Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #40

Weekly News Digest #40

Share via:

US schools targeted by the new GoLang Trojan ChaChi

ChaChi is written in the Go programming language and has been actively used to commit an attack against different US institutions such as schools and government bodies. According to the statement made by BlackBerry Threat Research research team, ChaChi has also been actively used to commit ransomware attacks. Currently, malicious groups are shifting from using C and C++ programming languages and start widely adopting the GoLang (Go) programming language taking into account its versatility and ease of cross-platform code compilation.

For the last few years, there has been a 2,000% increase in the number of Go-based samples. ChaChi appeared in the hands of malicious actors in the first half of 2020 and was linked to cyberattacks against local authorities in France. The latest samples of this malware are linked to cyberattacks initiated against US educational institutions. The modern sample of ChaChi can perform such activities as data exfiltration, backdoor creation, credential dumping, etc.

Warning by Microsoft: attackers use the call centre to force you to download ransomware

Security specialists of the technological giant Microsoft are fighting against the criminal group BazarCall that utilizes call centres to infect victims’ computers with malware called BazarLoader. It is a malware loaded that is used by malicious actors to distribute ransomware. The criminal group has been utilizing the scheme involving call centres since January 2021. According to Brad Duncan from Palo Arto Network, backdoor access to an infected Windows computer is provided via this malware. Upon infecting clients criminals start exploiting this backdoor access to send follow-up malware, carry out the environment scanning, and exploit other vulnerable hosts in the network.

The cyberattack starts with sending phishing emails to victims containing advice regarding the trial subscription expiration. These emails also contain information forcing clients to call a number to cancel the trial to prevent being charged a monthly fee. Microsoft is actively fighting against this criminal group since the threat actors are targeting the users of Office 365. When victims contact the call centre, it starts instructing them on how to download the specified file to cancel their subscription. The Excel file downloaded by victims contains a malicious macro that downloads the payload.

226.3 million ransomware attacks detected by SonicWall this year

The global detection network of SonicWall detected more than 226 million ransomware attacks between January and May 2021 that constitutes a 116% increase compared to the same period in 2020. The company explains the rapid increase in the number of committed ransomware attacks by the profitability of this type of cyberattacks for malicious actors. SonicWall observed this increase in almost every region of the world including the United Kingdom and the USA. Ransomware attacks force companies into constant defence stance. There is no consensus in the industry regarding how to combat ransomware as a whole.

Ransomware attacks draw the attention of both law enforcement agencies and famous political figures. However, even they cannot propose the structured plan on how to against against this type of cyberattacks. According to SonicWall CEO, private and public sectors should try to unite their efforts to prepare adequate response to this growing threat. Ransomware attacks have already become a national security issue in most countries including the USA.

DoS attacks and data thefts are enabled by bugs in Nvidia’s Jetson Chipset

Millions of internet of things (IoT) devices running NVIDIA’s Jetson chips contain flaws that enable a number of hacks including data siphoning and denial-of-service (DoS). Nine patches were released by Nvidia to address 9 vulnerabilities with the high-severity level and 8 less severe bugs. A wide swath of NVIDIA’s chipsets that are typically used for machine learning applications, autonomous devices like robots and drones, and embedded computing systems are fixed by the released patches. The patches were delivered in NVIDIA’s June security bulletin.

The most severe bug detected tracked as CVE‑2021‑34372 makes the Jetson framework open to buffer-overflow attacks initiated by adversaries. An adversary just needs to have little to low access rights to launch an attack. The exploitation of thi vulnerabilty could allow attackers to sabotage and manipulate the targeted systems. The severity rating of other vulnerabilities patched by NVIDIA range between 7 and 7.9. The exploitation of 6 bugs could result in DoS attack.

Brothers from South Africa vanished along with virtual assets worth $3.6 billion

The huge amount of cryptoassets in Bitcoin have vanished from the cryptocurrency investment platform owned by South African pair of brothers. Investors hired a Cape Town law firm that contacted the elite unite of the national police force called Hawks. The loss of more than 69,000 coins may constitute the biggest loss of cryptoassets in history. The incident may force regulatory bodies to impose stricter order in the industry. In April 2021, the elder brother who is the Chief Operating Officer of Africrypt Ameer Cajee informed investors that the platform experienced a hack but asked clients not to report the incident to lawyers and other bodies.

However, a few sceptical investors contacted the law firm Hanekom Attorneys. When investigating the case, the law firm found that virtual assets were transferred from Africrypt South African accounts and client wallets and then the coins passed through a number of tumblers and mixers so that the funds became untraceable. The company Africrypt was founded in 2019 and since then has offered huge returns to investors. As of now, its website is down and all phone calls to brothers go directly to voicemail.