred in Thailand and the United States, with the last week of May having been the most active period for the malware yet. Another recently reported crypto-mining malware campaign involves a fraudulent website impersonating the Cryptohopper trading platform. When visited, the malicious website reportedly executes an attack that installs crypto-mining malware and a "clipboard hijacker."

A popular crypto exchange unexpectedly shut down its services in April and has allegedly disappeared with customer funds. Though the exact amount involved in the alleged fraud by Coinroom, the Polish crypto exchange, is not yet known, customers with deposits ranging from around $79 to $15,660 recently reported the theft. Founded in 2016, Coinroom was one of the most widely used digital asset exchanges in Poland and offered fiat-based crypto trading to its clients.

A recent report by blockchain analytics firm Chainalysis found that upwards of 64% of ransomware attack cash-out strategies use crypto exchanges to launder funds. The report also indicated a shift in how ransomware attacks are carried out. According to the report, while the tendency before had been to conduct wide and shallow attacks, infecting myriads of random victims and demanding small amounts to decrypt the files, criminals are beginning to home in on targets with legally or politically sensitive data and demanding larger payments to ransom the data.

For more information, please refer to the following links:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More