Telegram’s Passport Has Dangerous Weak Points

telegram's passport has weaknesses

As we mentioned earlier, the second “child” of Pavel Durov, the messenger Telegram launched a new KYC system called Passport. According to the official blog, the Passport will be used for a more detailed verification and better protection of data. The representatives of Telegram assured that you could enter any information to the Passport from email address to ID card number.

Nevertheless, the Passport turned out to be not as uncrackable as it was meant to be. The Ukrainian cyber security company Virgil Security detected multiple vulnerabilities in this system. It became known that Telegram is using SHA-512 algorithm to protect the data that is actually not meant for such purposes and can be easily hacked with proper equipment. The Virgil Security representative stated:

Unfortunately, Passport’s security disappoints in several key ways.

Hopefully, Telegram will fix this as soon as possible, and nobody will suffer from any hacker attacks.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Crypto Wars: Jihan Wu vs Craig Wright, Who Gets McAfee’s Support?

The infamous hard fork of Bitcoin Cash has created some tension between the major crypto personalities in the industry. It is especially the case with the supporters of the two different BCH protocols.

One of the main “fights” has started between the CEO of Bitmain Jihan Wu and a computer scientist Craig Wright, who have repeatedly gone at each other on the social media, claiming that their vision of Bitcoin’s future is correct. Later on, the “war” was joined by John McAfee who supported Jihan Wu.

Craig Wright did not take long to respond.

Hopefully, the conflict will be settled peacefully, because the crypto industry needs all of the abovementioned people to function properly and develop.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

8 People Suspected of a Crypto Ponzi Scheme Were Arrested in Japan

According to the local news outlet, the enforcement agencies in Tokyo took 8 people in custody in connection with their possible participation in a gigantic pyramid scheme involving cryptocurrencies.

The police state that almost 6 thousand people became victims of the scheme and lost their crypto. The total amount of money stolen amounted to whopping 7.8 billion Japanese yen (almost 70 million dollars). Allegedly, the fraudsters were organizing different events and seminars and raised funds there, promising a huge return on the “investments”.

Out of 8 arrested people, 6 have already pleaded guilty. They will be charged with the violation of multiple financial regulations of Japan.

We remind you:

The Twitter Account of Google Was Hacked to Promote a Scam BTC Giveaway

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Bitcoin Cash ABC Was Attacked by an Enormous Amount of Spam

Most of the members of the crypto community knew that the controversial hard fork of Bitcoin Cash would not be easy. And, of course, some trouble arose after the fork took place.

As soon as the network of Bitcoin Cash ABC started functioning, a huge amount of small-sized transactions (costing less than 0.5 BCH altogether) started happening. Moreover, they seemed to be coming between the same digital addresses, which proved them to be spam.

Although, this attack could not harm BCH ABC considerably, if it happens again and continues happening over time, it could potentially bring the whole network down. The rumors about the possible involvement of the team BCH CV have already started spreading.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Twitter Account of Google Was Hacked to Promote a Scam BTC Giveaway

As we reported about a scam on Twitter yesterday, we had no idea that its organizers would go beyond hacking the accounts of Target and The Body Shop. We remind you:

A Major Twitter Scam Made Target Promote a Bitcoin Giveaway

But they did. They hacked the account of Google. According to the report by The Next Web, one of the official account of Google on Twitter, GSuite, became another victim of the hackers trying to endorse their fake Bitcoin giveaway.


Source: Twitter

The representative of Google stated the following:

This morning an unauthorized promoted tweet was shared from the G Suite account. We removed the tweet and are investigating with Twitter now.”

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Binance Will Add Stablecoin USDC To Its Listing

Recently, one of the major crypto exchanges, Binance, has published a notice which says, Binance will open two new pairs for trading on November 17. Interestingly, those two pairs include a new-comer – USDC – stablecoin backed by Circle.

The trading pairs are USDC/BNB and USDC/BTC; the trading starts at 2018/11/17 03:00 AM (UTC). However, users are already able to deposit stablecoin in advance.

Moreover, Binance wrote there would be a “top-ranking auditing firm” to preserve the transparency of the stablecoin. Every month, the firm is bound to provide data of “the corresponding USDC and USD balances held/issued.

We want to remind you, such crypto exchanges as OKEx, Huobi, BitPay, Coinbase have already listed USDC stablecoin on their listings.

Dollar-Pegged Stablecoins Exceeded the Price Point of $1

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Linux System Is Affected By A Malicious Crypto Mining Malware: How To Detect It?

Trend Micro, Japanese company specializing in crypto security, published a report on its website stating that they found a malware affecting Linux system.

The company found a cryptocurrency miner KORKERDS’s hidden activity from Linux users extremely suspicious and started investigation, where they found malware, later called as Coinminer.Linux.KORKERDS.AB, and its rootkit component Rootkit.Linux.KORKERDS.AA. The way of infection will be investigated very soon, there is already some information that the malware may get installed onto computer through a plugin or downloaded software. More technical aspects are described in the report.

The company explains:

“This makes it difficult to detect, as infected systems will only indicate performance issues. The malware is also capable of updating and upgrading itself and its configuration file.”

What is worth to mention is that such operating systems as Mac OS and Linux are considered to be immensely secured, thus, it is hard to integrate any file without users’ consent. The malicious mining software seems to be a built-in plugin, where a user gives an administrator consent to install anything.

Trend Micro provided some Indicators of Compromise (IoCs) to prevent users to be affected: (Editor’s Note: Indicator of compromise (IOC) — is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers. Source: https://en.wikipedia.org/ )

Related hashes (SHA-256):

  • cdd921a5de5d5fffc51f8c9140afa9d23f3736e591fce3f2a1b959d02ab4275e (Trojan.Linux.DLOADER.THAOOAAK)
  • baf93d22c9d1ae6954942704928aeeacbf55f22c800501abcdbacfbb3b2ddedf (Coinminer.Linux.KORKERDS.AB)
  • 0179fd8449095ac2968d50c23d37f11498cc7b5b66b94c03b7671109f78e5772 (Coinminer.Linux.KORKERDS.AA)
  • 023c1094fb0e46d13e4b1f81f1b80354daa0762640cb73b5fdf5d35fcc697960 (Rootkit.Linux.KORKERDS.AA)

Related malicious URL:

  • hxxps://monero[.]minerxmr[.]ru/1/1535595427x-1404817712[.]jpg

We want to remind you, no matter how secure your computer is, in your opinion, it still may be affected by professional cryptohackers. Thereby, if you find any suspicious file or plugin, please, read the following article or consult service centre.

What Is Hidden Mining, Why Is It Dangerous and How to Delete the Virus?

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/