Check Point Research has uncovered a crypto wallet drainer app that was active on the Google Play Store for over five months, stealing more than $70,000 from unsuspecting users. The malicious app masqueraded as WalletConnect, a popular tool for linking crypto wallets to decentralised finance (DeFi) apps. Despite being disguised as a legitimate app, it managed to evade detection through advanced techniques and fake reviews, gaining over 10,000 downloads.
The app, originally named ‘Mestox Calculator,’ tricked users into connecting their wallets and accepting permissions, allowing attackers to drain funds. Although not all users were affected, over 150 victims lost substantial sums. The app was eventually removed from the store, but its ability to avoid detection highlighted gaps in-app verification processes on platforms like Google Play.
Check Point Research emphasised the increasing sophistication of cybercriminals and urged both users and app stores to remain vigilant. The researchers warned that even seemingly harmless apps can pose a serious financial threat in the Web3 world, stressing the importance of educating users about these risks.
Cybersecurity experts have uncovered a novel tactic used by hackers to deliver malware for covert crypto mining. Hackers are now exploiting automated email replies from compromised accounts to infect businesses in Russia, including financial institutions, with the XMRig mining tool. Since May, over 150 emails containing this malicious software have been detected, but most were blocked by Facct, a leading threat intelligence firm.
This technique is particularly dangerous as it involves victims initiating contact, and expecting a reply from their initial email. Due to this established communication, many are unsuspecting of the malware attached. Facct urges organisations to stay vigilant by conducting regular cybersecurity training and adopting strong passwords with multifactor authentication.
The XMRig software, often used in crypto mining attacks, has been part of several widespread malware campaigns since 2020, highlighting the persistent threat of cybercriminals using innovative methods to target vulnerable systems.
The United States has imposed sanctions on Russian national Sergey Sergeevich Ivanov and cryptocurrency firm Cryptex, which operates in Russia despite being based in Saint Vincent and the Grenadines, according to the Treasury Department. The sanctions target individuals and organisations involved in facilitating cybercrime and illicit financial activity.
Additionally, the United States Treasury’s Financial Crimes Enforcement Network identified Russian crypto exchange PM2BTC as a ‘primary money laundering concern.’ Officials stressed their commitment to preventing cybercrime networks like PM2BTC and Cryptex from continuing operations, according to acting undersecretary Bradley Smith.
The US State Department has also announced rewards of up to $10 million for information leading to the arrest or conviction of Ivanov and Timur Shakhmametov for their involvement in transnational organised crime. It is also offering rewards of up to $1 million for information on the leaders of crypto exchange PM2BTC and stolen credit card marketplaces PinPays and Joker’s Stash.
These efforts underscore the US government’s continued crackdown on cybercriminal networks and illicit financial activities that threaten global security and economic stability.
British police announced on Thursday that they are investigating a cyberattack that displayed an Islamophobic message on Wi-Fi services at major railway stations. Passengers trying to connect to the Wi-Fi encountered a message referencing terror attacks, leading to the immediate shutdown of the system managed by communications group Telent. The British Transport Police reported that they received notifications about the incident at approximately 5:03 p.m. on September 25.
The incident occurred amid heightened tensions in Britain, where anti-Muslim riots erupted over the summer following the tragic killing of three young girls. Misinformation initially blamed the attack on an Islamist migrant, further inflaming community tensions. In response, the police are working closely with Network Rail to investigate the cyberattack promptly.
Following the incident, which impacted 19 stations including London Bridge, London Euston, Manchester Piccadilly, and Edinburgh Waverley, Network Rail confirmed that the Wi-Fi service remained offline. Telent stated that no personal data was compromised in the hack, explaining that an unauthorised change was made to the Network Rail landing page using a legitimate administrator account. As a precaution, Telent temporarily suspended all Global Reach services to verify that other customers were not affected. Network Rail expects the Wi-Fi service to be restored over the weekend after conducting final security checks.
Julian Assange, the former Wikileaks editor-in-chief, has secured a plea deal, with his sentence commuted to time served. He is now set to travel to Saipan before returning to Australia. Despite his release, the financial burden remains, with his fiancée, Stella Assange, disclosing that the cost of his journey to freedom is estimated at $520,000. The family is urgently appealing for funds to cover travel and recovery expenses.
To help raise these funds, a BTCPay Server has been set up, enabling donations through Bitcoin or the Lightning Network. Assange’s brother, Gabriel, confirmed the platform, allowing secure, decentralised contributions. Julian’s connection to Bitcoin is long-standing, having been part of the cryptocurrency’s history, including discussions with its creator, Satoshi Nakamoto, regarding its use for Wikileaks when PayPal froze their accounts.
As Assange embarks on the next chapter of his life, the Bitcoin community continues to rally behind him, with a recent donation of 8 Bitcoins (around $500,000) further showcasing the role of cryptocurrency in supporting his cause.
Truflation, a blockchain-based inflation data platform, has confirmed falling victim to a malware attack. The project reported detecting abnormal activity on 25 September, which led to an estimated loss of up to $5.2 million. Blockchain analysts have tracked the losses from Truflation’s treasury and personal wallets on Ethereum, with additional losses spread across seven other blockchains.
The team is now working with law enforcement and industry partners to resolve the issue. They have also reached out to the hacker, seeking negotiation, while offering rewards to white-hat hackers who can assist. Despite the breach, Truflation has reassured its customers that their funds and staking operations remain secure.
Truflation’s token, TRUF, fell by 15.6% following the incident, though it has since partly recovered. Truflation provides real-time economic data and recently launched a marketplace that tracks commodity indexes such as sugar, petroleum, and wheat.
MoneyGram has acknowledged that its recent multiday outage is due to a cybersecurity issue, and the firm is progressing in restoring its services. The company revealed on X that it had identified the problem affecting certain systems and launched an investigation after users reported disruptions beginning on 20 September.
The Dallas-based financial services company stated that it took immediate protective measures, including taking some systems offline to address the connectivity issues. MoneyGram is collaborating with law enforcement and external cybersecurity experts to mitigate the impact of the breach. In a follow-up post on 24th September, the firm announced that it is successfully restoring some key transactional systems.
Although MoneyGram has assured users that pending transactions will be processed once systems are back online, it has not disclosed details about the nature of the cybersecurity issue, including whether any sensitive data may have been compromised. Additionally, there is no timeline yet for when full service will be resumed.
This incident occurs amid a notable increase in crypto-related ransomware attacks, with reports indicating a significant rise in ransom payments this year. MoneyGram, a major player in money transmission, recently ventured into the crypto space, launching fiat exchange services and partnering with CEX.io to offer fiat-to-stablecoin options.
Caroline Ellison, former CEO of Alameda Research, has been sentenced to two years in prison for her involvement in the collapse of the cryptocurrency exchange FTX. The case, one of the largest financial scandals in US history, saw Ellison plead guilty to fraud charges and cooperate extensively with authorities to secure the conviction of FTX founder Sam Bankman-Fried, who received a 25-year prison sentence.
Ellison’s legal team had requested time served and supervised release, emphasising her crucial role in helping federal investigators uncover the misuse of billions in customer funds. However, District Judge Lewis A. Kaplan, while acknowledging her cooperation, ruled that Ellison must still serve time and forfeit around $11 billion.
Her cooperation with prosecutors has been central in exposing the FTX scandal, but the court concluded that her involvement in the mismanagement of funds warranted a prison sentence, drawing attention from legal experts and the broader crypto community.
Data from millions of Star Health customers, including sensitive medical information, is being accessed and sold via Telegram chatbots. The breach comes just weeks after Telegram’s founder was criticised for failing to prevent criminal activity on the platform. The hacker responsible claims to possess data from over 31 million customers, with some available for free through the chatbots and bulk data offered for sale.
Star Health, one of India’s largest health insurers, stated that it has reported the breach to local authorities but reassured customers that sensitive data remains secure. Initial assessments revealed no evidence of a widespread compromise, despite reports of leaked documents including medical diagnoses, tax details, and ID copies.
Telegram’s role in enabling chatbots has made it one of the most popular messaging apps globally, with over 900 million users. However, security concerns continue to grow, particularly following the recent arrest of its founder in France. While Telegram denies any wrongdoing, it faces mounting pressure over its moderation policies.
The hacker, who operates under the alias xenZen, claimed responsibility for creating the chatbots and for holding 7.24 terabytes of data. UK-based researcher Jason Parker, who discovered the breach, revealed that the stolen data has been accessible since early August, with the chatbots distributing small samples for free.
Disney is phasing out its use of Slack for workplace collaboration after a significant data breach. A hacking group, NullBulge, leaked over a terabyte of Disney’s internal data, affecting thousands of Slack channels, according to reports. This breach included sensitive information like computer code and unreleased projects.
Disney’s Chief Financial Officer, Hugh Johnston, confirmed most departments will stop using Slack by the end of the year. Several teams have already begun transitioning to alternative tools for enterprise-wide collaboration, aiming to improve security and workflow.
The incident, reported in July by the Wall Street Journal, involved over 44 million messages from Slack channels. The company launched an investigation into the unauthorised release of data in August.
NullBulge, known for targeting software supply chains, exploits coding platforms like GitHub and Hugging Face to deceive users into downloading malicious files. Neither an American multinational mass media and entertainment conglomerate nor Slack provided immediate responses to requests for comment.
