During a phishing scam, attackers gained access to the private crypto keys of developers for finance company bZx as well as the private keys of bZx customers. In other cybersecurity news, the Robinhood stock trading app was compromised and millions of customer files were illicitly accessed.
Android malware steals user credentials
A new Android malware uses extremely specific overlays to steal login credentials for popular apps like Netflix and Instagram. The malware implements overlays without suspicion by abusing the Android Accessibility service that’s pre-installed on all Android devices. The it’s a well known tactic, some of these apps still made it onto the official Google Play app store, with many more being distributed through third-party stores.
Phishing attack steals $55 million in cryptocurrency
Following a phishing attack on a developer, malicious actors were able to successfully steal over $55 million in cryptocurrencies from the crypto finance company bZx. Along with the private keys of the developer, the attackers also accessed the private keys for crypto wallets used by bZx customers that had funds in BSC and Polygon protocols.
Millions of Robinhood clients compromised in data breach
The stock trading app Robinhood was compromised and the personal data for millions of their customers has been accessed by unauthorized individuals. After contacting all affected customers via email, officials for the company released a statement stating their refusal to pay a demanded ransom for the stolen information. This attack comes just months after Robinhood was fined for consistent system failures and outages that disrupted customer use of the app.
Hive Ransomware targets European electronics retailers
MediaMarkt, one of the largest electronics retailers in Europe, suffered a ransomware attack that demanded $240 million. Many of their over 1,000 European-based stores were unable to process card payments or use other internal systems. The Hive ransomware group are well known for uploading stolen victim data to their ‘HiveLeaks’ site, if the demanded ransom isn’t paid; though they do start with a typically high number and leave room for victim negotiations.
Texas Homeland Security department impersonated by scammers
Scammers have begun contacting victims by phone, claiming to be from the Homeland Security Investigations (HSI) department in Texas, and telling potential victims that there are issues with their passport that can be resolved by a payment to the HSI. To increase the fraud’s legitimacy, the scammers have been able to spoof the real HSI phone number so it appears on the victim’s caller ID. Officials for the real HSI have issued a warning that they will never contact anyone directly by phone to obtain any personal information or threaten them with potential arrest.