Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”
Cyware News – Latest Cyber News – Read More
New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
“When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path,” SafeBreach security researcher Or Yair said&
The Hacker News – Read More
Security experts say Western teenagers comprise a number of active affiliate groups, many with ties to the cybercrime community that calls itself “The Community,” aka the Com or Comm.
Cyware News – Latest Cyber News – Read More
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.
SecurityWeek – Read More
Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.
Cyware News – Latest Cyber News – Read More
Making money with cryptocurrency is imagined by many to be a sinecure: one lucky trade and you’re set for life. While theoretically possible, just like winning the lottery, it only happens to an incredibly small number of people. “Getting rich with crypto” is more of a meme than reality. Yet self-proclaimed crypto-millionaires flaunt their Lamborghinis, stacks of cash, and watches the price of an apartment — fueling the dream. However, those cars are often rented, the “money” from a prank store, and the watches cheap knock-offs.
These “crypto gurus” or “insiders” claim anyone can strike it rich with crypto; however, we all know there’s no such thing as a free lunch. Today, we expose the fraudulent scheme of “earning with Toncoin“, which revolves around a cryptocurrency based on Telegram technologies.
Scammers promote a “super-secret awesome bot” and referral links as the key to earning Toncoin. In short: you invest your money, buy “booster” tariffs, invite friends, and earn commission from every coin invested. The pyramid scheme incentivizes larger investments with the promise of higher returns.
According to our data, this scam has been active since at least November 2023 — targeting both Russian and users from other countries. To make it easier to lure in “potential partners”, the scammers have recorded instructional videos in both Russian and English, along with detailed manuals and a large number of explanatory screenshots.
Let’s break this scam down step by step. Get your protection ready, and let’s dive in!
First, the scammers instruct you to register a crypto wallet using an unofficial Telegram bot for storing crypto. Next, you provide your new wallet address to the bot for “earnings” through purchasing boosters. What these bots are really needed for, the scammers explain to visctims later; initially, their main interest is ensuring you register without asking too many questions.
Window of the bot for purchasing boosters; registration requires you to enter the address of the wallet previously created in the crypto wallet bot
Next, you’re instructed to buy 5.5 to 501 Toncoin (TON), with one TON equivalent to about six U.S. dollars at the time of writing this. They suggest using legitimate tools like P2P markets, crypto exchanges, or the official Telegram bot for this purchase. The freshly purchased TON must be immediately transferred to the crypto wallet bot — supposedly acting as your personal account within the “earning system”, which the scammers can control.
With accounts registered and coins purchased and transferred to the bot, it’s time to start “earning”. The scammers then ask you to “activate the second bot” — by choosing a booster tariff: “bike”, “car”, “train”, “plane”, or “rocket”. The fancier the tariff, the higher the commission percentage — “bike” costs 5 TON and offers 30% commission, while “rocket” is 500 TON for 70%. However, the choice is irrelevant, because whatever tariff the victim chooses, the money will be irretrievably lost.
Following the scammers’ instructions, you create a private Telegram group and post several instructional videos about the “earning” scheme, along with your generated referral link. The abundance of these videos online indicates a significant number of victims have fallen for this scam.
So, how do you actually earn something? With the help of your friends and acquaintances, of course! They will also need to buy TON, transfer it to the crypto wallet, and “activate the booster bot”. The scammers strongly advise inviting at least five friends to your private group. “The number of invitations is unlimited, and the more people you attract, the better for you. Remember: you won’t earn until at least five people activate the booster bot!”. All very tempting. They even recommend calling each friend to personally explain this “incredible earning scheme”.
The scammers promise earnings from two sources:
A fixed payment of 25 TON for each invited friend.
Commission based on the booster tariff purchased by your referrals.
It turns out to be a classic pyramid scheme, where each participant is “a partner rather than a freeloader”. Sadly, nobody profits except the scammers, and all “partners” lose their investments.
Don’t fall for get-rich-quick schemes — even if promoted by friends or family. They might be victims themselves, unaware of the scam.
Never transfer cryptocurrency to unknown or obscure wallets. This scam uses a confusing sequence of instructions, making it easy to overlook the suspicious transfer of money from the official @wallet bot to a third-party one.
Use maximum protection for your crypto assets. This will securely store your wallet data, warn you about suspicious websites, block crypto-phishing links and scams, and protect you from miners and other threats.
Read our posts about crypto scammers to stay informed about all the latest fraudulent schemes, and don’t forget to share them with friends and family — especially those who still aren’t all that internet-savvy.
Kaspersky official blog – Read More
The new facility, details about which have not previously been reported, marks the fruition of a significant doctrinal shift in how the alliance approaches operations in cyberspace.
Cyware News – Latest Cyber News – Read More
A malware campaign was found injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains, specifically using dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs.
Cyware News – Latest Cyber News – Read More
Microsoft has revealed that North Korea-linked state-sponsored cyber actors has begun to use artificial intelligence (AI) to make its operations more effective and efficient.
“They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective,” the tech giant said in its latest report on East Asia hacking groups.
The company
The Hacker News – Read More
A New York federal jury found a hacker guilty of all charges that he masterminded and carried out a scheme to fraudulently obtain $110 million from cryptocurrency exchange Mango Markets and investors.
Cyware News – Latest Cyber News – Read More
