Cybercrime Group Targets Cryptocurrency Influencers And Online Gaming Personalities - 1

Image by RDNE Stock project, from Pexels

Cybercrime Group Targets Cryptocurrency Influencers And Online Gaming Personalities

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • A cybercrime group that has compromised tens of thousands of devices globally.
  • Often employed fake social media accounts for spear-phishing attacks.
  • Fraudulent platforms and fake video games used to trick unsuspecting victims.

A cybercrime group called Marko Polo has compromised “tens of thousands of devices” globally through scams related to cryptocurrency and online gaming, as reported by researchers from Insikt Group on Tuesday.

Marko Polo operators use several deceptive tactics, including creating fake platforms that mimic popular games, software, or services to trick potential victims.

Marko Polo primarily targets cryptocurrency influencers and online gaming personalities, individuals usually considered more cybersecurity-aware than the average user.

Despite their heightened awareness, these individuals have become victims of spear-phishing attacks, which often involve fake job offers or partnership proposals, as noted by Recorded Future .

This shows the group’s focus on high-value targets within the digital finance world.

In recent news, there have been several instances of cyber attacks using fake video conferencing tools , and a significant increase in attacks targeting young gamers . Additionally, Binance has issued an alert about a growing malware threat targeting cryptocurrency users and causing substantial financial losses.

Marko Polo operates as a “traffer team,” redirecting victims to malicious content run by other cybercriminals. It is one of many active groups in the cybercrime world, underscoring the scale of these operations.

Once victims click on malicious links or download these fraudulent programs, they expose their devices to harmful malware like HijackLoader, Stealc, Rhadamanthys, and AMOS, which can steal sensitive information, control their devices, or enable further cyberattacks.

The operators also rely heavily on fake social media accounts to promote their scams and engage with users. These accounts are either purchased in bulk or obtained through account takeovers of legitimate users.

Fake platforms such as PartyWorld, a “loot shooter” game impersonating Fortnite and Party Royale, and NightVerse, a fraudulent “cyberpunk” metaverse, are used to lure unsuspecting players.

Similarly, Vortax, Vorion, and Vixcall pretend to be virtual meeting software, tricking users into downloading malicious software. The scams extend to fake virtual meeting software, as well as communication and collaboration tools like Up-Connect and GoHeard.

Nortex, another scam, poses as a decentralized all-in-one application to trick cryptocurrency influencers and users into downloading malware.

Insikt Group suggests several mitigation strategies to mitigate the risks of Marco Polo’s attacks. They suggest using advanced tools to block harmful malware, implementing web filters, and segmenting networks to contain malware spread.

Monitoring for unusual activity, keeping threat information current, and training staff on online risks are also advised.

Additionally, updating incident response plans, collaborating with other organizations and authorities, securing supply chains, and ensuring compliance with data protection laws are emphasized.

Construction Sector At Risk As Hackers Exploit FOUNDATION Software - 2

Image byBilly Freeman, from Unsplash

Construction Sector At Risk As Hackers Exploit FOUNDATION Software

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

In a Rush? Here are the Quick Facts!

  • Hackers exploit default passwords in software typically used by the construction industry
  • Public database access through the mobile app creates risks.
  • Huntress suggests immediate password changes and security fixes.

Security researchers at Huntress announced today that they discovered a hacking campaign targeting companies using FOUNDATION Accounting Software, a popular program in the construction industry.

The hackers are taking advantage of a simple weakness: many companies haven’t changed the default passwords that come with the software.

Normally, databases like the one used by FOUNDATION Accounting Software are kept private and protected by a firewall or VPN.

However, FOUNDATION’s mobile app feature allows for public access to the database through a specific TCP port. This makes the database more vulnerable to attacks.

Once inside, the attackers can take control of the system and run harmful commands that allow them to steal information or cause damage.

Huntress observed that the attack was automated, hitting multiple companies in just a few minutes. In one case, attackers made over 35,000 attempts before finally getting access.

To protect against this threat, Huntress recommends that all companies using FOUNDATION immediately change the default passwords, avoid exposing the software to the public internet, and disable certain risky features that hackers can exploit.

The researchers reported that they initially identified the malicious activity targeting Foundation last week.

Huntress has already taken action by isolating affected machines and notifying customers who may be at risk. Although the vulnerability is a serious concern, taking these security measures can prevent further attacks.

FOUNDATION did not respond to Recorded Future News ‘ (RFN) request for comment by the time of publication on Tuesday.

While the extent of the damage caused by these attacks remains unclear, as noted by the RFN, it is crucial for affected companies to investigate and take appropriate steps to mitigate any potential harm.