Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Weekly News Digest #57

Weekly News Digest #57

Share via:

Massive phishing and malware campaign disrupted by Google

The malware campaign was focused on hijacking Youtube accounts and promoting cryptocurrency scams. Since May 2021 Google has blocked 1.6 million phishing emails that have been part of this malware campaign. According to the data provided by Google’s Threat Analysis Group, a network of Russian hacker subcontractors have been targeting YouTubers using cookie-stealing malware and phishing emails. By carrying out their malware campaign, attackers were live-streaming scams offering free crypto for initial contribution.

The malicious group was also getting revenue by selling hijacked YouTube accounts the price of which was ranging from $3 to $4,000. The price of an account on the black market depended on the number of subscribers. Google has already displayed 62,000 Safe Browsing phishing alerts and restored close to 4,000 hijacked accounts. The malware delivered by phishing emails has been designed to steal session cookies from browsers.

Ransom was paid by 83% of victims

According to a survey of 300 US-based decision-makers, 64% of them have fallen victim to a ransomware attack for the last 12 months and 83% of the victims have agreed to pay the ransom. The survey was conducted by the cybersecurity company ThycoticCentrify. 72% of the companies surveyed have increased their cybersecurity budgets due to the increasing ransomware threats. Close to 50% of respondents admitted experiencing the loss of revenues and reputational damage due to ransomware attacks and 42% of respondents admitted losing clients.

Emal (53%), applications (41%), and cloud (38%) were the most vulnerable vectors for ransomware attacks. The most popular step taken by companies to address threats associated with ransomware attacks was the backup of critical data and regular updates of software and systems. The results of this survey have not surprised experts since many corporations have published info regarding paying ransom to cybercriminals.

Threat actors spread malware by abusing Discord

The new multi-function malware discovered by researchers has been abusing the core functions of Discord. Several malicious GitHub repositories were found by Check Point. The repositories were featuring malware based on Discord API and malicious bots. According to researchers, by applying simple manipulations malicious actors can turn Discord bots into Remote Access Trojan (RAT). To this end, they don’t even need to download the Discord app to the targeted machine.

It’s very difficult to detect malware since the communication between attacker, Discord server, and victim’s machine is encrypted by Discord. As a result, attackers can easily infect machines and turn them into malicious bots. The only way to prevent Discord malware is to disable all Discord bots. However, this measure may heavily affect the Discord community.

Bit-and-Piece DDoS attacks: Skyrocketing growth in 2021

Bit-and-piece DDoS attacks soared by 233% in the first half of 2021. The data are provided by Nexusguard researchers in the Threat Report FHY2021. Bit-and-piece attacks target ASN-lever CSP networks by dispersing small pieces of junk traffic across a wide range of IP addresses as well as across hundreds of IP prefixes. Thereby these DDoS attacks are evading detection. 99% of DDoS attacks detected in 2021 were smaller than 10 Gbps. According to Nexusguard, malicious actors will keep on diversifying methods they use to target networks and infrastructures.

Malicious actors are using small-sized traffic they can get from cheap DDOS-for-hire services. Nexusguards also estimates that UDP-style attacks and traffic spoofing demonstrated an 84% increase in the first half of 2021. Nexusguard warns that one type of UDP-style attack may theoretically cause so-called “Black-Storm” attacks. The volume from the Black-Storm attack could terminate medium to large-sized enterprises.

Users of popular dating apps like Bumble or Tinder are at risk. Cryptocurrency hackers are coming after you

Spammers are leveraging Enterprise Signature to access users’ iPhones. Enterprise Signature is a system used by software developers to help businesses pretest their new iOS applications with selected iPhone users before these apps appear on the official Apple App Store. Hackers are luring crypto users who use popular dating apps in Europe, Asia, and the USA. The security company Sophos has uncovered a Bitcoin wallet controlled by attackers with $1.4 mln in virtual assets. The threat code identified by security researchers is called CryptoRom and it relies on social engineering.

Attackers pose convincing profiles on legitimate dating websites. Then attackers enter into communication with a potential victim. The purpose of this communication is to persuade a target to install a fake crypto trading app. Using this scam mechanism, attackers are getting access to millions of dollars.