While some malware authors will try to create an air of legitimacy around their products to cover themselves from potential criminal cases in the future, one developer of a cryptocurrency stealer isn’t even trying.
According to Palo Alto Networks, malware authors peddling their creations in underground forums will often pretend their products are for educational or research purposes only — a limp attempt to create a legal defense, just in case.
However, a developer making the rounds with a new commodity cryptocurrency stealer has been described as “shameless” by the team.
Indeed, the malware — named WeSteal — is marketed as the “leading way to make money in 2021.”
Cryptocurrency theft malware, WeSupply Crypto Stealer, has been sold online since May 2020 by a developer under the name WeSupply, and another actor, ComplexCodes, started selling WeSteal in mid-February this year.
An investigation into the sellers, thought to be co-conspirators, has also revealed potential ties to the sale of account access for streaming services including Netflix, Disney+, Doordash, and Hulu.
The team believes that WeSteal is an evolution of the WeSupply Crypto Stealer project. Marketing includes “WeSupply — You profit” and claims that WeSteal is the “world’s most advanced crypto stealer.”
An advertisement for the malware includes features such as a victim tracker panel, automatic start, antivirus software circumvention, and the claim that the malware leverages zero-day exploits.
“It steals all Bitcoin (BTC) and Ethereum (ETH) coming in and out of a victim’s wallet through the clipboard, it also has plenty of features like the GUI/Panel which is just like a RAT [Remote Access Trojan],” the advert reads.
Litecoin, Bitcoin Cash, and Monero have also been added to the cryptocurrency list.
The researcher’s analysis of the Python-based malware revealed that the malware scans for strings related to wallet identifiers copied to a victim’s clipboard. When these are found, the wallet addresses are replaced with attacker-controlled wallets, which means any transfers of cryptocurrencies end up in the operator’s pocket.
While the malware is also described as having RAT capabilities, the researchers are not convinced, believing that WeSteal has something closer to a simple command-and-control (C2) communication structure rather than containing features usually associated with Trojans — such as keylogging, credential exfiltration, and webcam hijacking.
The WeSteal developers offer C2s as a service and also appear to run some form of customer ‘service’ — however, the current user base appears to be small.
“WeSteal is a shameless piece of commodity malware with a single, illicit function,” the researchers say. “Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. It’s surprising that customers trust their “victims” to the potential control of the malware author, who no doubt could, in turn, usurp them, stealing the victim “bots” or replacing customers’ wallets [..] it’s also surprising the malware author would risk criminal prosecution for what must surely be a small amount of profit.”
A Remote Access Trojan (RAT), WeControl, was also added to the developer’s roster after the report was published and awaits further analysis.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Programming languages: From Python to 500,000 lines of Go, how one organization is making a big switch
US education non-profit the Kahn Academy has completed 500,000 lines of code in Google’s Go programming language to replace its backend server previously written on Python 2.
Kevin Dangoor, a principal software architect at Kahn Academy, details the organization’s big shift from Python 2 under a project called Goliath.
Python 2 reached end of life in 2020, so the organization was preparing for a large migration – possibly to Python 3 or another language. Eventually, it settled on Go, a language designed to be fast and used at Google on cloud-scale systems.
SEE: Hiring Kit: Python developer (TechRepublic Premium)
“Moving from Python 2 to 3 is not an easy task,” Dangoor remarked in 2019. His team considered Kotlin an “appealing alternative” but ultimately settled on Go, which its engineers believed offered a major performance edge over Python 3.
“As individuals writing code, we can iterate faster due to Go’s lightning quick compile times. Also, members of our team have years of experience and muscle memory built around many different editors. Go is better supported than Kotlin by a broad range of editors,” he noted at the time.
With half a million lines of Go code now in production, Dangoor has given an update on the Kahn Academy’s Go migration for its backend services.
“In general, Go tooling is fantastic,” writes Dangoor. “The compiler is quick, and having formatting being a part of the standard toolchain helps eliminate most conversations about formatting. Though I still see grumbles on the internet about Go modules, they work better than previous package management approaches in Go and, at this point, nicely overall in our experience.”
Google began using Go internally in 2007 and released Go version 1.0 in 2012. While it is one of the top 20 most popular languages, year after year Go developer surveys have revealed the top complaint is its lack of generics or generic types.
Dangoor’s team is also demanding generics in Go.
“Most of the time, writing Go code without generic types is fine. Most of the time, but there are plenty of times when we’ve been writing internal library code or even just working with slices when we felt their absence,” he writes.
The Go team earlier this year released a proposal to enable generic programing, which would allow developers to write functions and data structures where some types aren’t specified until later. It may arrive by the end of 2021 in a future release of Go.
Go isn’t perfect, but some engineers on Dangoor’s team believed Go’s fewer language features than Python made Go code more consistent and quicker to read. That could be helpful for future programmers who are maintaining the Go codebase.
“We’re looking to write a bit less code, and the options we get with generics will help with that,” he notes.
Highlighting Go’s speed advantage over Python, Dangoor points to a class containing 1,000 students that could take 28 seconds to load in Python, but only takes four seconds to load in Go. He said that while Go is “more verbose in general” than Python, it’s fast, the tooling is solid, and it runs well in production.
Australian FWC finds Deliveroo worker was an employee and unfairly sacked
In an Australian landmark judgment, the Fair Work Commission (FWC) has concluded that the Amazon-backed Deliveroo had an employer-employee relationship with one of its former food delivery workers.
Deliveroo was sued by the former delivery worker, Diego Franco, in May last year, who had raised the action as he believed he was unfairly dismissed.
On Tuesday afternoon, the FWC agreed with Franco, saying that he was indeed a Deliveroo employee due to the extent of control possessed by Deliveroo.
In particular, the FWC found Deliveroo’s self-serve booking (SSB) system, which gave preferential treatment to riders who booked desirable times for engagement, directed Franco to undertake work at particular times and regularly make himself available for work, and to not cancel booked engagements.
Although Franco was not required to work for any particular length of time, or to even accept a delivery order once he had logged into a booked session, the economic reality of the situation would ordinarily compel a rider to undertake delivery work, the FWC said.
“After all, the objective of the entire process is to get paid,” commissioner Ian Cambridge wrote in his judgment.
“What might have, superficially, appeared to be an absence of control over when, where, or how long Mr Franco performed work for Deliveroo, actually camouflaged the significant capacity for control that Deliveroo, (like other digital platform companies) possesses.”
In the judgment, Cambridge also addressed the relevance of gig workers “multi-apping” — to deliver for various platforms simultaneously — in relation to employer-employee relationships, saying that this practice was an example of the phenomenon of change that new technology has brought to the traditional arrangements for employment.
Cambridge said traditional arrangements for the performance of work have altered significantly in response to COVID, whereby the amount of jobs a person can occupy simultaneously is often only limited by technology.
“Consequently, circumstances where an individual may be simultaneously working for two or more employers has become a reality because the physical presence of that individual in a workplace is no longer a fundamental requirement for the work to be performed,” he wrote.
“Traditional notions regarding the exclusivity necessary for the establishment of an employment relationship require reconsideration.”
The latest FWC decision also distinguished itself from a previous ruling that found an Uber driver was not an employee, as Franco used Deliveroo branded attire and equipment and was “clearly encouraged” to do so. The Uber ruling is currently under appeal at Federal Court.
With Franco being classified as a Deliveroo employee, the FWC also found that he was unfairly dismissed. The unfair dismissal decision was due to Franco being dismissed despite not being given any clear indication of the delivery times that were expected of him.
In light of these findings, the FWC has ordered for Franco’s reinstatement as a Deliveroo employee, continuity of service, and reimbursement of lost pay.
“This is an important judgment and puts Australia in line with other countries across the world from the UK, to Spain and the Netherlands where the rights of gig economy workers have been recognised. This ruling has huge implications for gig workers in Australia and we urge the Federal government to look at it today and to start devising regulation now,” TWU national secretary Michael Kaine said.
Moving forward, while the FWC judgment deemed that any delivery riders using the SSB system most likely would be classified as a Deliveroo employee, the company ceased operation of the SSB system in January 2020.
Taking that into account, Cambridge said capacity for this control is inherently available from any utilisation of the significant volume of data, regardless of whether the SSB system was still be used, especially if it provides metrics to help exercise control of engagement and work performance.
He did not go so far as to state that all food delivery workers are employees due to platforms having this data, however.
Shadow Minister for Industrial Relations Tony Burke said while the decision was a major win, the fight for gig workers was far from over as platforms could restructure their business to avoid obligations.
“Labor congratulates Mr Franco and the Transport Workers’ Union for advocating on his behalf to achieve today’s win. But the risk now is Deliveroo and other gig work companies will reorganise to avoid any further obligations to workers,” he said.
“Right now gig workers are being ripped off and exploited. They are working in dangerous conditions with poor pay and almost no rights, protections and entitlements. That’s why we saw five delivery riders die on our roads in three months.”
In February, Labor outlined plans that would see the country’s current industrial relations policy overhauled so that gig economy workers are recognised as employees, and be given access to leave entitlements and a minimum wage.
FBI receives record level of complaints for online scams, investment fraud
The FBI says that complaints concerning online scams and investment fraud have now reached a record-breaking level.
The FBI’s Internet Crime Complaint Center (IC3) received its six millionth complaint on May 15, 2021. While it took close to seven years for the IC3 to register its first one million reports, it took only 14 months to add the latest million to file.
According to the US agency, annual complaint volumes increased by close to 70% between 2019 and 2020. The most common crimes reported were phishing scams, schemes relating to non-payment or non-delivery, and extortion attempts.
The coronavirus pandemic paved the way for new kinds of scams over 2020, many of which centered around fake vaccination appointment requests, online delivery notifications — a popular phishing method made even more so due to stay-at-home orders — and spam sent under the names of agencies such as the World Health Organization (WHO).
IC3 says that the most money is lost through three forms of online scam:
-Business email compromise (BEC): BEC scams, usually crafted through social engineering and phishing, target businesses and attempt to dupe employees into paying for non-existent services, thereby transferring money belonging to a business into an account controlled by cybercriminals.
-Romance, confidence scams: These can include the stereotypical scheme in which scammers will pull on the heartstrings of victims to pressure them into sending money, as well as sextortion. Recent cases reported by UK police included scammers that conducted video chats with potential ‘matches,’ asking them to perform sexual activities on camera, and then blackmailing them for money.
In January, Interpol warned of an increase in dating apps being used by fraudsters to connect to potential victims, and once trust is established, conning them into signing up for fake investment opportunities.
-Investment fraud: These can include dump-and-dump schemes for worthless stock, as well as cryptocurrency or other investment plans that promise guaranteed returns far beyond initial investments.
“The increase in crimes reported in 2020 may have also been due in part to the pandemic driving more commerce and activities online,” the FBI says. “The latest numbers indicate 2021 may be another record year.”
On May 17, the US Federal Trade Commission (FTC) warned that consumers have lost over $80 million to cryptocurrency investment scams since October 2020.
Touted by celebrities including Elon Musk, renewed interest in the cryptocurrency space has unfortunately also led to an increase of cryptocurrency-related scams.
The FTC says that close to 7,000 reports of cryptocurrency fraud were received from US consumers in the last quarter of 2020 and Q1 2021. The average loss faced was $1,900 per victim.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
Asia division of cyber insurance company AXA hit with ransomware attack
One of the world’s biggest cyberinsurance companies, AXA, was hit with a ransomware attack at its offices in Asia this weekend by noted ransomware gang Avaddon.
In a statement to ZDNet, a spokesperson for AXA Partners said a targeted ransomware attack disrupted their IT operations in Thailand, Malaysia, Hong Kong, and the Philippines. Certain data processed by Inter Partners Asia in Thailand has been accessed, the spokesperson explained, but there was no evidence any other data was accessed.
The company has hired a forensic team to investigate the incident and said it notified business partners as well as regulators while it prepares to support all of the clients who may have been impacted.
Members of the Avaddon group wrote on its dark web site that it has already taken three terabytes of data from AXA Group and that the files include information like passports, ID cards, denied reimbursements, contracts, customer claims, payments to customers, bank account information, files from hospitals about fraud investigations and medical reports that had sensitive information about patients. The group even posted samples of the data.
DomainTools researcher Chad Anderson said people behind the ransomware gang Avaddon had posted about their latest victim on a dark web page, sharing a screenshot with ZDNet of the group’s list of targets as well as timers for how long each victim has until ransom will be demanded.
The companies on the list include AXA Group, computer hardware company EVGA, software company Vistex, insurance broker Letton Percival, Henry Oil & Gas, the Indonesian government’s airport company PT Angkasa Pura I, and Acer Finance.
Both the FBI and Australian Cyber Security Centre released warning notices last week about Avaddon’s ransomware tactics.
AXA has about three days left, according to Anderson, before Avaddon members have said they will begin leaking the company’s documents.
The cyberinsurance company has been in the news recently because they pledged to stop reimbursing customers in France who had been hit by ransomware attacks and decided to pay the ransom. The decision was made after pressure from French regulators who said the insurance payouts were fueling higher ransom payments and making the crimes lucrative for the gangs behind them.
“In total, since their discovery in June 2020, the Avaddon gang has published data on dozens of victims on their dark web site, following the now common double-extortion technique amongst ransomware operators,” Anderson said. “Avaddon also maintains an affiliate program where they recruit hackers from underground forums to deploy their ransomware. This most recent intrusion shows that the human operators behind these ransomware families continue to hone their skills and become continually faster at deploying on victim networks.”
Cybersecurity experts said it was impossible to ignore the timing of the attack. Chris Clements, vice president of solutions architecture at Cerberus Sentinel, said Avaddon may have been targeting AXA to make an example of companies challenging their business goals.
But on a deeper level, Clements said it was proof that almost all organizations are vulnerable in some way or on some level and that the scale and complexity of modern networks makes it nearly impossible to plug every potential hole.
“Couple this with the fact that ransomware gang’s extortion earnings often give them higher budgets than their target teams’ defenders and it’s no wonder that ransomware is epidemic across the globe,” Clements said.
Netenrich security advisor Sean Cordero added that for companies as large as AXA, it is often difficult to have sufficient visibility into the cybersecurity practices and controls across their business partners and subsidiaries.
But the lessons learned from this attack, Cordero explained, may lead to better ways to collaborate for both the insured and insurer as this attack implies a weakness in risk assessment, validation, or execution.
“If an insurer like AXA struggles to validate their cyber capabilities and needs — what is the chance that they may have incorrectly assessed the risks across their portfolio of cyber insurance clients?” Cordero asked.
“I imagine that the professionals responsible for achieving positive returns on cybersecurity policies may have renewed discussions with assessors and underwriters in the wake of this most recent incident.”
Next Dimension Podcast – Pico Neo 3, PSVR 2, HTC Vive Pro 2 & Vive Focus 3!
IRS & DOJ Set Sights on Binance to Root Out Illicit Activity
Hong Kong in Talks with China to Stretch Cross-Border Testing of Digital Yuan
Disney’s streaming growth slows as pandemic lift fades, shares fall
Online Cybersecurity Certification Programs
Technoblade’s Minecraft settings
Proof-of-Work Cryptocurrencies Spikes After Elon Musk Ditches Bitcoin
Elon Musk’s Tesla Looking to Accept Energy-Efficient Cryptocurrencies
MicroStrategy Acquires an Additional 271 Bitcoins for $15 Million
Playbase offers an instant solution to organizing simple and cost-effective competitive gaming platforms
Elon Musk on crypto: to the mooooonnn! And back again
AlphaESS lance de nouveaux produits et programmes au salon Smart Energy Conference & Exhibition de 2021
US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security
Extra Salt, O PLANO secure wins in cs_summit 8 closed qualifier openers
The World’s Most Interesting Boeing 747 Uses
Valorant Error Code VAN 81: How to Fix
CS:GO Update 220.127.116.11 adds several updates to new map Ancient
Shiba Inu (SHIB) Mania, Dogecoin, Tesla’s Bitcoin Halt and Crypto Market Volatility: The Weekly Recap
How Young Entrepreneur Jeff Clayton Is Innovating the Dropshipping Logistics Industry
Aero-Engine Coating Market to grow by USD 28.43 million|Key Drivers, Trends, and Market Forecasts|17000+ Technavio Research Reports
Blockchain1 week ago
Yieldly announces IDO
Aviation1 week ago
JetBlue Hits Back At Eastern Airlines On Ecuador Flights
AI7 days ago
Build a cognitive search and a health knowledge graph using AWS AI services
Esports6 days ago
‘Destroy Sandcastles’ in Fortnite Locations Explained
Blockchain6 days ago
Shiba Inu: Know How to Buy the New Dogecoin Rival
Blockchain1 week ago
“Privacy is a ‘Privilege’ that Users Ought to Cherish”: Elena Nadoliksi
Esports1 week ago
Resident Evil Village: Chamber of Solace Full Items List and Locations
Blockchain News1 week ago
Goldman Sachs Managing Director Reportedly Resigns After Making Millions from Dogecoin
Energy1 week ago
ONE Gas to Participate in American Gas Association Financial Forum
Blockchain7 days ago
Meme Coins Craze Attracting Money Behind Fall of Bitcoin
Blockchain6 days ago
Texas House Passes Bill that Recognizes Crypto Under Commercial Law
Blockchain1 week ago
NYC Comptroller Candidate Suggests Crypto Investments as Inflation Hedge