By Waqas
When it comes to the best dark web search engines, first and foremost, you want a search engine that is private and secure, as well as one that can be used anonymously.
This is a post from HackRead.com Read the original post: 8 Online Best Dark Web Search Engines for Tor Browser (2022)

The **Dark Web**, also known as the Dark Net, is a part of the Internet that is not accessible through standard web browsers. It can only be accessed through specialized software such as the Tor browser.

The Dark Web is often associated with illegal activity such as cybercrime including drug dealing, child abuse, and terrorism. However, there are also many legitimate uses for the Dark Web, such as anonymity for whistleblowers and journalists. **Facebook** and **Twitter** also have their dark web domains. (_If you didn’t know now you know_).

Despite its reputation, the Dark Web is a relatively small part of the overall Internet. It is estimated that only around 4% of all websites are accessible through the **Tor browser**.

**What is a Tor Browser?**

The Tor Browser is a free and open-source web browser that is based on the Mozilla Firefox web browser. The Tor Browser is designed to protect your privacy and anonymity when using the internet.

The Tor Browser routes your internet traffic through a network of servers, making it difficult for anyone to track your online activity. The Tor Browser is available for Windows, macOS, and Linux.

Tor is short for “The Onion Router”. The Tor network was **originally developed** by the US Naval Research Laboratory as a way to securely communicate between government agencies.

The Tor network consists of a series of volunteer-run servers that route internet traffic through a series of encrypted tunnels. This makes it difficult for anyone to track your online activity or identify your location.

**How to Download Tor Browser?**

The Tor Browser, as we know it, is available for Windows, macOS, Linux, and Android. To download the Tor Browser, visit the official website at **Torproject.org**. Once you’re on the website, click “Download Tor Browser.” Then, select the appropriate version for your operating system and follow the prompts to complete the installation.

Once you have the Tor Browser installed, launch it and click “Connect.” That’s it! You’re now browsing anonymously. Keep in mind that because Tor encrypts your traffic, your internet speeds may be slower than usual. But rest assured that your privacy and security are well worth the trade-off.

**You May Also Like**

1.  **What Are Dark Web Search Engines and How to Find Them?**
2.  **Brave Browser enters dark web with its own Tor Onion service**
3.  **Online Anonymity – How to Keep Yourself Safe and Unidentified**
4.  **Why torrenting on Elon Musk’s Starlink Internet is not a good idea?**
5.  **USA Wants Russians to Share Secret Info with the CIA on the Dark Web**

**Best Dark Web Search Engines for Tor Browser**

When it comes to the best dark web search engines, there are a few things to keep in mind. First and foremost, you want a search engine that is private and secure, as well as one that can be used anonymously.

Additionally, you want a search engine that is fast and efficient, so you can get the information you need without any delays. Assuming those are your priorities, here are 8 dark web search engines to use with Tor Browser:

**1\. Ahmia.fi**

Ahmia.fi is a search engine designed to allow access to the so-called “dark web” or “dark net” – a hidden part of the internet that can only be accessed using specific software, such as the Tor browser.

Ahmia is one of a small number of dark web search engines that allow users to access the dark web, and it has been praised for making this otherwise hidden part of the internet more accessible.

However, Ahmia also has a policy against any “abuse material,” something different from many other dark web search engines that also index websites featuring child sexual abuse content.

Ahmia is available on the **surface web** and supports searches on the i2p network as well. You can visit Ahmia’s .Onion domain **here**. 

Home page of Ahmia dark web search engine

**2\. Haystak**

Haystak is one of the dark web search engines designed for the Tor network. The search engine claims to have indexed over 1.5 billion pages which includes more than 260,000 websites, Haystak indeed would stand out to be a resourceful engine on the list.

Haystak also has a paid version which offers a number of additional features such as searching using regular expressions, browsing now-defunct onion sites, and accessing their API. You can visit Haystak by following its .Onion link **here**. 

Home page of Haystak dark web search engine

**3\. The Hidden Wiki**

The Hidden Wiki is a dark web directory that can only be accessed using the Tor network. The site contains links to a variety of different websites. The Hidden Wiki is a valuable resource for those who wish to explore the dark web, as it provides a safe and easy way to access a variety of different sites.

A **surface web version** is also available. You can visit The Hidden Wiki by following its .Onion link **here**. 

Home page of The Hidden Wiki

**4\. Torch**

Torch is one of those dark web search engines that have lasted for long enough (since 1996). Torch, like other search engines, crawls these addresses and indexes their content, making it searchable for users.

However, speaking based on personal experience, its search results are not impressive. For instance, I wanted to know Twitter’s onion URL, a very simple piece of information. Yet, it reported everything but that showing how far these search engines have to go in order to improve.

On the other hand, it is fast and can come in handy regardless. Nevertheless, you can visit Torch by following its .Onion link **here**. 

Home page of Torch dark web search engine

**5\. Recon**

This particular search engine was built by Hugbunt3r, a prominent member of the popular **Dread service** on the dark web. It aims to serve as a database through which users can search for products from different vendors in different marketplaces on the dark web.

Individual profile viewing options for vendors & marketplaces are also available including details like ratings, mirror links, number of listings, and uptime percentage. You can visit Recon by following its .Onion link **here** and just in case you manage to bypass its DDoS protection captcha page let us know in the comment section because we failed to do so. (_Good luck_).

Home page of Recon dark web search engine

**6\. DuckDuckGo**

Did you know DuckDuckGo is available on the dark web and they have their .Onion domain as well? Yes, but it only displays results from the surface web even if used on the Tor browser.

Yet, when it comes to anonymity DuckDuckGo has a proven track record which is why the privacy advocate team behind DDG is known as a long-time foe of Google. You can visit DuckDuckGo by visiting its .Onion link **here**. 

Home page of DuckDuckGo dark web search engine

**7\. Onion Search**

Onion Search is a search engine for the dark web that enables users to find and access Onion sites. The site is designed to be used with the Tor browser, which allows users to browse the internet anonymously.

A look at its about page reveals that the search engine is being operated from France as the search engine acknowledges to be “fully compliant with the Law of France.” Another noteworthy option on the search engines is that one can report child abuse content to the administrator who vows to remove it.

Onion Search is available on the **clear net** as well as on the dark web through its **.Onion domain**.

Home page of Onion Search dark web search engine

**8\. Deep Search**

Deep Search is a search engine for the dark web. It is designed to index and search onionspace, the hidden services portion of the Tor network. DeepSearch is open source and available for anyone to use.

According to my personal experience, Deep Search seems to provide pretty accurate and useful results, unlike others who spam users with spam links. Another noteworthy feature of Deep Search is that it provides a list of marketplaces, exchanges, and websites involved in scamming users.

If you want to give Deep Search a try check their .Onion domain **here**.

Home page of Deep Search dark web search engine

To conclude, you may also find the links of other dark web search engines but these happen to be the ones that stand out the most.

**How to Download Tor Browser?**

The Tor Browser, as we know it, is available for Windows, macOS, Linux, and Android. To download the Tor Browser, visit the official website at **Torproject.org**. Once you’re on the website, click “Download Tor Browser.” Then, select the appropriate version for your operating system and follow the prompts to complete the installation.

Once you have the Tor Browser installed, launch it and click “Connect.” That’s it! You’re now browsing anonymously. Keep in mind that because Tor encrypts your traffic, your internet speeds may be slower than usual. But rest assured that your privacy and security are well worth the trade-off.

**What NOT TO DO on Dark Web?**

The dark web is a place full of potential danger. There are many things that can go wrong when visiting the dark web, and it’s important to be aware of them before you go. Here are some things to avoid doing on the dark web:

*   Don’t click on any links unless you know where they lead. Many links on the dark web lead to illegal drug markets, child abuse content, malicious sites, or downloads.

*   Never enter your personal information into any form on the dark web. This includes your name, address, email, and phone number.

*   Don’t download anything from the dark web unless you trust the source. There are many viruses and malware lurking on the dark web, waiting to be downloaded by unsuspecting users.

*   Never ever download illegal and abusive content that includes content against children, torture, blackmail, and other malicious content.

**Use a VPN**

Although the Tor browser protects your online privacy using a **reliable VPN** at the same time is a plus. A VPN will encrypt your traffic and hide your IP address, making it much harder for someone to track you down. Additionally, if you are on a clear net, a VPN will give you access to blocked websites and content.

1.  **Tor Anonymity: Things NOT To Do While Using Tor**
2.  **CISA Publishes List of Free Cybersecurity Tools and Services**
3.  **New Underactor tool reveals pixelated text to expose sensitive data**
4.  **Download Kali Linux 2022.1 with new tools and wider SSH compatibility**
5.  **Cybersecurity, Big Data, Automation Tools: What Marketers Need To Know**

8 Online Best Dark Web Search Engines for Tor Browser (2022)

By Deeba Ahmed
According to local media, this is an "extremely serious" leak because EMGFA, Portugal's armed forces' central unit, stores secret NATO information.
This is a post from HackRead.com Read the original post: Sensitive NATO Data Stolen in Cyberattack on Portugal’s Armed Forces

Portugal’s leading news outlet Diário de Notícias reported that the country’s central military unit EMGFA was targeted in a cyberattack. The attack resulted in the exfiltration of hundreds of confidential NATO documents sent to Portugal. Reportedly it was a prolonged and unprecedented cyberattack. The stolen files are currently up for sale on the **Dark Web**.

Portugal was also a victim of a security breach in 2018 involving leaking sensitive NATO and EU documents. Portuguese intelligence officer Frederico Carvalho Gil was found guilty of spying for Russia and was convicted for selling classified documents to a Russian agent.

**Attack Details**

**According to** the newspaper, this is an “extremely serious” leak because EMGFA, Portugal’s armed forces’ central unit, stores secret **NATO** information. Portugal’s Prime Minister António Costa was alerted about the attack by American intelligence agencies after they discovered sensitive NATO documents sold on Dark Web in August. US authorities contacted the PM through the US embassy in Lisbon.

Initial investigation revealed that security roles for storing classified data were broken because unsecured connections were used for forwarding and receiving documents. It was later identified that the attack was undetectable and launched through a bot network primarily designed to obtain sensitive data. The national office of security (GNS), External Secrets, and the secret service are investigating the hack.

**Government’s Response**

The Prime Minister’s office spokesperson commented that the government is dedicated to maintaining and protecting its armed forces and the Defense Ministry’s credibility as a founding member of NATO. The spokesperson further noted that the credibility was still “intact.”

> “Whenever there is a suspicion of a compromised cybersecurity network … the situation is extensively analyzed, and all the procedures are implemented.”
> 
> Prime Minister’s office spokesperson

Reportedly, NATO has demanded an explanation from the Portuguese government regarding the data leak, and two government officials will visit NATO headquarters in Brussels. A high-level meeting is planned for next week. The news outlet contacted the US embassy in Lisbon and other government institutions to find more details on the attack, but nothing was shared.

The PM’s office is investigating the case. There is no confirmation from the Prime Minister’s office that a breach had occurred. So far, it seems that the hack happened on EMGFA computers, mainly those used by the general directorate of national defense resources and CISMIL (the military secrets department).

It is a developing story. Keep visiting hackread.com to find out more details.

**Europe, NATO, and Data Breach**

As the world’s largest military alliance, NATO has access to a wealth of data that would be of interest to hackers. This data includes information on military operations, troop movements, sensitive diplomatic negotiations, and much more.

The importance of NATO data to hackers can be quantified by the fact that NATO is one of the prime targets of government-backed hackers. In August 2022, NATO was already investigating another large-scale data breach involving the world’s 2nd largest manufacturer of missiles MBDA. As **reported by Hackread.com**, hackers are selling 70 GB worth of MBDA’s alleged data for 1 BTC on a Russian forum.

1.  **Smartphones of NATO Soldiers Compromised By Russian Hackers**
2.  **European Spyware Vendor Offering Android and iOS Device Exploits**
3.  **Authentication bypass vulnerability found in NATO, EU-approved firewall**
4.  **Dark web data center in former NATO bunker seized for hosting child porn**
5.  **Fake WHO Safety Emails on COVID-19 Dropping Nerbian RAT Across Europe**

Sensitive NATO Data Stolen in Cyberattack on Portugal’s Armed Forces

By Deeba Ahmed
The stealthy malware leverages security flaws to gain privilege escalation and establish persistence.
This is a post from HackRead.com Read the original post: Stealthy Linux Malware Shikitega Deploying Monero Cryptominer

AT&T Alien Labs reports that a new Linux malware dubbed Shikitega infects computers and **IoT devices** (internet of things) with multiple payloads. The stealthy malware leverages security flaws to gain privilege escalation and establish persistence. After the attacker controls the system, a **cryptocurrency miner** is deployed.

**Infection Chain Analysis**

As **pointed out** by AT&T Alien Labs, Shikitega malware entails a multi-step infection chain. It delivers a few hundred bytes per layer to encourage module activation. Each module responds to a different part of the payload, after which the next one is executed.

The malware allows attackers to control the system completely and run cryptominers. Each module has a specific task, such as downloading/executing **meterpreter Metasploit**, setting persistence on the infected device, exploiting Linux flaws, and downloading/executing a **cryptominer**.

The method to gain initial compromise is yet unknown. The first infection layer is a 370 bytes ELF file containing the encoded shellcode. After the decryption is completed, the final Mettle payload with remote code execution and control capabilities is executed through “int 0x80,” which helps execute the appropriate syscall.

Afterward, it downloads and runs other commands received from its C2 server by calling 102 syscall. The commands aren’t stored in the hard drive but executed from memory. Mettle retrieves a smaller ELF file that downloads and executes the cryptominer.

Shikitega operation process

Furthermore, Shikitega uses a polymorphic XOR additive feedback encoder dubbed **Shikata Ga Nai**. It was previously examined by researchers, which reported that each encoded shellcode it creates is different from the rest because it uses several techniques like dynamic block ordering, dynamic instruction substitution, and randomization of instruction spacing between instructions.

In this campaign, this encoder is employed to make detection by antivirus engines complex and exploit cloud services.

> “Shiketega malware is delivered in a sophisticated way, it uses a polymorphic encoder, and it gradually delivers its payload where each step reveals only part of the total payload.”
> 
> Ofer Caspi – AT&T

Shikitega is an evasive malware because it can download next-stage payloads from a C2 server and directly executes them in memory. It achieves privilege escalation through exploiting PwnKit or **CVE-2021-4034** and **CVE-2021-3493**. The attacker can easily abuse the elevated permissions to fetch the final stage shellcode scripts with root privileges and deploy **Monero cryptominer**.

1.  **New Linux malware is evading detection to mine cryptocurrency**
2.  **Old crypto malware makes come back, hits Windows, Linux devices**
3.  **New Linux Malware Installs Bitcoin Mining Software on Infected Device**
4.  **Golang malware infecting Windows, and Linux servers with XMRig miner**
5.  **ElectroRat crypto-stealing malware hits macOS, Windows, Linux devices**

Stealthy Linux Malware Shikitega Deploying Monero Cryptominer

By Deeba Ahmed
Worok is primarily targeting organizations in banking, telecommunication, marine, military, energy, public sectors, and government in its current campaign.
This is a post from HackRead.com Read the original post: Worok Hackers Targeting Orgs, Govts in Asia, Middle East and Africa

ESET telemetry has discovered a new malware campaign targeting local governments and high-profile organizations in Asia, the Middle East, and Africa.

In the recently discovered targeted attacks, undocumented tools are being used by a lesser-known cyberespionage group identified as Worok discovered by ESET researcher Thibaut Passilly.

This group has been active since 2020, when it targeted governments and organizations in multiple countries, including a telecom firm in East Asia, a bank in Central Asia, and a Southeast Asian maritime sector firm.

Worok is primarily targeting organizations in banking, telecommunication, marine, military, energy, public sectors, and government in its current campaign. The group claims to be a cyberespionage collective that develops its own tools and uses existing tools to compromise the target. Its custom toolset in 2021 included:

*   CLRoad (a first-stage loader).
*   PNGLoad (a second-stage loader).
*   A full-featured PowHeartBeat backdoor written in PowerShell.

The backdoor can command and process execution and perform file manipulation. 

**Campaign Details**

According to ESET’s research, attackers sometimes exploited the infamous ProxyShell vulnerability (**CVE-2021-34523**) discovered in 2021 to gain initial access. Malware operators are looking to obtain sensitive information from their targets as their focus has been on “high-profile entities in Asia and Africa,” and they have targeted both public and private sector firms. Besides, they are also focusing on government entities.

After gaining initial access, the operators deploy numerous publicly available tools for further infiltration, including **EarthWorm**, **Mimikatz**, **NBTscan**, and **ReGeorg**. Then they deploy their custom implants, including a first-stage loader followed by a second-stage .NET loader. The researchers could not identify the final payloads, ESET’s Thibaut Passilly wrote in a **blog post**.

After observing the Worok group’s activity in 2020, ESET noticed a break between May 2021 and January 2022, and then it resurfaced in February 2020, during which it targeted an energy firm in Central Asia and a public sector organization in Southeast Asia,

> “While our visibility at this stage is limited, we hope that putting the spotlight on this group will encourage other researchers to share information about this group.”
> 
> ESET

1.  **Nation-State Hackers Targeted Facebook – Meta**
2.  **Iranian hackers deface US government & African bank website**
3.  **Windows, Linux and macOS Hit by Chinese Iron Tiger APT Group**
4.  **US Warns Firms About North Korean Hackers Posing as IT Workers**
5.  **Indian APT exposes its Modus Operandi by infecting their own devices**

Worok Hackers Targeting Orgs, Govts in Asia, Middle East and Africa

By Deeba Ahmed
According to the DoJ, WT1SHOP was operated by a 36-year-old national of the Republic of Moldova identified as Nicolai Colesnicov.
This is a post from HackRead.com Read the original post: WT1SHOP Cybercrime Market Seized by US and Portuguese Authorities

The UD Department of Justice (DoJ) has confirmed that the notorious cybercrime marketplace WT1SHOP has been taken down by the US and Portuguese authorities for its involvement in nefarious activities.

According to the federal criminal complaint against the marketplace, it made millions of dollars by selling PII (personally identifiable information) over the years. This was one of the largest **cybercrime marketplaces** and offered around 6 million records for sale.

**Complaint Details**

According to the **complaint** filed on 21 April 2022, WT1SHOP was operated by a 36-year-old national of the Republic of Moldova identified as Nicolai Colesnicov. The marketplace offered vendors stolen information including around 1.7 million login credentials like PII, approx. 25,000 scanned passports, driver’s licenses, 108,000 bank accounts, and 21,800 credit cards – Buyers could buy the records using **Bitcoin**.

Screenshot of WT1SHOP’s homepage

The website had 106,273 registered users and 94 registered sellers as of December 2021. By June 2020, WT1SHOP had sold 2.4 million credentials for $4 million. This included retailers’ and financial institutions’ login credentials, email credentials, PayPal accounts, and ID card details. Moreover, it also sold credentials for remote access and control of computers, network devices, and servers.

**Shutting Down of WT1SHOP**

Authorities traced Bitcoin sales on the marketplace, and payments were made to its web host and email IDs. The login information was identified to be linked to Colesnicov. WT1SHOP was seized by Portuguese authorities, and four domains (wt1shop.net, wt1store.cc, wt1store.com, and wt1store.net) were taken down by their counterparts in the USA.

After the website and its domains were seized, the DoJ unsealed the website seizure and criminal complaint. It was announced by the US Attorney for the District of Maryland, Erek L. Barron, and FBI’s Washington Field Office, Criminal Division’s Special Agent in Charge, Wayne Jacobs. 

Colesnicov has been charged with trafficking in unauthorized access devices and conspiracy. He could get a maximum penalty of ten years in federal prison if convicted.

1.  **Hundreds of Sites and Piracy Apps Seized in US and Brazil**
2.  **Dark Web’s only Finnish language market Sipulimarket seized**
3.  **SSNDOB Cybercrime Marketplace Seized in Intl. Coordinated Op**
4.  **Domain, server of DoubleVPN used by ransomware gangs seized**
5.  **$3.6 billion Bitcoin seized from crooks tied to 2016’s Bitfinex hack**
6.  **FBI Seizes RaidForums, Arrests Alleged Founder Diogo Santos Coelho**

WT1SHOP Cybercrime Market Seized by US and Portuguese Authorities

By Deeba Ahmed
The botnet is exploiting four different vulnerabilities in D-Link devices.
This is a post from HackRead.com Read the original post: Mirai botnet resurfaces with MooBot variant to target D-Link devices

Palo Alto Networks’ Unit 42 researchers have reported the emergence of a new **Mirai botnet** variant dubbed MooBot. This variant is looking for unpatched D-Link devices to create its army of DDoS (distributed denial of service) bots. For compromising vulnerable D-Link routers, MooBot uses multiple exploits

**Re-Emergence of Notorious MooBot**

The MooBot botnet was first discovered by Qihoo 360’s Netlab in Sep 2019, whereas the most recent wave of attacks involving MooBot, before the one detected by Palo Alto, was discovered by Fortinet analysts in Dec 2021. Researchers identified that MooBot targeted a flaw in Hikvision cameras and enlisted a large number of devices into its DDoS army.

In early August, Unit 42 researchers discovered a new attack wave. This time, MooBot’s targets were **unpatched D-Link routers**, which it compromised using old and new exploits.

**Exploited Vulnerabilities**

The botnet is exploiting four different vulnerabilities in D-Link devices, including the following:

*   CVE-2022-26258 (CVSS score: 9.8) – D-Link Remote Command Execution Vulnerability
*   CVE-2022-28958 (CVSS score: 9.8) – D-Link Remote Command Execution Vulnerability
*   CVE-2015-2051 (CVSS score: 10.0) – D-Link HNAP SOAPAction Header Command Execution Vulnerability
*   CVE-2018-6530 (CVSS score: 9.8) – D-Link SOAP Interface Remote Code Execution Vulnerability

Source: **Palo Alto Networks**

Previously it targeted LILIN digital video recorders apart from **Hikvision video surveillance devices**.

**What Happens If Devices are Compromised?**

According to Unit 42 researchers, an attacker can gain full control of the compromised devices. They can use them to perform various attacks, including remote code execution and retrieving MooBot payload from a remote host to parse instructions from a C2 server and **launch DDoS attacks**. It can also target specific port numbers and IP addresses for DDoS.

Campaign overview (Palo Alto Networks)

D-Link has released security updates to address the flaws. However, there are still countless unpatched devices. Many are yet to be patched for the last two vulnerabilities (**CVE-2022-26258**, **CVE-2022-28958**) discovered in March and May 2022.

The low-attack complexity of the vulnerabilities lets the attacker gain remote code execution, and using arbitrary commands they can easily get malware binary. It is worth noting that the C2 address used in the current attack wave is different from the wave identified by Fortinet.

It is necessary to **apply patches** as soon as possible and keep your device updated to prevent the MooBot threat.

1.  **Hackers behind Mirai botnet & DYN DDoS attacks plead guilty**
2.  **Reaper malware outshines Mirai; hits millions of IoT devices worldwide**
3.  **Tiny Mantis Botnet Can Launch More Powerful DDoS Attacks Than Mirai**
4.  **Persirai malware in action: IP cameras all across the world compromised**
5.  **Mirai Variant ‘OMG’ Turns IoT Devices into Proxy Servers for Cryptomining**

Mirai botnet resurfaces with MooBot variant to target D-Link devices

By Deeba Ahmed
Interpol has confirmed the dismantling of a transnational sextortion gang that raked in a whopping $47,000 from dozens of victims.
This is a post from HackRead.com Read the original post: 12 Arrested as Interpol Takes Down Transnational Sextortion Ring

Interpol has confirmed the dismantling of a transnational **sextortion** gang that raked in a whopping $47,000 from dozens of victims. As per Interpol, 12 individuals have been arrested for alleged involvement in the gang’s malicious activities.

Reportedly, the arrests took place between July and August 2022 after the conclusion of a joint investigation from Interpol’s cybercrime unit along with Singapore and Hong Kong police.

The agency traced at least 34 cases, all linked to the same gang. The criminals mostly targeted people in Hong Kong and Singapore via online dating and sex platforms.

> “We conducted a proactive investigation and in-depth analysis of a zombie command and control server hosting the malicious application, which, along with the joint efforts by our counterparts, allowed us to identify and locate individuals linked to the criminal syndicate.”
> 
> Raymond Lam Cheuk Ho – Hong Kong Police

**Modus Operandi**

For your information, **sextortion is a form of sexual exploitation** in which a target is coerced into producing sexually explicit content through manipulation or threats. The victims would send the content to the criminals, which is later used to blackmail them.

According to Interpol’s **press release**, in this campaign, the victims were tricked into downloading an app to their devices to engage in naked chats, but the app contained malware designed to steal their contacts. The extorters would receive the nude videos through the app and threaten to send them to all their contacts if the victim didn’t pay the amount.

However, the sextortionists didn’t always rely on the same modus operandi. Sometimes they spammed their victims with messages, informing them about **secretly filming their intimate videos** via their webcam. They also used breached info like email IDs and passwords to make their threats appear legit.

Interpol has observed a sharp rise in sextortion complaints in the past few years, primarily during the **COVID-19 pandemic**. Even a single intimate image or video can make the victim vulnerable to sextortion threats. The agency urged victims of sextortion or other threats to stop contact with the blackmailers and share evidence with the police. In any situation, the victims must not pay the malicious actors, Interpol advises.

1.  **Sultry Sextortion Sisters Meet Their Match In Nigerian Oil Billionaire**
2.  **Leader of biggest online sextortion ring ‘Nth Room’ jailed for 40 years**
3.  **Dark web: Child abuse, real-life blackmailing site DarkScandals seized**
4.  **New sextortion scam claims to record you with hacked Google Nest cam**
5.  **Sextortion, Cyber Stalking: U.S. Embassy Official Facing 4 Years in Prison**

12 Arrested as Interpol Takes Down Transnational Sextortion Ring

By Deeba Ahmed
SharkBot malware is known for spreading itself through fake security solution apps on Google Play Store.
This is a post from HackRead.com Read the original post: Malicious Security App on Play Store Caught Dropping SharkBot Malware

NCC Group’s Fox-IT reported that the dangerous Android banking malware **SharkBot** has appeared on Google Play Store yet again. The warning about malware presence on Google Play Store was shared on Friday, September 2nd by threat intelligence analysts Alberto Segura and Mike Stokkel. The duo also co-authored Fox-IT’s report on the new development.

**Malware Disguised in Play Store Apps**

The malware is disguised as antivirus and cleaner applications. Unlike its previous installments, the new dropper doesn’t just rely on Accessibility permissions to install the malware automatically. Instead, it compels the victims to install a **fake update** for their antivirus to prevent malware threats. This update contains the SharkBot banking trojan.

The apps in which the malware is hidden are Kylhavy Mobile Security and Mister Phone Cleaner. The two apps collectively boast 60,000 installations. According to the researchers’ **blog post**, these have been designed to target users in the following countries:

1.  USA
2.  Spain
3.  Poland
4.  Austria
5.  Germany
6.  Australia

**Dropper Analysis**

**According to** ThreatFabric security firm, a new version of SharkBot trojan is dropped in this campaign, dubbed V2. It features an updated C2 communication method, a refactored codebase, and a domain generation algorithm/DGA.

After it is installed on the device, it **snatches** the victim’s valid session cookie using the command LogsCookie whenever they log into their crypto or bank account. This helps the malware bypass authentication and fingerprinting methods to steal funds.

> “Until now, SharkBot’s developers seem to have been focusing on the dropper in order to keep using Google Play Store to distribute their malware in the latest campaigns,” Segura and Stokkel noted.

Italian security firm Cleafy reported that 22 targets of SharkBot have been identified so far, including five cryptocurrency exchanges and several international banks in the UK, USA, and Italy. Cleafy discovered the first version of SharkBot in October 2021.

**Malware Functionalities**

Fox-IT stated that the new version of SharkBot (v. 2.25) was discovered on 22 August 2022. It boasts plenty of new functionalities, including the capability of stealing cookies when the victim logins into their bank accounts. It can also alter automatic replies to incoming messages with links containing malware.

Since it no longer requires eschewing Accessibility permissions to install the malware, it indicates scammers are continuously improving their attack tactics to prevent detection. They have also discovered ways to bypass Google’s new security **restrictions** and can successfully curtail APIs abuse. Furthermore, SharkBot’s unique stealing mechanisms include:

*   Logging keystrokes.
*   Intercepting SMS messages.
*   Injecting fake overlays to obtain banking credentials.
*   Conducting fraudulent fund transfers through the Automated Transfer System.

Researchers stated that users who have installed these apps could be at risk. Hence, they must immediately, manually remove them from their devices.

**SharkBot and Play Store**

This is not the first time the SharkBot malware has been found on Google Play Store. In fact, the malware has been on the marketplace since earlier 2022. In March, for instance, **Hackread.com reported** the presence of SharkBot in several fake anti-virus apps. The malicious apps had almost 60,000 downloads.

**Protection Against Malicious Apps**

With more than two billion active Android devices, it is no wonder that the Google Play Store is a target for malware developers.

However, at the same time, it is one of the most secure platforms for downloading Android apps. So how can you protect your phone from all of the bad stuff? Here are a few tips:

1.  First, make sure you’re running the latest version of Android. Google is constantly working to improve security on the platform, so newer versions of Android are less vulnerable to attack.
2.  Next, look at the app permissions before installing anything from the Play Store. If an app asks for more permissions than it needs, that’s a red flag that it might be up to no good.
3.  Install a reputable security app from the Play Store. This will add an extra layer of protection to your device, catching any malware that slips through the cracks.
4.  Only download apps from trusted sources. This means avoiding third-party app stores and websites – Stick to the Google Play Store.
5.  Finally, check reviews before downloading an app. If an app has a lot of negative reviews, it’s probably not worth your time. (**_Read how fake reviews cause 50% of threats against Android_**).

1.  **Play Store Apps Caught Spreading Android Malware to Millions**
2.  **BRATA Android malware factory resets phones after stealing funds**
3.  **New MaliBot Android Malware Found Stealing Personal, Banking Data**
4.  **Microsoft Warns of Evolving Toll Fraud Android Malware Draining Wallets**
5.  **New Russian Android Malware Tracks GPS Location and Spies on Victims**

Malicious Security App on Play Store Caught Dropping SharkBot Malware

By Owais Sultan
Nomad Crypto incident was reported in August 2022 in which $190 million were stolen in a series of hacks.
This is a post from HackRead.com Read the original post: The Lessons to Learn from Nomad Crypto Hack

In what sounds like a case of gross negligence, Nomad, a new start-up in the cryptocurrency space, lost $190 million in a series of hacks. But in this instance, calling it hacks is being too nice. Usually, hackers require skills and strategies that take time and effort to execute. 

Apparently, in Nomad’s case, the attacks were a “free-for-all” crypto spree where anyone, even people with no prior **IT skills**, could seize on the platform’s shortcomings and withdraw crypto from its accounts. To make matters worse, the hackers could even withdraw more that was available in the accounts. 

If you’re baffled like we are, grab onto your socks and keep reading to learn more about what might have transpired at Nomad.

**What is Nomad Crypto Startup?**

Nomad is a crypto wallet or bridge that lets you transfer crypto from one blockchain network to another safely and conveniently. Obviously, not. But **crypto bridges** work by wrapping tokens on one network to an equivalent amount on another. This might sound complicated, but it’s really not. Think of wrapped tokens as representations of the value of the original token on other platforms. 

Furthermore, Nomad is a blockchain messaging platform that allows players such as developers to share arbitrary data across chains and even make **smart contracts**. The service makes online collaborations when developing blockchain applications while working from different regions much more convenient. 

**What Safety Considerations Should You Have When Buying Crypto?**

It’s unfortunate, but the world of **cryptocurrency** is cutthroat in every sense of the word. On the business side, hundreds of currencies exist, and more are joining the market every day, driving up the competition. There are also hundreds of different crypto products at various stages of their development process. Furthermore, we are also only starting to understand the real implications of blockchain technology and cryptocurrencies.

Unfortunately, this has also created the perfect storm for scammers and players with malicious intent to thrive. For instance, **in the case of Nomad**, even though we still maintain that this is a case of gross negligence, it also reflects the prevalent evils in this space. However, vulnerabilities, where anyone can just walk into a platform and withdraw more than there is, should not exist in the first place. 

The pill is easier to swallow when you hear hackers went on a phishing expedition or discovered a system flaw that moves the industry’s security forward. As such, you should be very keen with any dealings or transactions you make with crypto to avoid being one of the victims. 

One way to protect yourself is to **buy crypto with a prepaid card** that does not link back to your primary accounts or personal information. This will limit your risk of losing more than is on the prepaid card if you get hacked or compromised somehow. 

You should also only sign on to crypto services like bridges, wallets, exchanges, and currencies on reputable platforms with a proven safety record. As important as first adapters are to the product introduction cycle, we can all agree it’s safer to step back from new ones in the crypto scene. This will ensure you’re not one of the people who lose their investments from hacks like the one witnessed at Nomad.

**A problem to Solve**

The truth is that stories of people invested in a new crypto venture losing their money are **common in the news today**, and we have all but grown numb and accustomed to them. But it should not be this way. 

For far too long, hackers and ill-prepared crypto platforms have cost far too many their crypto investments and confidence in the system. And even though, in Nomad’s case, they have attempted to recover the lost funds, we think it’s time authorities take a hard look at the **crypto industry** and provide lasting solutions to the problems that plague it.

1.  **United States Blacklists the Infamous Tornado Cash**
2.  **MetaMask to Apple Users: Disable iCloud Backup for Wallets**
3.  **If the Ethereum Merge Fails, L2s Will Be More Vital Than Ever**
4.  **Scammers Made Deepfake AI Hologram of Binance Executive**
5.  **$625 million from Axie Infinity stolen in fake LinkedIn job scam**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The Lessons to Learn from Nomad Crypto Hack

By Waqas
Samsung says the data breach took place in July 2022 however it was only discovered on August 4th, 2022.
This is a post from HackRead.com Read the original post: Samsung Data Breach Exposed Private Data of US Customers

**Samsung** has announced that it suffered a data breach in July 2022 involving the personal data of US customers. The incident happened in late July this year and was discovered on August 4th, 2022.

According to the South Korean technology giant, the incident resulted in the breach of private user data such as names, dates of birth, product registration data, demographic information, and contact numbers.

Samsun sent out an email alert to its users after a hacker managed to breach the security of the tech giant’s US systems and stole customers’ data.

The company assured that the breach didn’t impact its customers’ credit card numbers and social security data, which was also stored in the system. The company has yet to disclose the number of affected customers but has notified them through an email sent on Friday.

> “On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected.”
> 
> Samsung

Samsung noted that the breached data may vary according to relevant customers and that none of the consumer devices were hacked by this breach. It also stated that its business operations or customers stayed unaffected.

Nevertheless, the company claims to have implemented necessary measures to prevent similar incidents and offers uninterrupted services to its customers. Samsung has also hired a private cybersecurity and law enforcement agency to investigate the latest incident.

Those impacted in this breach are advised to remain cautious of phishing scams, track their credit profiles, and check Samsung’s privacy policy and **FAQs section**.

**Second Data Breach in 2022**

It is currently unclear who perpetrated this attack. But, it is certainly not the first time the tech vendor has suffered a data breach. In fact, Samsung has been a victim of several data breaches in the recent past. In March 2022, **the company confirmed** suffering a data breach after the Lapsus$ hackers leaked 189 GB worth of sensitive data online.

1.  **Hackers used Samsung website to access Sprint’s customer data**
2.  **Killnet Claim They’ve Stolen Employee Data from Lockheed Martin**
3.  **Flawed Encryption Feature Affected 100M Samsung Galaxy Phones**
4.  **Samsung asks users to scan their Smart TVs for malware – Here’s how to**
5.  **Hackers Compromise Employee Accounts to Access Twilio Internal Systems**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism