Category: Google

Categories
Crime Crypto News Crypto Wallets Google Hackers

Alert: New Malware ‘Mars Stealer’ Targets 2FAs and Crypto Hot Wallets   

A new information-stealing malware has been spotted in the wild targeting over 40 crypto hot wallets, browsers, and 2-factor authentication (2FA) plug-ins. Named ‘Mars Stealer’, it is an improved version of the older Oski malware that shut down in 2020 after customer support and the Telegram went dark.

The new malware has recently been spotted circulating on Russian-speaking hacking forums where people can purchase it for between US$140 and $160.

Screenshot of the forum. Source: 3xp0rt.com

How ‘Mars Stealer’ Malware Works

According to @3xp0rt, the security researcher who got his/her hands on the malware to conduct technical analysis on it, the Mars Stealer collects information in the memory of a device. With the ability to target 37 browsers and various crypto wallets, including Bitcoin core wallets and all their derivatives as well as Ethereum, Exodus, Binance and more, the threat is widespread:

Wallets targeted by Mars Stealer. Source: 3xp0rt.com

When targeting wallets it stores sensitive data found in wallet.dat which contains the wallet address, the private key to access the address, and other sensitive data. Mars Stealer also targets 2FA apps and more than 40 crypto extensions on Chromium-based browsers, including Google Chrome, Firefox and Brave, but not Opera.

Malware That ‘Speaks’ Only Russian

The malware also contains a function that allows it to remove itself after it has successfully executed or when the operator decides it is time. One of the quirky aspects, though, is that after infecting a system it will check the device language. If the device’s language ID matches that of Russia, Belarus, Kazakhstan, Azerbaijan, Uzbekistan or Kazakhstan, the program will exit without performing any malicious acts, which is apparently common in many Russian-based malware.

Language checks for target exclusion
Source: 3xp0rt.com*

How to Protect Yourself 

Mars Stealer can be spread through many different channels such as file-hosting websites, torrent clients or any other shady downloaders. Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilise 2FA are warned to be cautious against clicking dubious links or downloads:

This comes after BHUNT malware also became more prominent during the past few weeks and Babadeda malware was spread in crypto discord channels last November.

Categories
Blockchain Google Metaverse NFTs

Google Launches its Own Blockchain Division

As reported by Bloomberg, software giant Google has reportedly formed a division focused on blockchain technology, appointing Shivakumar Venkataraman as the new executive to lead the unit.

What Will the Blockchain Division Do?

Venkataraman, an engineering vice-president for Google, says the new division will focus on “blockchain and other next-gen distributed computing and data storage technologies”.

The new division comes under the umbrella of Labs, an incubator created by Google that focuses on long-term projects regarding emerging technologies such as virtual reality. Venkataraman will also become the “founding leader” of Labs.

Not much is known about the group apart from the information obtained by Bloomberg. This is probably a response to other tech giants integrating emerging technologies, such as Meta (formerly Facebook) and Instagram, both exploring NFTs (non-fungible tokens).

Will Google Integrate Crypto into Its Business Model?

While it’s still not known if Google will integrate digital assets like Instagram and Meta plan to do, this could be its jumpstart for exploring crypto assets and their foundational technology.

Google has alleviated the pressure on cryptocurrency promotion by lifting its advertising ban last August, allowing crypto companies to place ads on its search engine and sites that are part of its platform.

Another tech giant focusing on the rise of NFTs and Web3 is Microsoft, which has followed Facebook/Meta into the metaverse by launching 3D avatars and immersive meetings.

Categories
Crypto News Cryptos Google Scams

Google Report: 86% of Hacked Cloud Accounts are Used to Mine Crypto

According to the Threat Horizons report for November released by Google, the majority of recently attacked accounts on the search engine’s Google Cloud Platform (GCP) service are being used to mine cryptocurrencies. Hackers are also accessing cloud accounts to find new targets and to host malware and phishing scams.

86% of Hacked Accounts Used for Illegal Crypto Mining

The report indicates that “malicious actors were observed performing cryptocurrency mining within compromised Cloud instances”. It adds:

“Of 50 recently compromised GCP instances, 86 percent of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space.” The remainder of the hacks included ransomware and phishing scams.

Poor Security Opens the Doors For Scammers

In nearly 75 percent of all cases, malicious actors were able to access the Google Cloud by taking advantage of users’ poor security practices, mostly via customers’ weak passwords or absence thereof. Hackers were also able to gain access through vulnerable third-party software. When hackers used accounts to mine cryptos, mining software was installed within 22 seconds of the attack, leaving manual intervention useless.

The team at Google made recommendations to prevent such attacks, with guidelines including the use of two-factor authentication and implementing Google’s “Work Safer” product.

Scams on the Rise

Due to the unregulated nature of the market, exploits in the digital asset space remain common. Earlier this month, Google issued a “Google Ads Scam Alert” after US$500,000 was stolen using fake crypto wallets. Users of crypto swap platform PancakeSwap and MetaMask and Phantom wallets had been targeted in a phishing scam when hackers stole funds while users tried to install the wallets. Scammers used Google Ads to divert users to fake crypto wallets.

Also in October, Google’s Threat Analysis Group (TAG) had to fend off numerous hackers after they attacked the accounts of various YouTubers, hijacking and repurposing the accounts to run crypto scam ads.

Categories
Crime Crypto News Crypto Wallets Google Scams

Google Ads Scam Alert: $500,000 Stolen Through Fake Crypto Wallets

According to a Check Point Research (CPR) report, users of crypto swap platform PancakeSwap, as well as crypto wallets MetaMask and Phantom, have been targeted in a phishing scam involving the theft of over US$500,000.

The crypto world is full of scammers and dangers, and in recent weeks CPR has identified multiple reports of phishing scams in which crypto wallet users have had their funds stolen while trying to install well-known wallets. The scam worked by using Google Ads to direct users to fake crypto wallets.

According to the CPR report:

Over the past weekend, CPR encountered hundreds of incidents in which crypto investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto swap platforms like PancakeSwap or Uniswap.

Check Point Research (CPR) report

Scammers Replicate Official Websites

CPR has found that the scam has been hitting popular crypto wallets MetaMask and Phantom, with the scammers mimicking the legitimate websites almost exactly. Phantom and MetaMask wallets are the most popular wallets for both the Solana and Ethereum ecosystems.

CPR added:

CPR researchers spotted multiple phishing websites that looked like the original website because the scammers copied its design.

Check Point Research (CPR) report

For the Phantom domain, users were scammed when encountering domains such as “phanton.app” and “Phantonn.app” instead of the legitimate “phantom.app”. The same applied for MetaMask. Users encountered domains such as “MètaMask” on Google Ad campaigns.

The scam works as follows: attackers buy Google Ads in response to searches for popular crypto wallets.

Google Ads for the fake phishing scam websites. Source: CPR

By clicking on the ad, the unsuspecting user is redirected to a phishing website, which looks almost identical to the official wallets’ website.

The phishing website, which looks almost identical to the actual website. Source: CPR

The user then clicks on the “Create New Wallet” button, which generates a message about a secret recovery phrase. Users think it is the phrase with their new wallet, though it’s actually a recovery phrase for the attacker’s website. The attacker then moves on to also steal the user’s password.

The user then clicks on “save and continue” and is redirected to the original wallet’s website. If the user then adds the chrome wallet to their browser and inserts the newly created recovery phrase, they log into the attacker’s wallet instead of creating a new one. If the user then transfers any funds, the attacker will immediately intercept them.

CPR advises crypto wallet users to “refrain from clicking on ads and only use direct, known URLs”.

Scams on the Rise

Last year, hardware wallet provider Ledger suffered an internal break of security which resulted in the exposure of 250,000 to 1,000,000 customer email addresses. Recently a number of fake Ronin wallets were spotted circulating on the Apple and Google App Stores. Fake wallets trick users into disclosing account information which then drains the funds or collectibles held within the wallets.

Categories
Crypto News Google Hackers Scams

Warning: Hackers Are Hijacking YouTube Channels to Run Crypto Scams

Google’s Threat Analysis Group (TAG) has been fending off hackers attacking the accounts of YouTubers to hijack and repurpose them to run ads for cryptocurrency scams.

According to an update from TAG, the team has been disrupting phishing campaigns targeting YouTubers with Cookie Theft malware since 2019. The team has recently shared details about these “financially motivated phishing campaigns” that are used to trick YouTubers in various ways to hijack their accounts and then “either sell [them] to the highest bidder or use [them] to broadcast cryptocurrency scams”.

A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from US$3 to US$4,000 depending on the number of subscribers.

Ashley Shen, Threat Analysis Group (TAG)

The channels would be customised to look like those of large crypto firms or crypto exchanges where the attacker live-streamed videos promising cryptocurrency giveaways in exchange for an initial contribution.

Google’s Steps to Protect Users

In collaboration with YouTube, Gmail, Trust & Safety, CyberCrime Investigation Group and Safe Browsing teams, TAG’s protective measures have “decreased the volume of related phishing emails on Gmail by 99.6% since May 2021. We blocked 1.6M messages to targets, displayed ~62K Safe Browsing phishing page warnings, blocked 2.4K files, and successfully restored ~4K accounts”.

As a result, attackers are starting to move to non-Gmail providers, “mostly email.cz, seznam.cz, post.cz and aol.com”. Phishing emails can be remarkably deceptive, and once the wheels start turning on the process it can be very difficult to stop and recover an account. 

How Accounts Can Be Hacked

TAG had found that the perpetrators of the campaign were recruiting hackers from a “Russian-speaking forum”. The hackers would “lure their target(s) with fake collaboration opportunities”, usually in the form of a demo for anti-virus software, VPN, music players, photo editing or online games, and then gain access to their accounts through Cookie Theft, also known as “pass-the-cookie attack”.

Once the target agreed to the deal, a malware landing page disguised as a software download URL [would be] sent via email or a PDF on Google Drive, and in a few cases, Google documents containing the phishing links. Around 15,000 actor accounts were identified, most of which were created for this campaign specifically.

Ashley Shen, Threat Analysis Group (TAG)

There have also been cases of malware that can copy information on your clipboard to get your crypto information.

Some of the other tactics and known procedures to hack accounts are:

  • social engineering YouTubers with advertisement offers;
  • planting fake software landing pages and social media accounts;
  • delivering cookie theft malware;
  • cryptocurrency scams and selling; and
  • hack-for-hire attackers.
Categories
Blockchain Crypto News Ethereum Google Industries NFTs

FLOW Surges 20% on News of Google Signing Deal with NFT Giant

Dapper Labs, a leading platform for digital collectibles and games on the Ethereum (ETH) blockchain, has partnered with Google Cloud services to help the Canadian start-up scale. As a direct result, the FLOW token has seen an increase of nearly 20 percent.

Dapper Labs has its own blockchain, Flow, which helps users scale apps and games. Google will improve on the product by acting as a network operator, providing developers on the Flow network with digital infrastructure that can process high transaction volumes at greater speed.

With Google’s help, Dapper Labs hopes to scale NBA Top Shot and other NFT lines running on Flow to billions of users.

NFT Platforms Still Performing Well

Dapper Labs products are some of the most used platforms on the Ethereum blockchain, with between 500,000 and one million transactions per week. NBA Top Shot, its flagship invention, has recorded over US$700 million in total sales and has been the leading collectible Dapp by users and volume (US$3.05 million) for the past 30 days, according to industry data site DappRadar.

Flow USD price chart. Source: Coinmarketcap

Following news of the partnership, FLOW‘s price spiked 15.5 percent in 24 hours to highs of US$24.13, while daily transaction volume stands at US$150 million, bouncing back after this month’s major dip.

Also earlier this month, another Dapper Labs product, CryptoKitties, sold more than US$7 million worth of NFTs in 24 hours as growing interest in non-fungible artworks boosted sales.

Warner Music partnered with the company via a strategic investment deal announced the same day, while Dapper Labs further revealed that Ubisoft, known for developing games such as Far Cry and Assassin’s Creed, would function as an adviser on Flow.

Blockchain technology is becoming more and more mainstream. So companies like Dapper need scalable, secure infrastructure to grow their business and, even more importantly, support their networks.

Janet Kennedy, vice-president, Google Cloud North America

Google Dabbling in Blockchain

After it recently lifted an advertising ban on cryptocurrencies, Google’s latest partnership suggests it could venture into infrastructure building for Web 3.0.

Google’s cloud services do not currently offer mining cryptocurrency, but Janet Kennedy, vice-president of Google Cloud North America, has said developers will be able to choose regions that power their platforms based on their energy consumption.

Dapper Labs CEO and co-founder Roham Gharegozlou tweeted that he was “amped to welcome Google to Flow Blockchain”.

Categories
Blockchain Europe Google United Kingdom

Decentralised Search Engine Becomes Default Option for EU Android Devices

Decentralised search engine Presearch (PRE) has officially been added to Google’s default browser choice screen for all UK and European Android devices.

Fair Play Among Browsers

After receiving a €4.24 billion (A$6.8bn) fine from the European Commission in 2018 for using the Android operating system to solidify its place as the most used search engine in the world, Google stopped requiring competing search engines to pay in order to get on the default settings page.

In 2019, the agreed changes were that the five most popular and eligible search engines (including Google) in each EU country would be displayed in random order at the top of the Android choice screen, conforming to metrics from StatCounter.

Nearly 70 percent of smartphone owners in Europe use the Android operating system, which means there is strong potential for the search engine to grow its user base.

With potentially hundreds of millions of users just a click away on the search choice screen, this is one of the biggest wins for any project within the crypto space.

Colin Pape, founder, Presearch

What is Presearch? 

Presearch operates its own advertising platform that uses Keyword Staking, which allows advertisers to stake PRE tokens to a specific word or term. Whichever advertiser stakes the most tokens to a given keyword has its ad show up when someone searches that term.

With more than 2.3 million registered users, Presearch is one of the world’s top 10 most-trafficked blockchain websites and one of the fastest-growing alternatives for private, unbiased searches. Competing with Brave, Presearch aims to join the decentralised service landscape and provide users with a privacy-centric search engine.

Presearch currently processes more than 1 million searches per day and the company says daily searches have increased more than 300 percent since January 2021. The searches are processed by Presearch node operators that earn PRE for their efforts on the Ethereum blockchain.

PRE Token Up 80% Amid Announcement  

PRE tokens are currently trading at A$0.20, having shot up just over 100 percent in the past seven days. The project has a total market capitalisation of nearly US$74 million.

Presearch(PRE) Price: Coinmarketcap

With Android running on about four-fifths of the world’s smartphones including hundreds of millions in Europe, we see this as a huge win in taking decentralized services and blockchain mainstream and driving mass adoption.

Colin Pape, founder, Presearch
Categories
Bitcoin Cryptocurrencies Google

Crypto Exposure Grows as Google Officially Lifts Advertising Ban

Google’s advertising ban on cryptos has officially been lifted. As of August 3, the tech giant will allow companies in the crypto space to advertise on its search engine and sites that are a part of its platform.

Google had already updated its advertising policy in June, to take effect in August. According to Google, “as of August 3, advertisers offering brokerages and cryptocurrency wallets aimed at the US can advertise these products and services”.

Policy Changes for New Crypto Regulation

With the revocation of the ad ban, Google has prescribed specific requirements that need to be upheld by advertisers. Google told Bloomberg in June that the change was made to comply with new US Financial Crime Enforcement Network (FinCEN) regulations.

The new policy will apply globally to Google Search and its third-party sites including YouTube, Gmail and Blogger. 

Coinbase now appears as the top result when users search for the term “bitcoin” in the US, an exchange entry appearing with the recommendation to “buy and sell bitcoin at Coinbase”.

What Does This Mean for Crypto?

Bitcoin itself does not have a marketing budget, relying instead on the crypto grapevine or companies that provide bitcoin services to do the marketing.

The end of Google’s ban could lead to increased exposure for bitcoin and other cryptocurrencies by allowing companies to re-advertise.

Twitter, Facebook and Google prohibit the advertisement of initial coin offerings but allow exchanges or wallet services provided by a publicly traded crypto company to advertise with them, as long as they comply with local laws.

As Google has relaxed its advertising policy, other major advertisers might follow suit.

The change in Google’s attitude is very positive for the cryptocurrency market, which has faced regulatory uncertainty around the world. Being allowed on the Google ad network will obviously ensure bitcoin reaches a larger number of potential users.

Categories
Basic Attention Token Crypto News Google

Brave Search Engine Launches to the Public: Fully Private, Anonymous, and Transparent

Brave, the company behind the popular privacy-focused web browser, has launched a public beta of its own search engine, Brave Search. The search engine promises to be fully private, anonymous, and transparent.

The Brave browser, first released in 2016, now has over 32 million active users per month and has become a popular choice for those who value privacy above everything else. Supporters of the Brave browser are excited by the release of the new search engine beta, which will become the default search engine in the browser later in the year.

The Brave New World

The Brave browser features privacy and security features such as in-built ad blocking, private windows, and password manager. The team also claims it is three times faster than Chrome out of the box. But perhaps its most innovative feature is the ability for users to earn Basic Attention Tokens (BAT) by viewing privacy-respecting ads. At this time, it is not clear whether using Brave Search will reward users with BAT.

The ‘Real Alternative’ to Google

Brave lion logo

Brave Search doesn’t track you or your queries. Ever. Private, independent, and transparent, Brave Search is the real alternative to Google. On mobile, desktop, and anywhere the web takes you. Search private. Search with confidence.

Brave [source]

Brave Search will also feature an independent index of the internet, which is a bold (or brave, if you will) move considering most new search engines merely repackage results from Google and Bing.

Comparison between Brave search and other popular search engines.

The Underdog vs Big Tech

Google has a monopoly when it comes to web browser and search engine market share. Currently, over 90% of searches go through Google. Not even Microsoft’s Bing has been able to make any meaningful inroads in the search domain, with just above 2% market share. It would be an ambitious task indeed if the Brave team were trying to overthrow the king, but it seems it is simply trying to present an appealing, private alternative to the big tech company.

Brave Team Keeping Busy

It appears that the Brave team has been very busy this year. It has also been building a Decentralised Exchange, which will feature benefits for BAT holders, such as discounts on transactions. Now could be a good time to be bullish on Brave.

Categories
Crypto Exchange Crypto News Crypto Wallets Google

Google Revokes Its 2018 Ban on Crypto-Related Advertising

Google is lifting its advertising ban regarding cryptocurrency exchanges and digital wallets. The new policy outlines the hurdles that need to be cleared to allow advertising for cryptocurrency-related business and services.

New Crypto Ad Rules

An official policy update by Google stated that “(from) August 3, advertisers offering Cryptocurrency Exchanges and Wallets targeting the United States may advertise those products and services”. However, they will need to be certified by Google first, through meeting these specific requirements:

  • To be registered with either a Financial Crimes Enforcement Network (FinCEN) as a Money Services Business and with at least one state as a money transmitter; or a federal or state chartered bank entity. 
  • Must comply with relevant legal requirements, including any local legal requirements, whether at a state or federal level.
  • Must ensure their ads and landing pages comply with all Google Ads policies.

There are still some categories in the crypto space that will not be permitted to advertise. These include Initial Coin Offerings (ICOs), Decentralised Finance (DeFi) trading protocols, and “Ad destinations that aggregate or compare issuers of cryptocurrencies or related products”. For an exhaustive list of restricted financial products, have a look here.

Since all previous certifications will be revoked after August 3, advertisers will need to create a new application using the application form that Google will publish on July 8. This policy will apply to all accounts globally, and will need to comply with local legislation and the laws of targeted territories.

Why Crypto Ads Were Banned

This policy change comes after a three-year ban on advertising cryptocurrencies where at one stage even “Ethereum” was added as a blacklisted word in the ads filter.

Google caused quite a stir back in 2018 when it banned crypto advertising, following a ban implemented by Facebook. Both companies cited the sudden spike of crypto offers coaxing investors into making speculative investments, and the ban was a precautionary measure to protect their customers.

By the end of June 2018, other social media conglomerates, Snapchat and Twitter, also issued crypto-ad bans. However, some critics have long accused Google of not properly addressing crypto ad scams which have claimed various institutional and retail victims.