ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23pds disclosed on social media that the popular trading tool Debot has a security risk of exposing private keys in plaintext within data packets. It is recommended that the Debot development team enhance the product's security level to protect user asset safety.

ChainCatcher news, Slow Mist CISO 23pds posted on X: "North Korean hackers have launched a cyber attack named 'Operation 99' against Web3 and cryptocurrency software developers. This operation begins with fake recruiters on platforms like LinkedIn, luring developers with project testing and code reviews.Once the victims are hooked, they are directed to clone a malicious GitLab repository that appears harmless but is filled with disaster. The cloned code connects to a command and control (C2) server, embedding malware into the victim's environment, thereby taking control of the victim's computer."

ChainCatcher message, Slow Mist CISO 23pds posted on X: "The 'JustJoin' login page suspected of North Korean hackers has reappeared."

ChainCatcher message, Slow Mist's Chief Information Security Officer @im23pds posted on social media to remind that the Lazarus organization has recently been observed no longer solely relying on video conferencing tools like Zoom and Meeting as attack vectors, but has instead shifted to using Trojan software disguised as the Willo-Talent recruitment video platform to lure recruiters into downloading and running malicious programs.

ChainCatcher message, Slow Mist's Chief Information Security Officer @im23pds posted on social media to remind that the 2024 OpenSea email service provider was attacked, resulting in email leaks. After multiple disseminations, the leaked email addresses have now been fully exposed.Please be aware of the associated risks and remain vigilant against phishing emails and other potential cyber attacks, including the email address of CZ.

ChainCatcher news, Slow Mist's Chief Information Security Officer @im23pds posted on social media to remind that the counterfeit GMGN App on the current App Store will lead users to submit their private keys.Previous news, GMGN.Ai issued a security warning, stating that a pirated IOS version of the App has appeared on the App Store, and users are advised to be cautious and avoid risks.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds posted a reminder that recently, the well-known cryptocurrency theft Trojan MacOS Stealer has been suddenly open-sourced.Previously, its attack source code was sold for 1 BTC, and now the open-sourcing means that more malicious attackers can easily access this tool. This not only potentially allows attackers to have "one tool per person" for attacks but may also give rise to more covert and complex attack methods, posing greater challenges to the security of cryptocurrency assets.

ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds stated on the X platform that the component version of the Anime task reward website is too low, and there seems to be an SSRF vulnerability, requesting the official to upgrade it.Previous news, Azuki launched an anime-related website anime.com, where registration allows joining the waiting list to receive limited edition collectibles.

ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds stated on the X platform that after analysis, it was found that Indodax's hot wallet private keys were not compromised by hackers, but rather other systems were attacked, such as signature machines.Previous news, on September 11 at 7 AM, according to Cyvers Alerts monitoring, Indodax's wallet conducted over 150 suspicious transactions across different networks, with a total loss of approximately 18.2 million USD, and suspicious addresses are exchanging various tokens for Ethereum.

ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23pds stated on the X platform that a vulnerability seller on the dark web claims to be selling an iOS RCE. According to the vulnerability seller, this vulnerability does not require user interaction (0 Click) and can fully control devices running iOS 17.xx and iOS 18.xx. Currently, it cannot be verified whether this vulnerability is real and usable. Everyone is reminded to upgrade their iOS system in a timely manner.

ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds posted on platform X, stating that according to Slow Mist's monitoring of the Web3 vulnerability bounty platform Immunefi, the address that receives a total service fee of 10% from the bounty has currently received service fees exceeding 30 million dollars.

ChainCatcher news, Slow Mist's Chief Information Security Officer (CISO) 23pds posted on social media that Authy, the popular 2FA service second only to Google Authenticator, has been hacked, resulting in the theft of 33 million users' phone numbers. If you are an Authy user, please be vigilant against phishing attacks. The official developer Twilio has confirmed the vulnerability. A large number of professionals in the cryptocurrency industry use this 2FA software, so please ensure the safety of your assets.

ChainCatcher message, Slow Mist's Chief Information Security Officer (CISO) 23pds posted on X platform stating that the first result for StakeStone on Google search is a phishing website, urging users to be cautious of the risks.

ChainCatcher message, SlowMist's Chief Information Security Officer (CISO) 23pds posted on the X platform stating that BounceBit will launch its mainnet today and distribute BB token airdrops. However, the first search result on Google leads to a phishing website, and clicking it will redirect to the phishing site bouncbit[.]io. Please be aware of the risks.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds stated on X that Mac users should be wary of a new malware named Cuckoo. This malware targets Intel and ARM-based Macs. It steals data from cryptocurrency wallets and messaging applications, spreading through music streaming channels.

ChainCatcher news, Slow Mist's Chief Information Security Officer (CISO) 23pds stated that the Lazarus organization is currently targeting the cryptocurrency industry through LinkedIn, stealing employee credentials or assets via malware.First, they contact target company managers or HR personnel through LinkedIn, pretending to be job seekers for React/blockchain developers. Then, the attackers claim to be experienced candidates and invite them to access their repository, running relevant code to assess their skill level, while in fact, the repository contains malicious code snippets.

ChainCatcher news, Slow Mist's Chief Security Information Officer 23pds posted on social media that with the SEC's approval of the BTC ETF last night, various scam groups have emerged claiming to "celebrate the approval of the BTC ETF with an Airdrop" to carry out airdrop scams, tricking users into installing fake apps or opening phishing websites to obtain signature authorization. Users are reminded to always be aware of financial risks.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds posted on platform X, stating that the open-source password manager KeePass has ads for phishing official websites appearing in Google searches. Once users enter the "fake official website," they will download trojan software. Cryptocurrency users are advised to stay alert to security risks, and Google has begun addressing this issue after receiving complaints.

ChainCatcher news, SlowMist's Chief Information Security Officer @IM_23pds tweeted that recently there have been phishing websites impersonating the Bitcoin inscription wallet and trading platform UniSat. According to SlowMist's analysis, the fake websites exhibit clear characteristics of traditional phishing gangs targeting ETH and NFTs, possibly due to the recent popularity of the BRC-20 sector, leading to the creation of phishing sites related to this field. Users are advised to be aware of the risks and to exercise caution in distinguishing them. (source link)