49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets

Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
Using a familiar phishing method to target new brands.

The 49 browser add-ons, potentially the work of Russian threat actors, were identified (find the list here) by researchers from MyCrypto and PhishFort.

"Essentially, the extensions are phishing for secrets — mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto. "Once the user has entered them, the extension sends an HTTP POST request to its backend, where the bad actors receive the secrets and empty the accounts."

Motivation and Purpose

We keep an eye on the type of attacks that come to cryptocurrency users on a daily basis and often write about our findings to help educate the community. We’ve seen various types of attacks on users, ranging from simple trust-trading scams to SIM hijacking to compromising and stealing funds from exchange accounts.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies.

👉🏼 Read more:
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9

https://thehackernews.com/2020/04/chrome-cryptocurrency-extensions.html

#hijacking #cryptocurrency #wallets #google #chrome #browser #extensions
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Signal: We’ll be eaten alive by EARN IT Act’s anti-encryption wolves.

Recent weeks have been rough, with droves of people turning to virtual communication for sensitive conversations they’d like to keep private – medical visits, seeing friends’ faces and hearing their voices, or solace for those who’ve lost loved ones.

Understandably, the end-to-end (E2E) encrypted messaging app Signal has been signing up new users at “unprecedented” rates and flipping the switch on servers “faster than we ever anticipated,” Signal’s Joshua Lund said last week.

… and you can say goodbye to any of that staying stateside if the EARN IT Act passes.

https://nakedsecurity.sophos.com/2020/04/15/signal-well-be-eaten-alive-by-earn-it-acts-anti-encryption-wolves/

Earlier Post - HERE

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Google and Apple have conspired to install tracking spyware into your smartphones with the coronavirus excuse in a mandatory update

https://9to5google.com/2020/04/13/android-contact-tracing-google-play-services/

Here are some ways to avoid it:

1 Don't use Apple, it's a closed source tyranny, destroy them

2 Get devices like #pinephone, #librem or other non Android #phones instead

3 If you have an Android, be sure you can unlock the bootloader to be able to install a clean operating system (rom) free from Google spyware (without gapps).
Search on the internet your phone model + unlock bootloader.
Then install a recovery like twrp and from it a rom without gapps

4 Check out these instructions for Android if you don't have unlocked bootloader or root:
https://old.reddit.com/r/privatelife/comments/g13tyz


📡 @NoGoolag
#google #apple #gapps #mandatory #update #tracking #spyware #why

Changelog : v3.2.5
• Fixed auto install issues for bulk updates
• Fixed no-network issues for Anbox setups
• Various other bug fixes and improvements
• Updated Translations

PS:

Aurora Store wont be updated regularly now onwards,
only critical updates will be rolled out. No more feature requests.

Don't worry its not Aurora Store's EOL.

I just want to shift my focus to other Aurora projects.
I will not be a student always, getting pocket money from family, I need to earn now.

So not all my apps will be Open Source & Free.

Looking forward !

https://t.me/AuroraSupport
https://t.me/AuroraOSS

We are not far from the point where the US digital technology companies will become the virtual passport authority of the world, determining who is allowed to move within which radius. In future, even the physical contacts of every carrier of an Android or Apple smartphone will be recorded and evaluated by the USA.
— Norbert Häring

Wir sind nicht mehr weit davon entfernt, dass die digitalen Technologiekonzerne der USA virtuelle Passbehörde der Welt werden, die bestimmt, wer sich in welchem Radius bewegen darf. Sogar die physischen Kontakte jedes Trägers eines Android oder Apple-Smartphones sollen künftig erfasst und von den USA aus auswertbar sein.
— Norbert Häring

#id2020 #agenda #Privacy #HumanRights #Apple #Google #CorporatoCracy
✊ @noGooLag! @LibreWare

Kiwi browser

Kiwi browser (phone chromium with extensions support) just got open sourced

https://forum.xda-developers.com/showpost.php?p=82317933

https://github.com/kiwibrowser/src

Do tell us if it compiles. Also you might want to ask the dev to submit it to FDroid

@nogoolag @libreware
#kiwi #browser #chromium #extensions

Changelog : 3.2.6

• Bug fixes & improvements

PS : This build will clear all saved preferences just to avoid inconsistencies from version 3.1.x to 3.2.5

Configure your blacklists accordingly.

Hackers selling 267 million Facebook records on hacker forum.

Currently, the trove of 267 million Facebook records are being sold for around $600 on the hacker forum.

Facebook has more than 2.5 billion monthly active users and when its data is breached, that’s bad news for everyone. Today is one of those days where personal data of millions of unsuspected users has been put at risk.

In December 2019, Hackread.com reported that a misconfigured Elasticsearch server exposed the personal information of 267 million (267,140,436) users. These records mostly belonged to users in the United States and included Facebook profiles, full names, a unique ID for each account and timestamp, etc.

https://www.hackread.com/hacker-forum-sell-267-million-facebook-records/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Changelog : 1.0.6

1. Use same color scheme for both the charts

Changelog : 3.2.7

• Fixed api building when session expires

Access data of the World Health Organization - Bill-Gates Foundation - Wuhan Institute of Virology hacked ... 👀

‼️ World Health Organization
http://archive.is/JIJ2b

‼️ Bill-Gates Foundation
archive.is/j6sgo

‼️ Wuhan Institute of Virology
https://archive.is/UtQGz#selection-247.0-247.59

#hacked #WHO #BillGates #Wuhan
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

microG developer will be back in 1-2 weeks

https://gist.github.com/mar-v-in/c8254168c63361c5094de13a7afea344

Hello everyone,

As many of you have noticed there had been very little involvement of me with microG over the last months.

tl;dr: I'll be back for microG work in 1-2 weeks.

I am mostly unemployed since beginning this year. There are several reasons for that and things not working out as expected, but I am not completely unhappy about that.

Another open-source project I am maintaining had it's first release. This was originally planned to happen by end of last year, but that didn't work out as expected and thus took most of my time in January.

As I need to have some income, I worked intensely for two weeks in early February as a freelancer. This worked, but turned out to be more exhausting than expected, so the fourthcoming week I wasn't actually productive.

Due to reasons™ (not to be named or speculated on) I wasn't able to work productively in most of March.

I did work on several smaller and mostly independant things. For example I contributed to the advancement of OMEMO protocol (the end-to-end-encryption protocol of XMPP), including the first implementation of the new version.

These things were collaborative efforts and often long planned in advanced, so I handled them with priority.

Another open-source project I am maintaining is preparing for it's first release. This didn't happen yet, but hopefully will happen very soon.

I do have several things done for microG that never made it into any repository:

Major changes in UnifiedNlp (planned to become a 2.0 release).
Major refactor of GMS repositories (#859)
Various fixes for applications crashing.

As there is potential for these changes to conflict with pending PRs, I didn't felt comfortable with merging them just now to reduce the overall workload.

Now I heard that several people are working on forks of microG. That's great to see. But please do create pull requests and/or document in any other way what you changed, so I can merge/catch up as soon as I have the time to do so.

I'd also like to mention again that I am very open to grant contributor rights to the main microG repository to more people. "Requirements" are you are willing to contribute more than once, review and merge pull requests and fix issues arised through the changes you introduced. Please let me know through any means if you fit in here.

Marvin



Here are some ways to support microg development economically:
https://t.me/NoGoolag/2479


📡@NoGoolag
#microg #developer #marvin

Google has issued a warning for Chrome users.

Internet search giant Google has issued a security warning for its Chrome web browser users. The company has issued a Chrome update telling its users that it includes a security fix. The new update of the browser— version 81.0.4044.113 — has been rolled out for Windows, Mac and Linux. The new update comes only with security fixes, however, the company is not sharing any details about that as of now. In a small note, Google explains, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

https://www.gadgetsnow.com/tech-news/google-has-issued-a-warning-for-chrome-users/articleshow/75242916.cms

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

New Michael Moore-Backed Documentary On YouTube Reveals Massive Ecological Impacts Of Renewables

Over the last 10 years, everyone from celebrity influencers including Elon Musk, Arnold Schwarzenegger, and Al Gore, to major technology brands including Apple, have repeatedly claimed that renewables like solar panels and wind farms are less polluting than fossil fuels.

But a new documentary, “Planet of the Humans,” being released free to the public on YouTube today, the 50th Anniversary of Earth Day, reveals that industrial wind farms, solar farms, biomass, and biofuels are wrecking natural environments.

https://www.youtube.com/watch?v=Zk11vI-7czE

https://www.invidio.us/watch?v=Zk11vI-7czE

https://planetofthehumans.com


#planetofthehumans #doc #documentary #energy #environment #earth

Stop the corona app! Researchers from all over the world are warning against data misuse and unforeseen monitoring possibilities ⬇️
@swprs

#DeleteFacebook #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Facebook agrees to restrict anti-government content in Vietnam after months of throttling.

Facebook has agreed to block access to certain anti-government content to users in Vietnam, following months of having its services throttled there, reportedly by state-owned telecoms.

Reuters, citing sources within the company, reported that Vietnam requested earlier in the year that Facebook restrict a variety of content it deemed illegal, such as posts critical of the government. When the social network balked, the country used its control over local internet providers to slow Facebook traffic to unusable levels.

https://techcrunch.com/2020/04/21/facebook-agrees-to-restrict-anti-government-content-in-vietnam-after-months-of-throttling/

https://techcrunch.com/2019/01/09/vietnam-threatens-to-penalize-facebook/

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Copyright and Crisis: Filters Are Not the Answer.

It’s been a joke for years now, from the days when Facebook was just a website where you said you were eating a sandwich and Instagram was just where you posted photos of said sandwich, but, right now, we really are living our everyday lives online. Teachers are trying to teach classes online, librarians are trying to host digital readings, and trainers are trying to offer home classes.

https://www.eff.org/deeplinks/2020/04/copyright-and-crisis-filters-are-not-answer

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

How Facebook Figures Out Everyone You've Ever Met

‼️ Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users.

👉🏼 Read more:
https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691

#DeleteFacebook
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Here are some ways to support microg development economically

All issues that have [$] in the title have the price already paid to Bountysource, not just promised.
Bountysource is the site where you pay the bounty, and when someone fix/implement the issue then the site will pay him/her.

https://github.com/microg/android_packages_apps_GmsCore/issues?q=label%3Abounty

https://www.bountysource.com/teams/microg/issues


microG also accepts donations via Liberapay:
https://liberapay.com/microG


https://microg.org

https://github.com/microg

Issues
https://github.com/microg/android_packages_apps_GmsCore/issues

Pull requests
https://github.com/microg/android_packages_apps_GmsCore/pulls


#microg #bounty #donate #development