This Cryptomining Tool Is Stealing Secrets

 

source: wired.com  |  image: pexels.com

 

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

The US federal foreign intelligence collection tool—a frequently abused surveillance authority—known as Section 702 is facing its demise at the end of the year despite being viewed as the “crown jewel” of US surveillance powers. So far, no members of Congress have introduced a bill to prevent its January 1 sunset. And the identity-management platform Okta suffered a breach that had implications for nearly 200 of its corporate clients and brought up memories of a similar hack the company suffered last year that also had knock-on effects for customers.

An EU government body has been pushing a controversial proposal with far-reaching privacy implications in an attempt to combat child sexual abuse material, but its most outspoken advocates recently added to the drama significantly by essentially launching an influence campaign to support its passage. The long-foreseen nightmare of using generative AI to create digital child abuse materials has arrived with a flood of images, some of which are completely fabricated while others depict real victims generated from old datasets.

We also went deep this week on a situation in which hackers say they can crack a locked USB drive that contains a massive 7,002 bitcoins, worth about $235 million—but the drive’s owner hasn’t let them try.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

A cryptominer that never seemed to generate very much cryptocurrency for its creators is part of a larger digital espionage campaign, according to researchers from security firm Kaspersky Lab. The platform, which they call StripedFly, has infected more than 1 million Windows and Linux targets globally since 2017. StripedFly is modular and has multiple components for compromising targets’ devices and collecting different types of data, indicating that it was likely created as part of a well-funded state espionage program, not a cybercriminal enterprise. It also includes an update mechanism so attackers can distribute improvements and new functionality to the malware.

StripedFly can, among other things, steal access credentials from compromised devices; take screenshots; grab databases, sensitive files, videos, or other information of interest; and record live audio by compromising a target’s microphone. Notably, StripedFly uses an innovative, custom Tor client to mask communication and exfiltration between the malware and its command-and-control servers. It also has a ransomware component that attackers have occasionally deployed. It infects targets initially using a customized version of the notorious EternalBlue exploit leaked from the US National Security Agency.

Documents reviewed by 404 Media shed new light on US Immigration and Customs Enforcement’s scanning and database tool for identifying “derogatory” online speech about the US. Dubbed Giant Oak Search Technology (GOST), it assists ICE agents in scanning social media posts. According to the documents, they then use the findings in immigration enforcement actions.

One of the documents shows a GOST catchphrase, “We see the people behind the data,” and a user guide from the documents says GOST is “capable of providing behavioral-based internet search capabilities.” ICE agents can search the system for specific names, addresses, email addresses, and countries of citizenship. The documents say that “potentially derogatory social media can be reviewed within the interface.”

The world’s telephony networks have often been built on legacy infrastructure and with a convoluted maze of interconnections. The system enables mobile data access across much of the world, but its complexity and the collision of new and archaic technologies can lead to vulnerabilities. This week, University of Toronto’s Citizen Lab published extensive research on the degree to which roaming arrangements between mobile providers contain security issues that can be exploited to track devices, and by extension the people who own them. The flaw comes from a lack of protection on the communications between cell towers as you, for instance, travel on a train, ride a motorcycle, or walk around town. The concern is that governments, criminals, or other snoops can manipulate the weaknesses in these handoff communications to track device locations. “These vulnerabilities are most often tied to the signaling messages that are sent between telecommunications networks which expose the phones to different modes of location disclosure,” Citizen Lab researchers wrote.