George Robert Carruthers and the Lunar Surface Ultraviolet Camera
🎙️ MetaMask in the Security Ecosystem 🔎
In just the first week of January, Orbit, Radiant, and Gamma all suffered apparent attacks. When these events occur, security researchers spring into action to join war rooms that try to mitigate the damage. But even with the Seal 911 group of auditors and white-hat hackers that was created last August, are we anywhere close to ready for the carnage that might come with the next bull run? Monahan talks about the dangers of bad actors ranging from "script-kiddies'' to APTs, and the lack of accountability when protocols get hacked. It does appear that at least the Orbit hack has the hallmarks of a DPRK-sponsored attack.
The video of Dan’s talk during the Istanbul ‘23 Builder Nights dropped this month. He covers user custody, anti-monopoly, the principle of least authority, object identity, language-level security and more in this jam packed presentation!
Tales of Caution
Summary
Scammers have reportedly stolen over $580,000 USD in cryptocurrency in a phishing attack that used the official email addresses of major Web3 companies, including Cointelegraph, WalletConnect, and Token Terminal. The email service provider MailerLite, allegedly hacked, is currently investigating the issue. The phishing emails contained malicious links leading to a multi-chain address. WalletConnect and other Web3 users have been targeted with emails promoting a launchpad launch and a fake Token Terminal beta launch, both containing links to fictitious airdrops. Cybersecurity platform Hudson Rock suggests that a malware program found on a MailerLite employee's computer might have been used to gain access to MailerLite’s servers for data theft and further attacks.
How Users Can Protect Themselves
To enhance protection against phishing attacks, users should approach unsolicited emails with caution, regularly update and run antivirus software, and enable Blockaid security alerts in their MetaMask settings. This additional measure has proven effective in recent attacks, as all users who had Blockaid alerts enabled were safeguarded from this phishing attempt.
Summary
Check Point Research walks through a large-scale NFT scam campaign that uses a source spoofing technique to target a wide range of token holders. This is a common campaign that scammers with a good understanding of Ethereum smart contracts use to spoof Etherscan logs. The scam involves sending airdrops that appear to come from reputable sources to token holders, who are then directed to a fraudulent website where they are tricked into authorizing the attacker to drain their wallets. The scam is sophisticated, utilizing complex smart contract interactions and a proxy contract to obfuscate the true nature of the transactions.
How Users Can Protect Themselves
Users should approach unsolicited airdrops with caution, scrutinize embedded links in digital assets, and understand the implications of interacting with smart contracts. Users should stay informed about scam tactics, use trusted tools for verifying transactions, and double-check sources of airdrops or transactions. Safe browsing practices and securing assets, such as using hardware wallets for storing significant amounts of cryptocurrency, are recommended. As the blockchain ecosystem evolves, education, caution, and skepticism remain key defenses against potential threats.
Summary
Kaspersky discovered a sophisticated macOS malware campaign that targets users through cracked apps found on pirating websites. The malware, embedded in repackaged pre-cracked applications, initiates an infection through a Trojan proxy and a post-install script. The malware is capable of running on macOS Ventura 13.6 and later, suggesting a focus on users of newer operating systems. The malware uses a program named "Activator" to execute its payload, which includes stealing cryptocurrency wallets. The malware campaign is still a work-in-progress, with the operators frequently updating the malicious scripts. The final payload is a backdoor that can run any scripts with administrator privileges and replace Exodus and Bitcoin cryptocurrency wallet applications with infected versions that steal secret recovery phrases.
How Users Can Protect Themselves
To safeguard against malware attacks, users should strictly download and install applications from official platforms or trusted third-party app stores, avoiding unverified or pirating websites. It's crucial to keep your operating system and all applications updated, as updates often include security patches that guard against known vulnerabilities. Utilizing reliable antivirus or anti-malware software, which should be regularly updated, can help detect and eliminate many types of malware.
