BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Attackers rob VIP clients of crypto exchanges via Telegram chats


    According to Microsoft researchers, they managed to uncover a series of cyber attacks, during which the cluster under the identifier DEV-0139 used Telegram chats to carry out cyber attacks on crypto investors. The attack took place according to the following scenario:

    • Attackers join the chat that is used to communicate between crypto exchanges and their VIP clients;
    • Having chosen a victim, hackers impersonate representatives of another crypto exchange and invite her to another chat;
    • After gaining the trust of the target, the cybercriminals send it a malicious Excel spreadsheet called "OKX Binance & Huobi VIP fee comparision.xls" with commissions for VIP clients from different cryptocurrency exchanges;
    • Once the victim opens the table and enables macros, the second sheet of the table downloads and parses the PNG image to extract the malicious DLL, the XOR-encrypted backdoor, and the exe file, which is then used to sideload the DLL;
    • The DLL is decrypted and installs a backdoor that gives hackers remote access to the victim's system.

    To induce the victim to disable macros, the attackers protected the main sheet of the table with a password, which is removed after installing and running another file saved in base64 format.

    Further investigation allowed specialists to discover another file - an MSI package for the fake CryptoDashboardV2 application, with which the attackers could also install a backdoor on the victim's system.

    Author DeepWeb
    Cryptonite ransomware toolkit unintentionally transforms into a wiper
    What happens if you dissolve cocaine or amphetamine in water and drink it?

    Comments 0

    Add comment