Security News

Scammers pose as crypto support on Twitter

Plus, Messenger Kids pulls them in while Instagram tells kids to take a break

A crypto support bot scam discovered in May has now increased and widened its breadth of targeted cryptocurrency users. The way it works is that scammers monitor every tweet on Twitter for specific keywords, such as the crypto platform names “MetaMask,” “Phantom,” “Yoroi,” and “Trust Wallet,” as well as other words like “support,” “help,” and “assistance.” When such a tweet is detected, the scammer’s bot instantly replies to the user, offering false assistance and urging them to click a link. If the user falls for it, the scammer then works on the user, using social engineering to obtain the recovery phrase for the user’s cryptocurrency account. Once the scammer gets that, they steal that user’s cryptocurrency.

“Cryptocurrency is the cybercriminal’s preferred currency nowadays,” said Avast Security Evangelist Luis Corrons. “While traditional phishing scams went after users' online banking credentials, the process was messy, less anonymous, and needed to involve money mules. With cryptocurrency, however, everything is easier and way more anonymous. If they get their hands on a wallet recovery phrase, they can steal it and make it theirs instantly, and there is no way for the real owner to get his money back.” For more on this story, see Bleeping Computer

Messenger Kids gets an upgrade

Meta has announced that the child-friendly version of Meta Messenger, designed for kids 6-12, will be getting some new features in the coming weeks, including dark mode and voice effects. Dark mode has been available for the regular version of Messenger since 2019, but will now be made available for Messenger Kids. The new voice effects feature allows users to play with audio filters after they’ve recorded a voice message, giving them the option to sound like a robot, ghost, gorilla, mouse, or as if they’re talking into a seashell. For more on this story, see The Verge

Instagram “take-a-break” feature launches next week

The same week Instagram chief Adam Mosseri appeared before the U.S. Senate to answer questions about online safety, the company announced that its “take-a-break” feature will launch next week in the U.S., Canada, U.K., Ireland, Australia, and New Zealand. The feature prompts any user who has been scrolling for a certain amount of time to take a break from the platform, advising them to set reminders for future breaks as well. Teenage users will also be prompted to turn on break reminders, and a new feature coming in March 2022 will allow parents to see how much time their children spend on the app. For more details, see BBC News

One year later, Nobelium hackers still use formidable TTPs

Hackers associated with the SolarWinds hack last year have been observed continuing to use the same tactics, techniques, and procedures (TTPs) to hack into a large number of private databases as quickly as possible. The SolarWinds hack was a Kremlin-based operation that targeted network management provider SolarWinds, thereby gaining access to the networks belonging to 100 of its highest-profile customers, including U.S. federal agencies. Microsoft named the hacking group Nobelium, and some of its members are still currently active, now attacking cloud solution providers (CSPs) in order to gain access to their clients’ networks. For more, see Ars Technica

Life360 family app sells its users’ location data 

According to The Markup, popular family safety app Life360 sells precise location information on its 33 million users. “Through interviews with two former employees of the company, along with two individuals who formerly worked at location data brokers Cuebiq and X-Mode, The Markup discovered that the app acts as a firehose of data for a controversial industry that has operated in the shadows,” reads the report. It goes on to say that the raw location data captured by the app is highly valuable information and sold to about a dozen different data brokers. Life360 has been selling data since 2016, but CEO Chris Hulls said that the company does not sell to government agencies or law enforcement. 

This week’s ‘must-read’ on The Avast Blog

Throughout this year, cybercriminals continued to take advantage of the Covid-19 pandemic, exploiting people’s habits formed during lockdown to spread scams. Join us as we take a look at the most prominent security threats of 2021.