Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This advanced trojan uses sophisticated techniques to evade detection, steal credentials, and enable remote access to infected devices.

Cybersecurity researchers at DomainTools have released their new research on Octo2, a new version of the notorious Octo malware family. Octo2 targets Android mobile devices and based on its activity, researchers believe that it will target users globally soon.

According to Steve Behm, Solutions Engineer at DomainTools, Octo2 represents a major change in cybersecurity threats. This updated version of the prolific Octo (ExobotCompact) family spreads rapidly due to its enhanced features, global adoption of its predecessor, and aggressive distribution tactics. 

Octo2 features improved remote access trojan capabilities, ensuring reliable communication and control over infected devices even in challenging network conditions. Moreover, its enhanced Anti-Analysis and Anti-Detection techniques can hinder security analysis and detection, making it more difficult to identify and neutralize the threat.

In addition, the use of DGA-Based C2 server generation algorithm (DGA) to create dynamic command and control (C2) server addresses adds a layer of complexity, making it harder for security systems to track and disrupt communication.

“We were eventually able to expand the original 9 domains and 7 TLDs to 269 domains and 12 TLDs first seen from August 22nd, 2024 to October 4th, 2024,” reads DomainTool’s **blog post** shared with Hackread.com ahead of publishing on October 10, 2024.

****Currently Targeting Europe****

Early samples of Octo2 have been observed in several European countries, including Italy, Poland, Moldova, and Hungary. However, given the global reach of the original Octo and the improvements in Octo2, its distribution is expected to expand rapidly. 

****Attack Pattern** – Disguised as VPN and Browser**

The malware often disguises itself as legitimate applications, such as Google Chrome, NordVPN, or “Enterprise Europe Network,” to deceive unsuspecting users. It employs a dropper called **Zombinder** to deliver the malicious payload, prompting users to install a seemingly harmless plugin that is actually Octo2.   

For your information, Zombinder is another Android malware that was actively sold on the dark web in 2022. Its developers also offered a Windows version. At that time, Zombinder was found distributing the notorious **Xenomorph banking malware**, disguised as the VidMate app.

Once a device gets infected, Octo2 allows remote access to mobile devices, intercepting push notifications, harvesting credentials, and performing unauthorized actions, such as allowing for unauthorized login and access. The **Conficker worm discovered in 2008** is one of the earliest examples of a DGA used by malware families and so far 50 malware families, including Zeus and Dyre, have been identified to be using DGA domains.

****Abusing Domain Generation Algorithms****

Octo2’s use of a DGA (Domain Generation Algorithms – Different from **Registered Domain Generation Algorithms – RDGAs**) to generate its C2 server address is a significant enhancement. This technique allows the malware to constantly change its communication endpoints, making it more resilient to takedowns and detection efforts. While researchers can identify the patterns used to generate these domains, the dynamic nature of the C2 infrastructure presents a massive threat.  

Domain Tools researchers warn users to be cautious of Octo2 malware and avoid downloading apps or software from third-party sites. For businesses, using **threat intelligence** is important. This includes advanced detection tools like sandboxing, monitoring DNS traffic for unusual activity, and using endpoint security solutions to spot malicious behaviour on infected devices. Regular DNS traffic monitoring can also help detect DGA-based malware.

1.  **Android Malware Ajina.Banker Steals 2FA Codesvia Telegram**
2.  **BingoMod Android Malware Posing as Security Apps, Wipes Data**
3.  **SMS Stealer Targeting Android Users via Malicious Apps and Ads**
4.  **Phishing Attacks Target European Bank Users on iOS and Android**
5.  **Telegram Android Vulnerability “EvilVideo” Sends Malware as Videos**

Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices

Internet Archive suffered a massive cyberattack, leading to a data breach where 31 million user records were stolen…

Internet Archive suffered a massive cyberattack, leading to a data breach where 31 million user records were stolen and shared on HaveIBeenPwned (HIBP).

The internet’s historical treasure trove, the Internet Archive, has been hit by a devastating cyberattack leading to a data breach, compromising the personal information of 31 million users. The attack unfolded dramatically: Visitors to archive.org were greeted by a pop-up message, seemingly from the hackers themselves. It read:

> “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!”

This cryptic message hinted at the severity of the situation. Troy Hunt, founder of HaveIbeenPwned (HIBP), revealed that a hacker shared a 6.4GB database with him, containing authentication information for registered members. 

Screenshot from Archive.org displaying the message left by hackers

For your information, HIBP, short for “Have I Been Pwned,” is a website that allows users to check if their email addresses have been leaked in data breaches.

According to Troy, the 6.4GB database contains user information, including email addresses, usernames, timestamps of password changes (with the most recent being September 28th), and even encrypted passwords.

The attack went beyond data theft. The Internet Archive also faced a Distributed Denial-of-Service Attack (**DDoS Attack**), overwhelming the website with traffic and making it inaccessible to users.

A pro-Palestinian hacktivist group DarkMeta claimed responsibility for the DDoS attack in a post on X, citing the Archive’s supposed affiliation with the US government as the reason. However, the Internet Archive is a non-profit organization founded by Brewster Kahle (co-founder of Wayback Machine) and the site has no affiliation with the government.  

On their X (Twitter) account, Kehle confirmed DDoS attacks on the website. In a tweet at 2:08 AM, Oct 10, 2024, Kehle said they mitigated a DDoS attack. However, in a tweet sent out just 3 hours ago at 11:36 AM, Oct 10, 2024, Kehle revealed they are facing more DDoS attacks and the website **Archive.org** and **Openlibrary.org**, an online project intended to create “one web page for every book ever published” have been offline.

At the time of writing both sites were offline. Nevertheless, the full picture of the attack remains unclear as it is a developing story. While the DDoS attack and data breach seem coordinated, the connection is not definitive.

**Jake Moore**, Global Cybersecurity Advisor, ESET weighed in on the situation, highlighting the broader implications of the breach.“Hacking the past is usually technically impossible but this data breach is the closest we may ever come to it.”

“The stolen dataset includes personal information but at least the stolen passwords are encrypted, however, it’s a good reminder to make sure all your passwords are unique as even encrypted passwords can be cross-references against previous uses of it,” Jake explained.

“Have I Been Pwned is a fantastic free service that can be used after a breach. It securely contains millions of breached usernames and passwords for people to safely check their credentials against the database to check if they have ever been caught up in a breach.” “If you find your data in any known breaches, it would be a good idea to change those passwords and implement multi-factor authentication,” he advised.

Stay tuned, this article will be updated accordingly.

1.  **DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest**
2.  **Archive of Our Own Website Suffering Massive DDoS Attacks**
3.  **Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks**
4.  **Misconfigured AWS bucket exposed 421GB of Artwork Archive data**
5.  **Examining the US Government’s DDoS Protection Guidance Update**

Internet Archive (Archive.Org) Hacked: 31 Million Accounts Compromised

Boston and London, U.S. and U.K., 10th October 2024, CyberNewsWire

**Boston and London, U.S. and U.K., October 10th, 2024, CyberNewsWire**

The agreement has marked over 600,000 fraudulent domains for takedown in just two months through automated defense and proactive prevention. Abusix and Red Sift to hold exclusive webinar sharing insights on transforming cyber attack mitigation.

Abusix, an organization specializing in internet abuse prevention, and Red Sift, a leader in misconfiguration and exposure management, have announced a new partnership aiming to transform how organizations can navigate from a reactive to a proactive approach for managing security risk.

Cyber threats such as email phishing, business email compromise (BEC), and brand impersonation remain persistent challenges for organizations globally. Addressing these issues requires both visibility and automation to enable faster detection and mitigation of such attacks.

Addressing these challenges head on, Abusix and Red Sift’s partnership aims to offer security teams visibility and action to neutralize risks preemptively. Since the agreement was enabled in August 2024, over 630,000+ domains have been marked for takedown. This outcome is attributed to Abusix’s real-time reporting capabilities for the swift identification of potential threats, and Red Sift’s ability to transform data into actionable defenses and real-time value for its customers. This is enabled through Red Sift leveraging Abusix’s data in both Red Sift OnDMARC and Red Sift Brand Trust. 

> **Rahul Powar, CEO and Co-Founder of Red Sift said:** “We find ourselves in an ever changing landscape where new attacks and methods for cyber abuse are ever prevalent. Working together with Abusix, we are harnessing new innovation and knowledge sharing to offer increased visibility to a wider remit of large enterprises and small businesses that are vulnerable to cyber threat. This in turn allows us to provide real-time solutions to mitigate against costly reputational damage and shift the industry’s approach from reactive to proactive.” 

> **Tobias Knecht, CEO and Founder of Abusix said:** “It’s not just about sharing data—it’s about sharing it with the right organizations. 95% of all attacks on enterprises originate from service provider and hosting provider networks. Enabling rapid takedowns by sharing actionable intelligence with service providers and hosting providers is a crucial step in reducing overall attack volume at its core. Through our partnership with Red Sift and their unique data solutions, we are taking a significant step forward in safeguarding the internet and improving network security overall.”

The newly formed collaboration is a move to raise the effectiveness and application use of email threat data for cybersecurity across the board and to upgrade the industry’s approach to attack mitigation. Together, the two companies are addressing ongoing critical gaps in the cybersecurity landscape by addressing crucial business needs for increased domain security and prevention of brand abuse. 

Those interested can join an exclusive webinar to learn how Abusix and Red Sift are transforming cyber attack mitigation — readers can reserve a spot today and hear about proactive strategies to protect organizations from email phishing, brand impersonation, and other emerging threats.

Readers can also learn more about the partnership’s Success Story here.

****About Abusix****

Abusix transforms vast amounts of real-time data into actionable insights, helping organizations protect against cyber threats. Its unique data ecosystem enables security teams across all sectors to proactively mitigate attacks by pinpointing the origins of cyber abuse. By enabling collaboration between enterprises, security vendors, and service providers, Abusix works to reduce the overall volume of attacks, driving a more secure internet. 

Abusix serves a global client base, including Cloudflare, Amazon Web Services (AWS), Vodafone, Digital Ocean, and multiple government organizations worldwide. Dedicated to enhancing the global security ecosystem, Abusix continues to make threat intelligence accessible and impactful across industries. Readers can learn more at abusix.com

****About Red Sift****

Red Sift aims to enable organizations to anticipate, respond to, and recover from cyber attacks while continuing to operate effectively. The award-winning Red Sift Pulse Platform is an integrated solution that combines four interoperable applications, internet-scale cybersecurity intelligence, and innovative generative AI that intends to put organizations on a path to cyber resilience. 

Red Sift is a global organization supported by a diverse team across 15 countries. It boasts an international client roster that includes Capgemini, Domino’s, ZoomInfo, Athletic Greens, and several leading law firms. Red Sift is the official DMARC provider for Cisco and a trusted partner for Microsoft and Entrust, among others. Readers can learn more at redsift.com

**Contact**

**Head of Marketing**  
**Serena Li**  
**Abusix**  
**\[email protected\]**

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

Casio experienced a major cyberattack on October 5, 2024, causing system disruptions and raising concerns about a potential…

Casio experienced a major cyberattack on October 5, 2024, causing system disruptions and raising concerns about a potential data breach. The company is investigating the incident with cybersecurity experts.

Casio, the iconic Japanese electronics company, is in the spotlight again due to another cybersecurity breach. On October 5, 2024, **Casio** experienced a major cyberattack involving unauthorized access to its network, resulting in system-wide disruptions.

Although the company is still investigating whether attackers compromised sensitive data in the October 2024 incident, this comes on the heels of a significant data breach **in October 2023**, caused by human error. That breach affected users in 148 countries and targeted Casio’s ClassPad education platform, which is widely used by students and educators.

****The October 2024 Breach: What Happened?****

According to Casio’s **security advisory** published in Japanese, on October 5, 2024, an unidentified third-party actor gained unauthorized access to the company’s network triggering outages and temporarily disrupting several of the company’s services.

Casio has not yet revealed which specific services were impacted. The network breach is under investigation, and the company is working closely with cybersecurity experts to determine the full extent of the damage.

Casio released a statement acknowledging the breach and its potential impact, stating, “We deeply apologize for any concern and inconvenience this may cause to our customers and partners.” The company has restricted external access to its systems while the investigation is ongoing.

****Data Breach Concerns****

One of the concerns following the October 2024 cyberattack is whether any sensitive data, such as customer information or business-critical data, was compromised. As of now, no ransomware group has taken responsibility for the attack, despite the systemic disruptions that are typical in ransomware attacks.

Hackread.com is closely monitoring the situation, and this article will be updated as soon as Casio releases new information. Stay tuned for further developments!

1.  **Casio China Hacked, 150,000 user accounts leaked**
2.  **Casio Electronics Taiwan Website Hacked by SaMuRai Hacker**
3.  **Dell Discloses Data Breach As Hacker Sells 49M Customer Data**
4.  **Lesson from Casio’s Data Breach: Database Security Challenges**
5.  **Acer Data Breach: Hacker Claims to Sell 160GB Trove of Stolen Data**

Casio Hit by Major Cyberattack AGAIN

Austin, TX, USA, 10th October 2024, CyberNewsWire

**Austin, TX, USA, October 10th, 2024, CyberNewsWire –** IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading Investigations solution used by CTI teams, security operations, fraud and risk prevention analysts, and law enforcement globally

**SpyCloud**, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminates the scope of digital identities and accelerates successful outcomes of complex investigations from days or hours to minutes.

SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by navigating the world’s largest repository of recaptured breach, malware, and phishing data. It powers rapid analysis of identity exposures across organizations, VIPs and supply chains, pattern of life analysis, threat actor attribution, insider risk analysis, financial crimes research, and more.

SpyCloud Investigations now includes IDLink, the company’s advanced analytics technology that automatically delivers expanded digital identity results from a simple search query. Where a traditional threat intelligence or investigations tool may provide a small number of records directly correlated to the search input, IDLink expands the pool of results to include identity data correlated across shared usernames, emails, passwords, and PII – with flexible options around pivoting depth, confidence levels, and visualization.

Based on more than a decade’s worth of techniques and expertise developed by renowned investigators at SpyCloud, including former intelligence agency personnel, IDLink uniquely provides a more comprehensive picture of identity compromise to give analysts more avenues for investigation while reducing errors and missed data points. Organizations with fewer in-house CTI, security operations, or fraud/e-crime prevention resources now have an easy-to-use solution to expand their investigative capabilities without adding additional expertise or headcount.

> “SpyCloud Investigations is the ultimate force multiplier for security teams,” said Jason Lancaster, SpyCloud’s senior vice president of investigations. “SpyCloud’s team of investigators have decades of experience investigating cybercrimes day and night, across all manner of use cases, with public and private sector partners. We’ve spent the last year infusing this knowledge into our solution so analysts at all skill levels can reap the benefits.”

With IDLink advanced analytics now foundational to its industry-leading solution, SpyCloud Investigations offers users the ability to visualize holistic identities of exposed employees, consumers, vendors, and cybercriminal actors themselves to more quickly and comprehensively identify and act on risks – helping them achieve:

*   **Up-leveled Analyst Output**: Investigative workflows automate the process of identifying hidden identity exposures, up-levelling analysts and investigators of all skill levels, increasing team productivity, discovery, and resolution.
*   **Hidden Connections:** IDLink automatically connects the dots and rapidly pieces together a holistic view of a digital identity, in minutes instead of hours of advanced analysis previously.
*   **Attribution:** Automated analytics deliver linked exposed identity assets and records, reducing dead ends in investigations and delivering critical details about criminal actors and threats.

This announcement comes at a time when adversaries are increasingly using stolen identity data to bypass security measures and exploit exposed access. This is evidenced by large-scale infostealer malware campaigns and headline-grabbing breaches, such as the National Public Data breach, which leaked 2.7 billion identity records – including hundreds of millions of Americans’ Social Security numbers.

> “There is a vast amount of personal information in criminals’ hands,” said Jason. “SpyCloud Investigations gets that same data into the right hands, faster, to protect businesses and their users. By illuminating connections, opening up new threads to investigate, and offering unlimited queries to SpyCloud’s enriched database of breached, phished, and malware-exfiltrated data, analysts can visualize threats and act decisively, enhancing organizational resilience against cybercrime and identity threats.”

For more information about SpyCloud Investigations or to schedule a complimentary demo to explore your data, users can contact us here.

****About SpyCloud****

SpyCloud transforms recaptured darknet data to disrupt cybercrime. Its automated identity threat protection solutions leverage advanced analytics to proactively prevent ransomware and account takeover, safeguard employee and consumer accounts, and accelerate cybercrime investigations.

SpyCloud’s data from breaches, malware-infected devices, and successful phishes also powers many popular dark web monitoring and identity theft protection offerings. Customers include more than half of the Fortune 10, along with hundreds of global enterprises, mid-sized companies, and government agencies worldwide. Headquartered in Austin, TX, SpyCloud is home to more than 200 cybersecurity experts whose mission is to protect businesses and consumers from the stolen identity data criminals are using to target them now.

****Contact****

**Emily Brown**  
**REQ on behalf of SpyCloud**  
**\[email protected\]**

SpyCloud Adds Identity Analytics to Cybercrime Investigation Solution for Insider Risk

Zug, Switzerland, October 8, 2024 // Supra, the 500k TPS Layer-1 blockchain with MultiVM compatibility for MoveVM and…

Zug, Switzerland, October 8, 2024 // Supra, the 500k TPS Layer-1 blockchain with MultiVM compatibility for MoveVM and EVM dApps, unveils Supra Containers, a game-changing solution that may well eliminate the need for Layer-2s (L2), Layer-3s (L3), and AppChains.

Supra Containers offer builders the freedom of dedicated L2s and AppChains without the high infrastructure costs, fragmented liquidity, or complex security issues, marking the beginning of a new era for dApps and on-chain development. 

****Navigating the L2 Maze: Liquidity, Composability, and Security****

Builders have turned to L2s and L3s to overcome congestion and scalability bottlenecks they faced on Layer-1s. However, they soon ran into their own set of problems: fragmented liquidity, broken composability, and the need to bootstrap network security. Supra Containers eliminate these barriers by providing developers with the ability to create dedicated execution space for their dApps (DappSpace) that leverage the full power of Supra’s high-performance Layer-1.

****Supra Containers: Access Seamless Composability and Shared Liquidity****

Supra Containers offer the flexibility of L2s — such as dedicated compute or execution space, customizable governance, and freedom to create your own token economies — without the downsides. Builders no longer need to spend time and resources bootstrapping network security, validators, or complex bridging systems. Supra’s L1 node network secures every Container, ensuring that developers can focus entirely on building innovative dApps, not infrastructure.

Supra Containers are fully composable and integrate seamlessly with Supra’s ecosystem and other Containers, preserving atomic smart contract transactions and thus allowing dApps to interact effortlessly. Unlike L2s, where fractured liquidity becomes a big demerit, Supra Containers can share liquidity across the entire Supra L1 network — ensuring smooth operations and access to a unified pool of assets.

****Built-In Services and MultiVM Ecosystem Compatibility****

Supra Containers also come with an in-built, vertically integrated stack of critical blockchain services such as Oracle price feeds, on-chain verifiable randomness, cross-chain communication, and automation, which Supra L1 natively offers. In contrast to L2 app chains, where Oracle and bridge integrations can be costly and complex, Containers provide these features natively, cutting down on costs otherwise spent on integrating these external infrastructures. 

Supra is also MultiVM compatible, which means that developers from ecosystems such as MoveVM, EVM, and soon SolanaVM will be able to immediately deploy dApps on their own Supra Containers without the need for complex migrations. This flexibility allows developers from other ecosystems to tap into the 500k TPS throughput and sub-second consensus latency of Supra Layer-1 — ushering in a new generation of scalable, efficient, and interoperable dApps and Containers.

****Every Supra Container Can Be an Entire Ecosystem****

The potential for Supra Containers extends far beyond individual dApps. Developers can even build entire ecosystems within their custom environment, deploying multiple dApps and smart contracts within their Container. They can also attract other projects to deploy within their infrastructure.

For example, a gaming studio can launch a Container as an ecosystem of decentralized games with unique token incentives, all the while benefiting from Supra’s shared security and liquidity. They could even gate their Container using their on-chain passes or NFTs, and use the same utility token across multiple games in their Container ecosystem, or even in other Containers.

Joshua Tobkin, CEO of Supra, explains: “With Supra Containers, we’re not just simplifying dApp development — this might eliminate most needs for L2s and AppChains. Developers now have the freedom to launch their ecosystems with full control over governance and token economies, while enjoying the security, composability, and shared liquidity of Supra’s Layer-1 infrastructure.”

Supra Containers are a paradigm shift, offering developers a faster, cheaper, and more efficient way to build powerful dApps and their custom economies. By providing dedicated execution space, customizable governance, and tokens — without the trade-offs of traditional AppChains — Supra is transforming the way blockchain applications are developed.

****About Supra****

Supra is a high-throughput Blockchain with vertically integrated native Oracle price feeds, on-chain randomness, cross-chain communications, and automation. They’ve also introduced Containers, offering developers dedicated customizable DappSpace on Supra L1. With access to 500k TPS throughput and sub-second consensus latency of Supra, Containers bring the sovereignty benefits of AppChains and L2s together with the security, composability, and shared liquidity of Supra’s next-gen Layer-1 blockchain.

Developers can create, scale, and customize their dApps on Supra Containers — all without needing external services or validators. Supra is also MultiVM compatible (MoveVM and EVM, SolanaVM coming soon), enabling builders from all ecosystems to build a new generation of highly scalable, composable, and interoperable Containers and Super dApps.

Supra Redefines the Layer-2 Debate with “Supra Containers” – Is This the End of L2s?

Trojan.AutoIt.1443 targets 28,000 users, spreading via game cheats and office tools. This cryptomining and cryptostealing malware bypasses antivirus…

Trojan.AutoIt.1443 targets 28,000 users, spreading via game cheats and office tools. This cryptomining and cryptostealing malware bypasses antivirus detection by using fake system components and file injection techniques.

Cybersecurity researchers at Doctor Web or Dr.Web have discovered a new cyber attack targeting thousands of users across Russia and neighbouring countries with Trojan.AutoIt.1443.

This campaign uses trojans disguised as office programs, game cheats, and online trading bots, infecting computers with **cryptomining and cryptostealing malware**. The attack also exploits fake system components, scripting tools, and file injection techniques to spread its malicious code.

**Malware Delivery and Execution**

The infection begins when unsuspecting users click on fraudulent links shared on platforms like GitHub and YouTube. These links lead to downloads of password-protected archives that can bypass basic antivirus scans. Once the password is entered, a sequence of files and scripts is extracted, which makes the malware installation possible.

YouTube videos involved in the malicious campaign (Credit: Dr.Web)

According to Dr.Web’s technical blog post, the infection relies on several key components to carry out its malicious activities. One of these is UnRar.exe, a legitimate program used to open RAR files. However, alongside it are scripts named Iun.bat and Uun.bat, which work behind the scenes to schedule tasks that set up the malware and erase any evidence afterwards.

Another important part of the attack is hidden within files called ShellExt.dll and UTShellExt.dll. These files, although seemingly harmless, actually trigger a malicious script disguised as a regular system tool. This script is written in AutoIt, a programming language typically used for automating tasks on Windows, but here, it’s being exploited to help the malware blend in and avoid detection.

**The Malware’s Operations**

Once activated, the malware scans for any debugging tools that may interrupt its execution. If no debugging software is detected, it proceeds to establish network access through the Ncat network utility, executing additional files to cement its presence within the system. It also manipulates the system registry, employing the Image File Execution Options (IFEO) technique to achieve persistence.

The IFEO technique allows developers to debug applications by redirecting system processes to other executables. However, in this campaign, cybercriminals exploit this functionality to execute malicious code every time system services or even trusted applications like Chrome or Edge update. This trick gives the malware control over critical system functions.

**Cryptomining and Cryptostealing**

The malware performs two main malicious tasks: cryptomining and cryptostealing. First, it uses a file called DeviceId.dll, disguised as part of the .NET framework, to install a cryptomining program known as **SilentCryptoMiner**. This program quietly runs on infected computers, using their processing power to generate cryptocurrency for the attackers without the user’s knowledge.

Second, it employs a file named 7zxa.dll, which looks like it belongs to the legitimate 7-Zip program, but actually contains a **“clipper” tool**. This tool monitors the clipboard for cryptocurrency wallet addresses, swapping them with the attackers’ addresses to divert funds.

So far, this technique has allowed the hackers to steal over $6,000. Both of these malicious files are hidden within the system by injecting them into the Windows Explorer process. This sneaky method, known as Process Hollowing (very similar to **Process Doppelgänging**), allows the malware to run unnoticed, leading to multiple instances of the Explorer process running at the same time, which is a sign of infection.

It is also worth noting that the infection chain of Trojan.AutoIt.1443 is similar to a recently discovered variant of **Lua malware**, which is distributed as an installer or a ZIP archive, often disguised as game cheats or other gaming-related tools.

**Widespread Impact and Prevention Measures**

This campaign has affected over 28,000 users, primarily in Russia but also in nearby countries such as Belarus, Kazakhstan, and Turkey. Most victims were tricked into installing pirated software, emphasizing the risks of downloading software from untrusted sources.

To protect against such threats, users are advised to:

*   **Use reliable antivirus solutions.**
*   **Download software only from trusted sources.**
*   **Regularly update security software to detect the latest threats.**
*   **Avoid using pirated programs, as they often come bundled with malicious files.**

As malware attacks become more advanced, unsuspected users need to stay alert and follow safe computing practices to avoid getting infected. Since cybercriminals are always finding new ways to attack, it’s important for users to stay up to date on the latest threats and security tips to protect their systems. Stay informed and follow Hackread.com for more.

1.  **Fake League of Legends Download Ads Drop Lumma Stealer**
2.  **Global malspam targets hotels, spreading Redline, Vidar stealers**
3.  **Fake Windows site dropped Redline malware as Windows 11 upgrade**
4.  **Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware**
5.  **Ransomware Hidden as a Game: Kransom’s Attack Via DLL Side-Loading**

New Crypto Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool

Abu Dhabi, UAE, October 9, 2024 – Dragonz Lab, a Web3 gaming studio originating from the UK, today…

**Abu Dhabi, UAE, October 9, 2024** – Dragonz Lab, a Web3 gaming studio originating from the UK, today announced a $9 million funding round led by Syndicate Capital Limited Partnership Fund (LPF), a venture fund specializing in Web3, Blockchain, and AI investments, playing a role as a community builder to foster the development of digital economy.

This strategic equity investment aims to enhance the development of Dragonz Land, a utility-driven Play-2-Earn game, promoting digital property rights and the Web3 ecosystem.

Through Syndicate Capital LPFs support, Dragonz Lab plans to use the funds to further develop _Dragonz Land’s_ ecosystem, which already boasts a base of over 5.3 million monthly active users, to enhance the game’s features such as PvP tournaments, strategic guild collaborations and customer loyalty program. 

_Dragonz Land_ combines unique NFT cards with dynamic gameplay and community engagement. Players can buy, collect, level up, and trade cards across 16 distinct factions while earning in-game tokens through tapping and completing various tasks.

“Partnering with Syndicate Capital LPF represents a huge leap forward for the Dragonz ecosystem,” said Andy Chen, Representative of Co-General Partner of Syndicate Capital LPF and Board Member of Dragonz Lab.

“Being the frontier and market leader in the Web3 spaces, our expertise in building ecosystems around loyalty programs aligns with our vision to create a sustainable and engaging gaming environment. This strategic investment and synergy will bolster our game development while providing our users with innovative  digital assets and digital property rights to increase user acquisition and retention in the Web3 spaces.”

The game, available on both mobile and desktop via Telegram, utilizes blockchain for secure transactions and true ownership of digital assets. Syndicate Capital LPF is targeting the burgeoning tap game market, as many titles have struggled to retain traction.

The move marks the frontier Asian VC fund from the Web2 space to invest in a Web3 Play-2-Earn game. _Dragonz Land_ stands out for its engaging gameplay combined with a successful revenue model, including in-game purchases and upgrades for ultimate users or digital property owners. 

“Dragonz Land represents the future of gaming and Web3 more broadly, combining our success in customer loyalty programs as well as the excitement of GameFi, innovative blockchain technology, and a successful revenue model” said Dr. Albert Yip, Chairman of Syndicate Capital Group.

“As a Web3 builder, we are thrilled to support this project, providing our expertise to boost the Dragonz ecosystem and produce synergy with our other digital loyalty programs such as Asia Top, which is one of our flagship portfolio companies of Syndicate Capital LPF .”

The project is set to deliver its tokenomics and additional features in the coming months, reinforcing its commitment to continually growing its user base and community engagement.

****About Dragonz Land****

Dragonz Land is a Trading Card Game where players buy, collect, merge, and evolve NFT cards to increase their power, rarity, and value. The cutting edge Web3 MTG style trading card game is implemented into a tap-to-earn using features like claiming Game Cards and NFTs, KOL/Heroes guilds.

****About Syndicate Capital Group****

Syndicate Capital Group is the Investor Champion and Corporate Champion of Global Fast Track, aiming to support the fintech and CBDC initiatives globally. It is the Co-General Partner of Syndicate Capital LPF which is a Web3 venture fund with a special focus for investments in the digital economy. Syndicate Capital Group is a Web3 investor of the investors network at Cyberport that is positioned as the Web3 Hub in Hong Kong.

****Media Contact****

*   Franky Kas
*   PR Manager
*   \[email protected\]

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  The Rise of Blockchain Gaming and Secure Marketplaces
3.  Atari Asteroids Hack Sparks Blockchain Gaming Transparency Debate

Dragonz Lab Secures $9M from Syndicate Capital to Boost ‘Dragonz Land’ Ecosystem

The Sui Foundation supports native USDC on the Sui network with $120M in liquidity, marking the 3rd largest…

The Sui Foundation supports native USDC on the Sui network with $120M in liquidity, marking the 3rd largest USDC supply. NAVI integrates USDC on day 1, enhancing capital efficiency and user experience.

**New York, US, October 9, 2024** – The Sui Foundation recently announced support for native USDC on the Sui network. As the inaugural and top DeFi & liquidity protocol on Sui, NAVI announced that it will integrate Circle’s native USDC asset on DAY 1. 

With $120M in USDC liquidity, this constitutes the 3rd largest USDC supply in the industry, next to Aave and Compound. The integration of Circle’s USDC stablecoin directly into the Sui network enhances capital efficiency and improves the user experience across the ecosystem. 

This move strengthens Sui’s standing in the blockchain industry, enhancing user experience and promoting wider adoption of the Sui ecosystem through NAVI fully supporting native USDC with a suite of in-application migration features and a capital-efficient native USDC Liquidity Pool, including native USDC liquidity support, flash loan capabilities, among other functionalities.

As more blockchain networks adopt USDC, with Sui being the latest, the role of permissionless composability has fueled the rapid expansion of new applications and blockchain networks by leveraging existing open technologies.

****Native vs Bridged USDC on Sui****

The introduction of native USDC to the Sui network simplifies transaction processes and enhances liquidity within the ecosystem. Users will now have the ability to access USDC directly on Sui, streamlining workflows and increasing overall value for participants. 

Moreover, with the adoption of Cross-Chain Transfer Protocol (CCTP), users can eliminate delays typically associated with bridge withdrawals, thereby establishing a new standard for blockchain efficiency.

Native USDC offers distinct advantages compared to bridged USDC (wUSDC). Native issuance guarantees that the asset is fully reserved and can always be redeemed 1:1 for US dollars. This adds a layer of trust for developers and users alike, who can rely on the integrity of the underlying asset.

****Native USDC on NAVI****

In its pursuit to provide the highest level of asset composability on the Sui network, the NAVI Protocol will fully integrate native USDC as a lending and borrowing liquidity pool. As part of a broader ecosystem initiative, NAVI aims to incentivize users to transition away from bridged USDC and adopt native USDC entirely.

NAVI Protocol is committed to delivering the best possible experience for lending and borrowing, which includes the integration of native USDC, fully backed by US dollars and redeemable on a 1:1 basis. The upcoming migration plan is expected to accelerate the adoption of native USDC, thereby contributing to the growth and improvement of the Sui DeFi ecosystem.

A comprehensive migration plan will be shared in the coming days, outlining the steps necessary for a seamless transition.

****About Circle****

Circle is building the largest, most widely used stablecoin network so billions around the world can access digital dollars for payments and liquidity. The company currently manages USDC, the #2 stablecoin by market cap. It combines the power and stability of US Dollars with the speed of the internet, setting the groundwork for a new global and decentralized financial system. 

****About NAVI Protocol****

NAVI is the inaugural liquidity protocol native to the Sui network. It seeks to establish the cornerstone for chains based on the Move system and aspires to be the premier liquidity protocol in the Sui DeFi ecosystem.

****Media Contact****

*   Ivan Djordjevic
*   Marketing Lead
*   \[email protected\]

Sui to Make Native USDC Available Through NAVI Protocol

Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief…

Cybercriminals exploit disaster relief efforts to target vulnerable individuals and organizations in Florida, compromising the integrity of relief efforts. Learn more about FEMA claim scams, phishing attacks, and malicious files disguised as FEMA documents.

As Florida recovers from Hurricane Helene and braces for Hurricane Milton, a Category 5 storm expected to hit Tampa on October 9, 2024, a new challenge emerges in the online world: Cybercriminals are taking advantage of the disaster victims and relief organizations, exploiting the confusion and urgency of the moment for financial gain.

Veriti, a cybersecurity research firm, recently uncovered three disturbing cybersecurity threats that have surfaced amid the disastrous situation. These scams, which target both individuals and organizations, involve fraudulent Federal Emergency Management Agency (**FEMA**) claims, phishing campaigns, and malware disguised as legitimate FEMA documents.

****Phishing Using FEMA****

While FEMA claims scamming is a direct attack on disaster victims, phishing campaigns are another method cybercriminals are using to exploit the hurricane’s aftermath. Veriti researchers have reported a spike in newly registered domains that appear to be linked to hurricane relief efforts.

These websites, with names like **hurricane-helene-relief(.)com** and **hurricanehelenerelief(.)com**, are designed to trick users into providing sensitive data such as Social Security numbers and financial information.

These fake websites often create a sense of urgency, offering immediate relief or grant opportunities, which makes victims more likely to fall for the scam. The phishing campaigns are typically carried out via email, where recipients are directed to these **fraudulent sites** under the guise of applying for aid. Once victims enter their personal information, the attackers either sell the data or use it for financial fraud.

****Fake FEMA Assistance Providers****

According to Veriti’s **blog post** shared with Hackread.com ahead of publishing on Tuesday, October 8, cybercriminals are posing as FEMA assistance providers and creating fake FEMA claims to steal personal information and disaster relief funds from vulnerable storm survivors.

One such cybercrime forum is BlackBones, where scammers have openly shared strategies for tricking victims, with one user going by the alias “brokedegenerate” even posting detailed instructions on how to submit fraudulent FEMA claims.

****Malware in FEMA Documents****

Cybercriminals are also disguising malware as legitimate FEMA documents, adding an extra layer of danger for those seeking aid. In one instance, a file called fema\_grants\_manager\_user\_manual.pdf was uploaded to **VirusTotal**, a virus-scanning service. While it appeared to be a legitimate FEMA document related to disaster recovery, Veriti researchers discovered that it contained malicious code.

The file, which referenced official FEMA grant systems like the Grants Manager and Grants Portal, aimed to lure users into trusting it. However, hidden within the document was a malicious payload that would redirect users to a suspicious website, infecting their systems with malware. Although no active infections have been reported yet, the existence of such files indicates that cybercriminals are ready to strike whenever disaster relief efforts are in full swing.

Nevertheless, as Florida residents work to rebuild their homes and lives after Hurricane Helene, cybercriminals are grabbing the opportunity to take advantage of the situation. Staying aware of these threats and taking steps to protect yourself can help keep these scams from making an already tough situation worse.

1.  Hackers Dropping Malware in Fake “terror alert” Emails
2.  FEMA leaks sensitive details of 2.3 million disaster survivors
3.  Online Scam Alert Associated with the Nepal Earthquake Disaster
4.  Hackers Sending Fake Ebola Virus reports in emails with Malware
5.  Fancy Bears Hacked MH17 crash investigators with phishing attack

Source

HackRead