AIs Interest in Monero, Trickbots Identity Revealed, and Other Cybersecurity Highlights

Here’s a translation and a rephrased version of the text you provided:

—

We’ve compiled the most significant cybersecurity news from the past week.

Researcher g0njxa discussed the Dark Partners group, which is involved in large-scale theft of digital assets.

Hackers have numerous websites that distribute stealers disguised as AI services, VPNs, and cryptocurrency software. Among these are the fake applications TradingView, MetaTrader 5, Ledger, Exodus, Koinly, AAVE, and Unusual Whales.

The malware scans the victim’s devices for previously installed wallets such as Electrum, Coinomi, Exodus, Atomic Wallet, Wasabi, Ledger Live, MetaMask, and others. Additionally, the hackers collect information about the host, user credentials, private keys, and cookies for later resale.

g0njxa speculated that Dark Partners utilize purchased code-signing certificates for their Windows malware builds.

The Federal Criminal Police Office of Germany (BKA) has identified the leader of the Trickbot and Conti hacking groups, pseudonymously known as Stern, as 36-year-old Russian Vitaly Kovalev. He has been placed on a wanted list for allegedly establishing a criminal organization and is believed to be hiding in Russia.

In February 2023, Kovalev was one of seven individuals sanctioned by the U.S. for connections to TrickBot and Conti, being recognized as a high-ranking figure within these groups.

According to the BKA, Trickbot had over 100 members and is responsible for infecting hundreds of thousands of systems globally, causing damages in the hundreds of millions of dollars.

Cisco Talos experts found that malware disguised as legitimate AI tool installers is spreading ransomware such as CyberLock and Lucky_Gh0$t, alongside the wiper Numero.

CyberLock operators intimidate victims by claiming to have full access to sensitive business documents, personal files, and databases. They demand $50,000 in Monero for a decryption key, promising to allocate this amount to humanitarian aid in various countries.

The hackers threaten to publish the data if payment is not received within three days. However, experts have found no evidence of data exfiltration functionality in the ransomware’s code.

Lucky_Gh0$t operates on a similar premise. Meanwhile, Numero manipulates graphical user interface components by rewriting the contents of windows and buttons with numerical sequences, rendering the operating system unusable.

The Dutch police, collaborating with U.S. counterparts, shut down the AVCheck service, used by cybercriminals to assess the stealth of their malware against commercial antivirus solutions.

Investigators also linked the site’s administrators to the cryptographic services Cryptor.biz and Crypt.guru. The first domain has been seized, while the second is now offline.

These encryption services assist malware operators in obscuring or encrypting their data, thereby integrating them into a single ecosystem.

Secret agents acted as clients to aid in the shutdown of these services.

A new service called YouTube-Tools has emerged, capable of locating all user comments on the video platform. It can then use AI to create a profile detailing potential residence, language skills, interests, and political views. This is reported by 404 Media.

Originally developed for analyzing League of Legends usernames, the service expanded its capabilities after transitioning to a modified large language model (LLM) from Mistral.

According to the developer, YouTube-Tools is intended for law enforcement. However, after registration and a fee of approximately $20 per month, it is accessible to anyone interested.

Experts have warned that this tool poses a serious threat to privacy.

UK Defense Secretary John Healy outlined government plans for establishing a cyber command aimed at protecting the country from hacker attacks and assisting military forces in orchestrating such attacks independently, as reported by the BBC.

This new entity will enhance the targeting and coordination systems of military units using AI technologies, with an investment of £1 billion ($1.3 billion).

The cyber command will also take the lead in electronic warfare, including intercepting enemy communications and jamming drones.

Over the past two years, UK authorities have faced around 90,000 cyberattacks from foreign intelligence agencies, primarily from Russia and China.

We discuss the loopholes that have emerged for cybercriminals due to the abstraction of Ethereum accounts.