Telegram’s Passport Has Dangerous Weak Points

telegram's passport has weaknesses

As we mentioned earlier, the second “child” of Pavel Durov, the messenger Telegram launched a new KYC system called Passport. According to the official blog, the Passport will be used for a more detailed verification and better protection of data. The representatives of Telegram assured that you could enter any information to the Passport from email address to ID card number.

Nevertheless, the Passport turned out to be not as uncrackable as it was meant to be. The Ukrainian cyber security company Virgil Security detected multiple vulnerabilities in this system. It became known that Telegram is using SHA-512 algorithm to protect the data that is actually not meant for such purposes and can be easily hacked with proper equipment. The Virgil Security representative stated:

Unfortunately, Passport’s security disappoints in several key ways.

Hopefully, Telegram will fix this as soon as possible, and nobody will suffer from any hacker attacks.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Unit 42 Found Malware Which Threatens Israeli Fintech And Crypto Companies

Famous cybersecurity company Palo Alto Networks with its subsidiary Unit 42 found a malware which attacks two Israeli-based fintech companies, according to the recent blog post made by the company.

The report says that Unit 42 first bumped into the malware called Cardinal RAT in 2017, since then malicious software has been attacking two Israeli firms that engaged in crypto trading and developing forex. This malware is a Remote Access Trojan (RAT), by using it the culprit can remotely take control of the system.

The first version of Cardinal RAT has been recently updated, the newest version is using various obfuscation techniques to hinder analysis of the underlying code. The code of the most recent malware is:

SHA256 b742162197744a8caeb09f954213a3172ed699f8375f69c40b57b8c219c5e37c

The software itself gathers different information about victims, later remotely changes or updates its settings, gives commands and even uninstalls itself. The malware is so powerful that it can recover passwords and execute or download files without permission, it also cleans cookies from browsers.

The research team stated in the report that malicious malware Cardinal RAT has similar features with a JavaScript-based malware – EVILNUM. It is also used to attack against fintech organizations. Such malware families are very rare, thus developers and workers of fintech companies should be careful.

We remind you

The Hackers of the “51% Attack” on Ethereum Classic Returned Half of the Stolen Funds

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Most Dangerous Crypto Crimes: What About SIM Swappers?

Cyber attack and crypto crimes in every shape and form are quite abundant on the market of digital assets right now. They all have different goals and different levels of harm. The careful and thorough analysis of such attacks will make it possible to predict them and protect sites, platforms and companies from breaches and money losses.

However, there is a weird tendency going on among the analytical reports, which we will try to explain down below.

Two major cyber security companies Chainalysis and CipherTrace released their analytical statements at the end of last year. Both reports contained statistics on hacker attacks and crypto crimes and an outline of current trends.

The main focus of CipherTrace was different money laundering techniques, cryptocurrencies that are the easiest targets for crypto criminals that choose this path, AML regulations and other related info.

Whereas Chainalysis told its readers on the scale and profitability of such Ethereum scams as phishing and various Ponzi schemes.

Surprisingly, there seems to be nothing about the infamous SIM-swapping.

Just to remind you, SIM-swapping is a kind of a cyber attack aimed at money theft. Simply speaking, a hacker convinces the phone provider to “swap” the number of a victim to a new device. In such way, criminals get full access to the personal information of their victims, still their identity, and later money.

SIM-swapping scams have been involved in multiple scandals with the biggest cell-phone providers of America, the crimes involving this technique resulted in huge money thefts and loud arrests of witty hackers, yet very few reports actually mention it.

However, this still does not diminish the dominance of SIM-swapping over many other types of crypto crimes. In order to fight it, we not only need more coverage from the mass media and analytical firms, but also the cooperation from the cell phone companies to protect the users, their info and their money.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Banks in Canada Employ Hackers to Test Out Their Security Systems

One of the banks in Canada, Toronto-Dominion, chose an interesting technique of testing the proficiency of their security structure. The bank management hired real hackers and asked them to break into their system.

The initiative started out last year by the cyber threat management department. A whole team of cybersecurity experts was hired by the bank and is occasionally trying to hack accounts or networks on behalf of their employers.

We’re doing it exactly how our adversaries would do it … So if we find a weakness or something like that, we can close it or address it before a real attacker,” said a bank representative.

The creative idea was soon adopted by multiple large financial organizations all over the country.

Canadian banks hope that such measures will help in preventing hacker attacks on banks and exchanges that are getting more numerous, intricate and harder to battle by the day.

We remind you:

Two Groups of Professional Hackers Carry Out 60% of All Crypto Attacks

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

The Exchange Cryptopia Suffers from Another Hacker Attack

As we reported earlier, the cryptocurrency exchange Cryptopia, based in New Zealand, went through a major hacker attack, which resulted in significant money losses. We remind you:

Cryptopia Got Hacked, Crypto Exchange Is Suffering “Significant Losses”

However, it seems that the hard times are not over for Cryptopia. The hackers that robbed it earlier went quiet for two weeks just to lull everybody’s vigilance and prepare for a new attack.

According to the statistical data from the company Elementus, the cyber criminals got hold of 1675 ETH from 17 thousand different wallets. In monetary terms, this sum of money amounts to around 181 thousand dollars.

At first, it looked like Cryptopia was moving the assets of its users to protect them, but later on it turned out that those were the hackers moving the money to their cryptocurrency wallets.

Shockingly, some users are still unaware of the hacker attack and keep depositing money onto their wallets, in other words, into the pockets of the hackers.

The hacker has the private keys and can withdraw funds from any Cryptopia wallet at will,” claimed the Elementus team.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Two Groups of Professional Hackers Carry Out 60% of All Crypto Attacks

As it has been reported by the analytical company Chainalysis, more than a half of all cyber attack leading to crypto theft were conducted by only two groups of people. Altogether they stole around 1 billion dollars.

Despite the common misconception that a hacker should definitely be a nerdy, skinny guy in glasses, always shy and quiet, maybe even a sociopath, this actually couldn’t be further from truth. Most cyber criminals work in groups and all of their operations are meticulously thought-out and calculated.

Chainalysis pointed out two major crypto “gangs” and called them Alpha and Beta. These two organizations, however, the objectives of their attacks are quite different. While group Beta just aims to get more money and multiply their bank accounts, group Alpha is pursuing much darker things, such as sponsoring acts of terror and human trafficking.

Moreover, both of the organizations professionally hide their trails, using multiple wallet addresses, crypto mixers and difficult money laundering schemes. This makes it almost impossible to catch them and track down the stolen assets.

As for how to protect oneself from such attacks, Chainalysis suggested the following:

A working knowledge of how hackers move funds can equip legitimate participants to identify unusual spikes in transactions that may be tied to criminal activity. Cooperation between exchanges also goes a long way to help fight crime in this ecosystem. Neutral intermediaries between exchanges can play an important role in this effort.”

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/

Telegram Open Network Might See the World in March

The development of Pavel Durov Telegram is in the top-10 most widely used messengers in the world. It has over 200 thousand users every day.

Having collected over one and a half billion dollars during ICO, Telegram Open Network (TON) is by no doubt the largest blockchain project in Russia. Thus, it obviously attracts massive attention.

We reported back in November about the level of its readiness.

We remind you:

The Open Network of Telegram is 70% Done

Although there is not much official information available, a source of Cointelegraph, who is supposedly the insider of Telegram, the blockchain platform of the messenger will be released in March of 2019.

It was also mentioned that the CEO of Telegram Pavel Durov did not want the information of the release date to be disclosed, so the exact date is still unclear. Moreover, there is a possibility that the date will be changed completely.

According to the report published by The Bell, the platform is 90% ready, while the Testnet is about to be launched.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/