According to ChainCatcher news reported by Cointelegraph, tech giant Microsoft has discovered a new type of Remote Access Trojan (RAT) that specifically targets 20 cryptocurrency wallet extensions in the Google Chrome browser to steal crypto assets.The Microsoft Incident Response team revealed in a blog post on March 17 that they first detected the malware named StilachiRAT last November. This software is capable of stealing credentials, digital wallet information, and clipboard data stored in the browser. Once deployed, attackers can use StilachiRAT to scan the configuration information of the 20 cryptocurrency wallet extensions to steal crypto wallet data, including wallets such as Coinbase Wallet, Trust Wallet, MetaMask, and OKX Wallet.Microsoft's analysis pointed out: "Research on the WWStartupCtrl64.dll module of StilachiRAT, which contains RAT functionality, indicates that it employs multiple methods to steal information from the target system." Among other features, the malware can extract credentials stored in the Google Chrome local state file and monitor clipboard activity to obtain sensitive information such as passwords and encryption keys. It also has detection evasion and anti-forensics capabilities, such as clearing event logs and checking if it is running in a sandbox to thwart analysis attempts.Currently, Microsoft has not been able to identify the perpetrators behind the malware but hopes to reduce the number of potential victims by publicly sharing information. Microsoft advises users to take measures to avoid becoming victims of the malware, including installing antivirus software, and cloud-based anti-phishing and anti-malware components on their devices.

ChainCatcher news, according to Protos, developer "Calle" warned of vulnerabilities in the Lightning Network, indicating that nodes running versions lower than LND 0.18.5 or LITD 0.14.1 have security risks. This vulnerability allows hackers to remotely manipulate the payment status of Lightning invoices, thereby stealing funds.Pavol Rusnak, co-founder of Satoshi Labs, also issued a similar warning, urging Lightning Network users to update their node software as soon as possible. The vulnerabilities have been fixed in LND 0.18.5 and LITD 0.14.1, but since LND 0.18.5 was only released last week, many nodes have yet to update and remain at risk.

ChainCatcher news, payment company Stripe has partnered with HR platform Remote, allowing Remote's clients to pay contractors directly with stablecoins, starting with USDC on Base.The service is initially available to U.S. customers, enabling contractors in 69 countries to receive near-instant payments or alternative payments in their local currency.

ChainCatcher news, Binance founder Zhao Changpeng shared some updates about the educational project Giggle Academy on X. He stated: "We now have a team of 10 people. Some are part-time, some are full-time. All are managed remotely. We have group calls three times a week, in addition to occasional small chats. Recruitment is ongoing. I conduct dozens of interviews every week. Our initial goal is to build a team of 15 people.We have finalized the content for the first voice (English) lesson, which is currently in production. During the production process, we made some adjustments. We will not produce the web version first. We will produce the Android version first. There are several reasons for this. In our target market, Android is likely the first device that every household buys before purchasing a laptop. Smartphones also have touch screens, making it easier for children to interact with them. Plus, there are push notifications."

ChainCatcher message, according to community reports, several members of the crypto community have reported that their private keys have been stolen, with speculation suggesting that this situation is due to the use of the Bit Finger browser.In response, the official Bit Finger browser stated in the community that certain versions of WPS For Windows have a remote code execution vulnerability, which attackers can exploit to execute arbitrary code on the victim's target host, taking control of the host, etc.Currently known affected versions include WPS Office 2023 Personal Edition below 12.1.0.15120 (inclusive), and WPS Office Institutional Editions (such as Professional Edition, Professional Enhanced Edition) below 11.8.2.12055 (inclusive).This vulnerability is relatively easy to trigger, and users may have already been attacked by hackers after clicking on unknown links.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds tweeted that WinRAR has a remote code execution vulnerability (CVE-2023-40477). Attackers can exploit this vulnerability to execute code by enticing targets to visit a malicious page or simply by opening a malicious file. Once the user executes it, it may allow hackers to take control of your computer.Cryptocurrency users should be aware to upgrade, and also note that the so-called 'WinRAR vulnerability detection tool' currently appearing is also a malicious phishing program, be cautious of financial risks.

ChainCatcher message, Succinct tweeted that its application for the RFP to build a proof of concept for Optimism remote static calls has been accepted by the Optimism Foundation. If the integration feature is implemented, it will allow users to query L1 state from any L2 contract using precompiles, including reading Chainlink's L1 data for DeFi protocols on L2, and governance voting on L2 weighted by L1 ERC20 token balances.

ChainCatcher news, according to Slow Fog news, Apache RocketMQ has issued a serious security alert, disclosing a remote command execution vulnerability (CVE-2023-37582) with a publicly available PoC on the internet, and there have been cases of attacks.Apache RocketMQ is an open-source distributed messaging and stream processing platform that provides scalable low-latency messaging and stream data processing capabilities, widely used in scenarios such as asynchronous communication, application decoupling, and system integration. The cryptocurrency industry has many platforms that use this product for message services, so please be aware of the risks.Vulnerability description: When the NameServer component of RocketMQ is exposed to the external network and lacks an effective authentication mechanism, attackers can exploit the configuration update feature to execute commands as the system user running RocketMQ.Affected versions:＜RocketMQ 4.9.7＜RocketMQ 5.1.2Remediation:Users of RocketMQ 4.x should upgrade to version 4.9.7 or above;Users of RocketMQ 5.x should upgrade to version 5.1.2 or above. (Source link)

ChainCatcher news, according to a tweet from SlowMist, the Nuxt.js remote code execution vulnerability (CVE-2023-3224) PoC has been made public on the internet, and there have been cases of attacks. Nuxt.js is a lightweight application framework based on Vue.js, used to create server-side rendered (SSR) applications, and can also serve as a static site engine to generate static site applications, featuring elegant code structure layering and hot reloading.There is a code injection vulnerability in Nuxt, which allows remote unauthorized attackers to inject malicious code and gain access to the target server's permissions when the server is started in development mode. Versions Nuxt == 3.4.0, Nuxt == 3.4.1, and Nuxt == 3.4.2 are all affected. Many platforms in the cryptocurrency industry use this solution to build front-end and back-end services, so please be aware of the risks and upgrade Nuxt to version 3.4.3 or above. (Source link)

ChainCatcher news, Ethereum 2.0 client Lodestar has released version V1.6.0. The new version updates and improves many features, including the addition of support for monitoring the client through a remote server.This new version requires users to update their beacon nodes and validator clients to ensure compatibility. Additionally, the v1.6.0 new version does not yet support the Shapella upgrade. (source link)

ChainCatcher news, according to Bloomberg, former FTX CEO SBF has refused to testify remotely in the Voyager Digital bankruptcy case. SBF's lawyer, Marc R. Lewis, requested the court on Tuesday to reject the subpoena issued by the lawyer for Voyager's unsecured creditors. The lawyer argued that the subpoena should be quashed because it was not properly served and that SBF may need to invoke his Fifth Amendment rights to avoid self-incrimination.Earlier reports indicated that on February 19, representatives of Voyager's unsecured creditors had requested documents from former FTX CEO SBF and several executives from FTX and Alameda Research, and demanded that SBF testify remotely.

ChainCatcher news, Voyager's unsecured creditors have requested documents from former FTX CEO SBF and several executives from FTX and Alameda Research, and have issued a subpoena to SBF, requiring him to testify remotely on February 23.According to a document from the U.S. Bankruptcy Court for the Southern District of New York dated February 18, SBF has received a "subpoena to testify in the bankruptcy case." Additionally, Voyager has requested that SBF provide all requested "documents and communications" by February 20. (source link)

ChainCatcher news, according to Fortune magazine, GitHub announced it will lay off 10% of its staff before the end of the fiscal year and will close all offices when leases expire, shifting to remote work. GitHub CEO Thomas Dohmke stated in a company-wide letter that this move aims to protect the short-term health of the business while being able to invest in long-term strategies. (Source link)

ChainCatcher news, the Solana ecosystem decentralized exchange Raydium has released an investigation report on the hacking incident. The report states that the Pool Owner account, which could extract liquidity pool funds, was initially deployed on a virtual machine with dedicated internal servers, and there is no evidence that the private key of the Pool Owner account was locally transmitted, shared, transferred, or stored outside of its initially deployed virtual machine. Preliminary suspicions suggest that the attacker may have remotely accessed the virtual machine or internal server where the account was deployed. The attack involved seven tokens: ETH, USDC, RAY, SOL, stSOL, UXP, and ZBC, with a total amount of approximately $4.4 million.Raydium stated that patches had previously been deployed to revoke the permissions of the attacked address and transfer the permissions to a cold wallet address. Additionally, unnecessary management parameters were removed yesterday at 18:27 Beijing time to prevent the liquidity pool from being affected. Raydium is currently determining the impact of the hacking incident on the liquidity pool and is also working with the Solana team, third-party auditors, and centralized exchanges to locate the attacker. They are willing to offer 10% of the stolen amount and the stolen RAY as a bounty in exchange for the return of the stolen funds. (Source link)