To the moon and hack: Fake SafeMoon app drops malware to spy on you

Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze

 

Martina López

Cybercriminals are trying to capitalize on “the next big thing” in the turbulent cryptocurrency space in an attempt to take remote control of people’s computers and then steal their passwords and money. A campaign spotted recently impersonates the SafeMoon cryptocurrency app and uses a fake update to lure Discord users to a website that distributes a well-known remote access tool (RAT).

SafeMoon is one of the latest altcoins to, well, shoot for the moon. Ever since its inception six months ago, SafeMoon has been highly popular (and duly volatile), with the craze propelled by influencers and numerous enthusiasts on social media. The buzz hasn’t escaped the notice of scammers, as swindles targeting cryptocurrency users – including fraud that namedrops celebrities to give it some extra allure – have been running rampant for years.

Houston, we have a problem

The ruse exploiting SafeMoon’s sudden popularity begins with a message (Figure 1) that scammers have sent to a number of users on Discord, where they pose as the official SafeMoon account on the site to promote a new version of the app.

 

https://www.welivesecurity.com/2021/10/06/moon-hack-fake-safemoon-cryptocurrency-app-drops-malware-spy/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

 

Google to turn on 2FA by default for 150 million users, 2 million YouTubers

Two-factor authentication is a simple way to greatly enhance the security of your account

 

Amer Owaida

Google has announced that by the end of 2021 it plans to automatically enroll 150 million users into two-step verification (2SV), a security measure also commonly known as two-factor authentication (2FA).

“For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both “something you know” (like a password) and “something you have” (like your phone or a security key),” the tech titan announced in a blog marking Cybersecurity Awareness Month.

In order to make 2SV as user-friendly as possible, Google allows user devices to double as security keys. It rolled out the feature for Android devices in 2019 before making it also available for iOS users with an update of the Google Smart Lock app in 2020.

In addition, starting from November 1^st two million YouTube creators will need to have 2SV turned on in order to access Studio, a move announced on the TeamYouTube Twitter account recently. Let’s recall that YouTube accounts are often hijacked by cybercriminals who use them to peddle all kinds of scams, including fake cryptocurrency giveaways.

https://www.welivesecurity.com/2021/10/06/google-turn-on-2fa-default-150-million-users-2-million-youtubers/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29