TikTok flooded by “Elon Musk cryptocurrency giveaway” scams.

Today, the creativity of scammers trying to take advantage of TikTok’s massive user base is quite obvious. TikTok is facing a severe problem with the proliferation of numerous fraudulent cryptocurrency giveaway scams on the platform. Scammers are going all out for their profits. They create hundreds of websites posing as crypto exchanges or free giveaway sites. According to them, the only thing a user has to do to get free cryptocurrency is to register on their site and enter the promo code from the video.

And, of course, the slight nuance that the video is silent about is to pay a small amount for account activation, which will allow the user to withdraw funds. However, the reality is grim: paying the user out is absent in such a scenario. These scams are elaborate traps that steal users’ funds, leaving them empty-handed. Besides, there’s always the chance of being double-crossed. Although this scheme is quite old, it is still very effective — as the saying goes, old but gold.

The Elon Musk impersonation

Attackers learned long ago that promoting mass fraud on behalf of famous personalities is much more effective. Regarding media personalities, the first person who is associated with cryptocurrency giveaway scams is Elon Musk. Moreover, his bizarre behavior and habit of talking nonsense in public and promoting questionable things adds credibility to any scam that mentions the name of Ilon Musk. So, the scammers publish a fake video in which Fox News or others interview Elon Musk and promote a phony cryptocurrency giveaway.

The strategy means impersonating Elon Musk and his subsidiaries, Tesla and SpaceX. They are designed to make people think they are participating in a genuine promotion. Thus, some videos contain instructions on how to log into the listed website and enter a promo code to get free bitcoins. Many websites have very similar names like Moonexio[.]com, altgetxio[.]com, and cratopex[.]com or, as in our case, bitoxies[.]com.

How cryptocurrency giveaway scams works?

It starts with a TikTok video the user can find using the hashtag #bitcoinforbeginners. We see many identical videos as if they were copied. The only thing that makes them different is the promo code, which differs for each. We open a random video, see a fragment from the interview mentioned above on the cover, and then follow instructions on registering on the site.

We open the site, register, and enter the code – voila! We have bonuses on our account. We try to withdraw them and see an error that says that to operate, and you must complete the account setup and activate it. For that, the service asks to deposit an amount equivalent to 0.005 BTC.

Obviously, after replenishing the account, you still cannot withdraw funds. The essence of this scam is to lure victims out of their funds in this way. In addition, the site asks for KYC information, with the help of which attackers will try to hack into our other legitimate accounts. This in total pushes the risks much beyond money losses.

It is also important to note that the mentioned websites may change their names, but retain the overall message. There is an entire pandemic of such sites going on – with absolutely the same design and promises, but different names.

How to avoid crypto scams?

The first thing this fraudulent scheme is based on is the unawareness of users. The second is greed and the desire to make a profit for nothing. We can help with the first, but the second comes with experience. It is essential to learn that you must pay for everything in life, and no one will give you anything for free. Besides, it would help if you did not get your investing advice from TikTok. Elon Musk’s crypto giveaways are like his promises to improve Twitter: they’re fake. Cryptocurrency is not something you can invest in just out of interest. Before investing, you should study this field well and understand it completely. Otherwise, losses are inevitable. In addition, we recommend that you only use official platforms and apps. The following red flags will help you identify scams:

• The ad promises free cryptocurrency for performing simple actions such as subscribing to an account, watching a video, or commenting on a post.
• The ad contains errors or typos.
• The ad looks informal or unprofessional.
• The ad requires entering your personal or cryptocurrency wallet information.

If you see a post or comment that fits one or more of these traits, it’s best to ignore it.

The post TikTok Flooded By Elon Musk Cryptocurrency Giveaway Scams appeared first on Gridinsoft Blog.

Recently, Twitter fulfilled a promise made by Elon Musk and published on GitHub the source code of its recommender algorithm, where a vulnerability was discovered that could send a user to a shadowban.

Numerous researchers immediately took up the study of the source code, and now one of the problems they discovered was assigned the CVE identifier. The vulnerability allows to achieve a “shadowban” of the victim, that is, someone else’s account will be hidden from others “without the right of recourse.”

Let me remind you that we also wrote that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company, and also that CERT launched Twitter bot that comes up with names for vulnerabilities.

Also the media wrote that Hacker George “GeoHot” Hotz Will Be a Twitter Intern and Promises to Fix a Search.

The issue was discovered by Federico Andres Lois while investigating the recommendation engine that powers the For You section of Twitter. According to the study, the coordinated efforts of other users can lead to a “shadow ban” of any account that is unlikely to be overcome.

In order for the victim to receive large-scale reputation penalties, it is enough to unsubscribe from him, enable mute for this account, block it or report violations.

According to Lois, Twitter’s current recommendation algorithm “allows for coordinated, non-recourse damage to [any] account’s reputation.” This issue has already been assigned CVE-2023-23218.

It turns out that any accounts that have undergone mass blocking and unsubscribing will receive a “shadowban” and will not be displayed in the recommendations of other people, while the owner of the affected account will not even know about the restrictions imposed on him. At the same time, the researcher notes that it seems that it is simply impossible to fix such a ban.

Lois writes that apps like Block Party, which allow Twitter users to filter accounts in bulk, are essentially tools that (intentionally or not) have a similar effect on users.

Many Twitter users have already started talking about the fact that the error can be used by numerous armies of bots on the platform. When a Twitter user suggested that Musk solve the problem by only allowing mute, blocking, and reporting for “blue tick” Twitter users, Musk replied that he wanted to know “who is behind these botnets”.

However, that would require Twitter to have a team of moderators, and they appear to have been fired en masse, along with other staff, when Musk took over the company last November.

Another obvious solution to the problem would be to use the entropy of time for negative signals, but according to Lois, the design of Twitter’s recommender algorithm makes it easy to overcome this. For example, by repeatedly following/unsubscribing from specific accounts every 90 days.

The post Vulnerability Found in Twitter Code That Provokes a “Shadowban” of the Victim appeared first on Gridinsoft Blog.

At the Black Hat 2022 conference, Wouters announced that he intends to make this tool available for copying.

Elon Musk has launched more than 3,000 Starlink satellites into orbit since 2018. This satellite network is designed to provide Internet connectivity in the most inaccessible places on Earth, where previously connection was unreliable, expensive or completely unavailable.

Thousands more satellites are planned to be put into orbit as it develops, and Starlink, like any other new technology, became an interest to hackers and researchers.

Now Lennert Wouters has spoken about one of the first hacks of the Starlink terminal, a satellite dish (dubbed the Dishy McFlatface) that is commonly placed on buildings. To gain access to the firmware of the dish, Wouters dismantled the terminal he bought and developed a special tool for hacking it himself.

This role was taken over by a custom board (mod-chip) that was assembled from ready-made parts, the total cost of which was approximately $ 25. Once connected to a Starlink dish, the board is used for a fault injection attack, temporarily shutting down the system to bypass Starlink’s defense mechanisms. This “glitch” eventually allowed Wouters to reach the previously blocked portions of the Starlink system.

To create the mod chip, Wouters scanned a Starlink dish and created a board to match the existing Starlink board. Its mod chip needs to be soldered to an existing Starlink board and connected with a few wires.

The mod chip itself consists of a Raspberry Pi microcontroller, flash memory, electronic switches, and a voltage regulator. When creating the board for the user terminal, Starlink engineers printed the inscription “Made on Earth by humans” on it. Wouters’ mod chip says “Glitched on Earth by humans”.

Moreover, the researcher decided to open-source his tool by publishing his work on GitHub, including some of the details needed to launch the attack.

Wired explains that the Starlink system consists of three main parts. The first is the satellites themselves, which move in near-Earth orbit at an altitude of about 550 kilometers and transmit signals to the surface. The satellites communicate with two systems on Earth: gateways that send internet connections to the satellites, and Dishy McFlatface dishes that users can purchase. Wouters’ research centered around user terminals, which were originally round, but new models are rectangular.

Enthusiasts have been studying Starlink user terminals for a long time: they were repeatedly disassembled, discussed on Reddit, but Wouters was the first to pay attention to the security of the terminal and its chips. He says that he went through several stages and tried many different approaches before he created his open source mod chip.

Waters has been testing the Starlink system since May 2021, achieving 268 Mbps download speeds and 49 Mbps download speeds from the roof of his university building. After that, he decided to disassemble the device. Using a combination of “an industrial hair dryer, tools, isopropyl alcohol and a lot of patience,” he was able to remove the lid from the plate and gain access to its internal components. In the end, this helped to understand how the device boots and downloads firmware.

In general, Waters’ attack works by bypassing the security and signature checks needed to make sure the system starts up correctly and the code hasn’t been tampered with.

So, when a Starlink dish turns on, the loader goes through a number of different stages. Wouters’ attack causes a crash in the first bootloader, a ROM bootloader that is flashed into the SoC and cannot be updated. After that, it becomes possible to deploy custom firmware and gain control over the terminal.

The researcher notified Starlink about the vulnerabilities he found last year, and the company paid him a reward under the bug bounty program. Starlink developers even offered Waters an access to the device’s software, but he refused, as he was already deep in work and wanted to finish developing the mod chip.

That being said, Wouters notes that while SpaceX released an update to make the attack more difficult (it changed its mod chip in response), the underlying problem cannot be fixed until the company creates a new version of the main chip. For this reason, all existing user terminals are still vulnerable, although it has become more difficult to carry out an attack.

Although the mod-chip specs are available on GitHub, Wouters says he doesn’t plan to sell off-the-shelf boards, nor will he distribute custom firmware for the user terminal or give exact details of the glitch he was exploiting.

It’s worth noting that after Waters’ Black Hat speech, Starlink engineers released a six-page PDF document explaining exactly how they secure their systems.

Starlink experts emphasize that such an attack requires physical access to the terminal, and as a result of a boot failure, only one specific device can be compromised, but not the entire Starlink network.

The post Researcher Hacks Starlink Terminal With $25 Homemade Board appeared first on Gridinsoft Blog.

Scammers again use SpaceX as a bait in fraudulent schemes. The statements of Elon Musk, CEO of the company, have been watched for a long time, and as soon as he says something about cryptocurrency, this immediately gives rise to a lot of food for fraudulent schemes. Some scammers make expensive fakes, while others make do with little. Before the story of DeepFake Elon telling how to invest in the BitVex cryptocurrency platform had died down, a low-end legend of the same type had already appeared.

This time we are talking about the fake site spacex-btc[.]org. This site pretends to be SpaceX’s dedicated platform for some kind of cryptocurrency giveaway that should help people make money by trading on cryptocurrency price fluctuations. This website may be redirected to by banner ads from apparently not the most reliable websites.

So, first of all, let’s say it: it’s a FAKE.

And don’t be fooled by the fact that this website has an SSL certificate. Do not look at HTTPS in the line, but the very name of the site: spacex-btc. Yes, and with TLD org. This site is a pure spoof because this cowboy office has no connection with the authentic SpaceX website or company.

The site has a decent design, but it’s still not stylish enough for a company like SpaceX. If you look for flaws, you can immediately notice grammatical errors in the fake quote of Musk himself and the terrible layout of the page.

There is a chat button in the corner of the window. Of course, everything connected to luring money is performed perfectly in such offices. You can probably talk to them, and they probably have a call center. But don’t let that fool you. It may seem that no one will find it profitable to create an entire call center to ensure the credibility of a single fake page. But we must remember that the companies behind such scams work with many schemes at once, giving rise to deception on an industrial scale.

These websites have only one purpose – to get money from you. In 99.99% of cases, Forex-like deals in cryptocurrency that these companies advertise are done through the mediator, so you don’t even see your purchased cryptocurrency. Then a psychological game starts: the trading can be random at best. However, in the worst cases, scammers totally control the process. They can make their victims feel lucky and lure more and more money out of them.

Don’t buy into famous faces in advertising campaigns. If you are told that Elon Musk is launching his cryptocurrency or something like that, first check in the news if this is true.

The post Beware: New SpaceX Bitcoin Giveaway Scam appeared first on Gridinsoft Blog.

According to him, the problem was not with the automaker’s infrastructure, but with unnamed third-party software that some car owners use.

Colombo says that he can remotely run commands on cars available to him (of course, without awareness of the owners), including disabling Sentry mode, opening and closing doors, windows, and launching Keyless Driving. In addition, the researcher can request the exact location of the car, see if the driver is present in the cabin, and so on.

Fortunately, hacker can’t interact with the Tesla’s steering wheel or brakes in this way, but even without this, he can come up with many dangerous attack scenarios.

Bloomberg has received proof of his claims from the researcher, including screenshots and other documentation. So far, Colombo has not released any details of his attack, and also asked the media conceal the details until the vulnerability is fixed. According to him, MITER has already reserved a CVE ID for this bug, and Tesla security is already conducting the necessary checks.

Interestingly, the developers of a third-party app for Tesla, TezLab, reported that yesterday they discovered “simultaneous expiration of several thousand authentication tokens by Tesla”. This application uses the Tesla APIs that allow performing actions such as entering a car, enabling or disabling the anti-theft camera system, unlocking doors, opening windows, and so on.

Let me remind you that we talked about the fact that Hackers gained access to surveillance cameras in Tesla, Cloudflare and banks, and also that The researcher showed how to steal a Tesla Model X in a few minutes.

The post Teen gets remote access to 25 Tesla cars appeared first on Gridinsoft Blog.

In August 2020, we talked about the arrest of a Russian citizen Yegor Igorevich Kryuchkov, who came to the United States on a tourist visa.

He was accused of collaborating with a group of Russian cybercriminals and arrived in the United States on purpose, intending to recruit one of the Tesla employees working at the company’s factory in the city of Reno, Nevada. Allegedly, for this Kryuchkov received $250,000 from his accomplices.

According to court documents, Kryuchkov offered an employee $ 1,000,000 to install malware on the company’s network. It was assumed that the malware would allow hackers to connect to Tesla’s IT systems and steal data, which was then planned to be used to extort a multimillion-dollar ransom from the company.

Finally, the plan failed, as the insider, whom they tried to recruit, reported about the plans of criminals to the FBI. Subsequent meetings between Kryuchkov and a Tesla employee were monitored and recorded, and then Kryuchkov was arrested as he tried to leave the country.

At first, the Russian did not plead guilty, claiming that he could prove the opposite in court. In this case, if the jury found him guilty, Kryuchkov would face up to five years in prison, up to three years under supervision and a fine of up to $250,000.

But, as it became known now, Kryuchkov still pleaded guilty and agreed to spend in prison from four to ten months, as well as remain under supervision for the next three years after his release.

Kryuchkov will not be fined, but Tesla will have to pay $14,824. Let me also remind you that I wrote about the IS researcher that found that the Tesla Model 3 interface is vulnerable to DoS attacks.

The post Russian who tried to hack Tesla was pleaded guilty appeared first on Gridinsoft Blog.

In particular, criminals are very fond of conducting fake distributions of cryptocurrencies on social networks on behalf of Mask, promising users huge profits, if they first send them some bitcoins.

For example, in 2018, such Twitter action brought scammers over $180,000 in just one day.

This statement is confirmed by their fresh material in Bleeping Computer, in which journalists report that such activity has become more frequent again, and the scammers have already managed to make good money.

The spike in fraudulent activity on Twitter was highlighted by a MalwareHunterTeam researcher. He said that more and more verified accounts are hacked, and then hackers use them to promote another fake distribution of cryptocurrency on behalf of Elon Musk.

Examples of such scams can be seen on the screenshots below.

Typically, these tweets contain links that redirect victims to Medium, where the article advertises a fake bitcoin giveaway. The scheme is still simple: users are asked to send a certain amount of cryptocurrency, promising to return the already doubled amount back.

MalwareHunterTeam and BleepingComputer report that most of the accounts compromised during this scam have been inactive for a long time.

Investigators also remind that last year, after a large-scale attack, Twitter abandoned the versioning of accounts, and now such accounts are in even greater demand among cybercriminals, and a real hunt for inactive accounts is under way.

According to BleepingComputer and MetaMask, the scammers receive more than $580,000 in Bitcoin per week. At the same time, the fraud with the distribution of Etherium did not bring such success, and the criminals “earned” only $2,700 on it.

Let me remind you that Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company.

The post Fake cryptocurrency giveaways on behalf of Elon Musk brought scammers $580,000 appeared first on Gridinsoft Blog.

Although the indictment did not disclose the name of this victim company, several news outlets reported at once that the attack targeted precisely at Tesla, which owns a plant located in the city of Sparks, Nevada.

Tesla representatives did not comment on these rumors in any way, but last night the head of the company, Elon Musk, officially confirmed on Twitter that Tesla was the target of the attackers.

“Much appreciated. This was a serious attack”, — wrote Elon Musk on Twitter.

Law enforcement officials say that Kryuchkov is a member of a large criminal group that planned to use malware to gain access to the victim’s company network, steal confidential documents, and finally for demanding a ransom. At the same time, Kryuchkov promised a Tesla employee that other members of his “team” would launch a DDoS attack in order to distract the attention of the security service and hide the fact of data theft.

However, all the plans of the hackers collapsed, as the insider whom they tried to recruit reported about what was happening to the FBI. As a result, the FBI agents kept Kryuchkov under surveillance for almost the entire time of his stay in the United States, and then arrested him, collecting all the evidence necessary for prosecution.

ZDNet journalists compiled a chronology of what happened, fearing information from court papers. In the meantime, there is no need to know about it:

• July 16: Kryuchkov contacts a Tesla employee (identified in the documents as CHS1) via WhatsApp and talks about his plans to visit the United States. The fact is that this person knew Kryuchkov before – they met back in 2016.
• July 28: Kryuchkov flies from Russia to New York, travels to San Francisco and then to Reno, Nevada.
• August 1: Kryuchkov contacts CHS1 by phone.
• August 2 and 3: Kryuchkov, CHS1 and his friends go to Lake Tahoe, and Kryuchkov pays all expenses, and also tries not to get into the video surveillance.
• August 3: On the last day of the trip, in the bar, late in the evening, Kryuchkov informs CHS1 that he is working in a certain group that deals with “special projects.” Allegedly, this group pays employees of various companies to install malware on the networks of their employers. Then Kryuchkov describes the entire scheme in detail and says that he can provide CHS1 with malware on a USB flash drive or send it by email.
  
  First, Kryuchkov told the employee that he would be paid $ 500,000 to install the malware, while Kryuchkov’s “colleagues” would arrange a DDoS attack to disguise the fact of data theft. As a result, CHS1 reports Kryuchkov to the FBI, and all their subsequent meetings are already under observation.
• August 7: Kryuchkov has another meeting with CHS1. During this meeting, he again tries to convince CHS1 to take part in the criminal scheme, but this time he assures that his “team” has been running such “special projects” for many years, and insiders who have collaborated with them have been caught, still working in the same companies. Kryuchkov also suggests creating the impression that the infection comes from another employee at all (in case CHS1 wants to teach someone a lesson). During this meeting, CHS1 asks for $ 1,000,000 and also asks for an advance of $ 50,000.

• 

  August 17: At another meeting, Kryuchkov discloses details of the group he works for. Specifically, he reveals that they make payments using escrow on Exploit (the name of a well-known hacker forum). Kryuchkov also says that he has already recruited at least two other insiders in the same way, and one of the companies hacked in the past has already paid the hackers a ransom of $ 4,000,000.
  
  In addition, Kryuchkov and CHS1 contact other members of the criminal group via WhatsApp and discuss payment and escrow details. Kryuchkov assures that one of the group members is an employee of a state Russian bank, and the group has already paid about $ 250,000 for the malware that was written specifically for the company where CHS1 works. Kryuchkov left the CHS1 phone number to be contacted in the future.
• August 18: During the next meeting, Kryuchkov informs CHS1 that his “team” refused to pay the advance, because hackers had never done that before. However, they are allegedly ready to pay CHS1 million after cooperation. Kryuchkov said his own stake was reduced to $ 250,000 due to CHS1 requirements. He also said that he would need to provide “colleagues” with more detailed information about the employer’s network of CHS1, so that they can configure the malware.
• August 19: Kryuchkov met with CHS1 again and said that the group is still ready to make an advance payment of 1 bitcoin.
• August 21: Kryuchkov once again met with CHS1 and unexpectedly announced that this “special project” had been postponed due to another “special project” already launched, which should have brought the group a lot of money and so far requires concentration of all efforts. Kryuchkov said that he was leaving the United States and left instructions to the insider, in which he told in detail how the members of the criminal group would contact him in the future.
  
  After this meeting, the FBI agent contacted Kryuchkov by phone, and he tried to leave the country, but was eventually arrested in Los Angeles the next day.

Currently, Yegor Kryuchkov is in custody and the relevant charges have already been brought against him. If the court finds him guilty, he faces up to five years in prison.

Let me also remind you that I wrote about the IS researcher found that the Tesla Model 3 interface is vulnerable to DoS attacks.

The post Elon Musk confirmed that the Russian offered a Tesla employee a million dollars for hacking the company appeared first on Gridinsoft Blog.