Information Technology

Compromised passwords are a fast track to all sorts of online headaches. But thankfully iOS makes it quite easy to do a quick audit of your passwords for compromised passwords, allowing you to change them before problems escalate.And it’ll take you less than five minutes.Here’s how.Tap on Settings and go to Passwords. There, if you have compromised or reused passwords, you’ll see an entry called Security Recommendations. Security Recommendations in IOS 15Tap on that to see the accounts that have problems with the passwords, and you’ll get the chance to either change the password on the website or service, or delete the entry (only do this if you’ve already changed the password, ot it’s an old, obsolete account for a service you’ve deactivated).It’s quick.

It’s simple.For most people, they’re done in less than five minutes.But it can save you a whole heap of headaches.Note: The same trick will work for the iPad. On the Mac, fire up Safari, click on Safari in the menu bar and click Preferences… then go to Passwords, and if there are any security recommendations, you will see a notice at the bottom of the window.

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More More

Twitch has come out with a new statement denying the severity of the breach that drew headlines earlier this month. The gaming platform reiterated that the incident was caused by a “server configuration change that allowed improper access by an unauthorized third party.”They claimed Twitch passwords were not exposed in the breach and said they are “confident” that the systems storing Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH/bank information. “The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” the company said. An unknown hacker leaked the entirety of Twitch’s source code among a 128 GB trove of data released on October 6.The data included creator payouts going back to 2019, proprietary SDKs and internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red teaming tools.While much of the press attention initially focused on the eye-popping revenues brought in by certain Twitch streamers, concern over the privacy and security of all Twitch streamers began to grow in the days following the attack. 

Experts warned that all Twitch streamers needed to take immediate actions to protect their bank accounts and themselves from a potential wave of attacks by opportunistic cybercriminals. Twitch eventually announced that it was resetting all stream keys, directing streamers to this website for new stream keys.The unknown hacker behind the attack claimed it was because of the platform’s lackluster response to complaints about racism, homophobia and abuse directed toward minority gamers in what are called “hate raids.”The hacker said Twitch’s community is “a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories.”The original note said the initial release was only the first section of the stolen data. More

More than $5 billion in bitcoin transactions has been tied to the top ten ransomware variants, according to a report released by the US Treasury on Friday. The department’s Financial Crimes Enforcement Network (FinCen) and Office of Foreign Assets Control (OFAC) released two reports illustrating just how lucrative cybercrime related to ransomware has become for the gangs behind them. Parts of the report are based on suspicious activity reports (SAR) financial services firms filed to the US government.FinCen said the total value of suspicious activity reported in ransomware-related SARs during the first six months of 2021 was $590 million, which exceeds the $416 million reported for all of 2020.”FinCEN analysis of ransomware-related SARs filed during the first half of 2021 indicates that ransomware is an increasing threat to the US financial sector, businesses and the public. The number of ransomware-related SARs filed monthly has grown rapidly, with 635 SARs filed and 458 transactions reported between 1 January 2021 and 30 June 2021, up 30 percent from the total of 487 SARs filed for the entire 2020 calendar year,” the report said. Through analyzing 177 unique convertible virtual currency wallet addresses used for ransomware-related payments associated with the 10 most commonly-reported ransomware variants in SARs during the review period, the Treasury Department found about $5.2 billion in outgoing bitcoin transactions potentially tied to ransomware payments.”According to data generated from ransomware-related SARs, the mean average total monthly suspicious amount of ransomware transactions was $66.4 million and the median average was $45 million. FinCEN identified bitcoin as the most common ransomware-related payment method in reported transactions,” the report adds.FinCen noted that the US dollar figures are based on the value of bitcoin at the time of the transaction and added that the data set “consisted of 2,184 SARs reflecting $1.56 billion in suspicious activity filed between 1 January 2011 and 30 June 2021.”
FinCen

While the report does not say which ransomware variants made more than others, it does list the most commonly reported variants, which were REvil/Sodinokibi, Conti, DarkSide, Avaddon and Phobos. FinCen said it found a total of 68 different ransomware variants. Ransomware expert and Recorded Future computer emergency response team member Allan Liska told ZDNet that Phobos being in the top five is surprising. “Phobos tends to fall under the radar and doesn’t get a lot of attention, clearly more focus needs to be placed on it so organizations can better defend themselves against it,” Liska said.He added that it was interesting to see that FinCen has been tracking ransomware transactions since 2011, meaning they have a lot more experience tracking cryptocurrency transactions than ransomware groups realize.”I think we all suspected that ransomware attacks were on the rise this year, it is nice to see this confirmed,” he said. “Finally, in just the first 6 months of the year FinCEN identified 68 ransomware variants posted in SAR. Again, I don’t think most people realize just how diverse the ransomware ecosystem is.”The reports comes one day after the US officials and governments from more than 30 countries finished a two-day summit focused on ransomware and how it can be stopped. The countries pledged further cooperation and specifically mentioned the need to hold cryptocurrency platforms accountable. Coinciding with the release of the report, FinCen released further guidance effectively threatening the virtual currency industry with penalties if they allow sanctioned people or entities to continue to use their platforms.”OFAC sanctions compliance requirements apply to the virtual currency industry in the same manner as they do to traditional financial institutions, and there are civil and criminal penalties for failing to comply,” FinCen said on Friday. The FinCen report also noted that ransomware groups are increasingly using cryptocurrencies like Monero that are popular among those seeking anonymity and have avoided using wallets more than once.Mixing services are also widely used across the ransomware industry as a way to disrupt tracking experts and decentralized exchanges are being used to convert ransomware payments into other cryptocurrencies. The report also mentions “chain hopping,” a practice ransomware actors use to change one coin into another at least once before moving the funds to another service or platform. “This practice allows threat actors to convert illicit BTC proceeds into an AEC like XMR at CVC exchanges or services. Threat actors can then transfer the converted funds to large CVC services and MSBs with lax compliance programs,” FinCen said.  More

One of Brazil’s largest insurance groups, Porto Seguro has reported it suffered a cyberattack that resulted in instability to its service channels and some of its systems.The company reported the incident to the Securities and Exchange Commission (CVM) on Thursday (14), saying that it “promptly activated all security protocols” and that it has been gradually restoring its operating environment and working towards resuming normal business as soon as possible.Porto Seguro did not disclose any further details in relation to the type of attack it has suffered, but noted that so far, no data leakage had been identified in relation to the company, or its subsidiaries, customers or partners, including any personal data. Third largest insurance company in Brazil, Porto Seguro leads the car and residential insurance segments in Brazil and has around 10 million clients across its various business lines including credit provision. The company is headquartered in São Paulo, with subsidiaries in Brazil and Uruguay employing more than 13,000 staff.

The company is the latest of a list of major Brazilian organizations suffering major security incidents over recent weeks. Earlier this month, CVC, one of the country’s largest travel operators, was hit by a ransomware attack that brought its operations to a standstill. Since the attack, reported to CVM on October 2, the company has a banner on its website stating that it has been hit by a cyberattack and that it is “working diligently to mitigate the impact of the incident and ensure business continuity.” At the time of writing, the CVC’s investor relations page, where updates on the incident would have been published, was unavailable. Prior to CVC and Porto Seguro, other major companies in Brazil that were targeted by cybercriminals included retail chain Renner, victim of a ransomware attack that compromised its e-commerce platform for three days in August.

Security teams are in place in less than a third of Brazilian organizations, even though most businesses frequently suffer cyberattacks, according to research published by Datafolha Institute on behalf of Mastercard and published in June. Financial services, insurance, and technology and telecommunications are among the most prepared in terms of cybersecurity readiness, the study has found. Conversely, the education and healthcare sectors are the most vulnerable. According to a separate study, also carried out by Datafolha Institute and published in July, the fear of cyber attacks is high among Brazilian users. The research aimed at measuring the level of concern regarding the security of consumers within data and information exchange environments, and it found that only 13% of those polled consider their data to be very secure, while 21% consider their data to be insecure.In September, the banking sector started discussions with the Ministry of Justice around the creation of a strategy to address crime in digital environments. Goals under the strategy would include the expansion of the set-up around identifying and repressing actors responsible for cybercrimes, as well as the promotion of permanent cooperation between the public and private sectors on the matter and public awareness campaigns on cyber risks and fraud. More

The “abysmal” state of security for industrial control systems (ICSs) is putting critical services at serious risk, new research finds. 

You only need to look at the chaos caused by a ransomware attack launched against Colonial Pipeline this year — leading to panic buying and fuel shortages across part of the US — to see what real-world disruption cyber incidents can trigger, and their consequences can go far beyond the damage one company has to repair.   It was only last month that the Port of Houston fended off a cyberattack and there is no reason to believe cyberattacks on operational technology (OT) won’t continue — or, perhaps, become more common.  On Friday, CloudSEK published a new report exploring ICSs and their security posture in light of recent cyberattacks against industrial, utility, and manufacturing targets. The research focuses on ICSs available through the internet.”While nation-state actors have an abundance of tools, time, and resources, other threat actors primarily rely on the internet to select targets and identify their vulnerabilities,” the team notes. “While most ICSs have some level of cybersecurity measures in place, human error is one of the leading reasons due to which threat actors are still able to compromise them time and again.” Some of the most common issues allowing initial access cited in the report include weak or default credentials, outdated or unpatched software vulnerable to bug exploitation, credential leaks caused by third parties, shadow IT, and the leak of source code.  After conducting web scans for vulnerable ICSs, the team says that “hundreds” of vulnerable endpoints were found. 

CloudSEK highlighted four cases that the company says represents the current issues surrounding industrial and critical service cybersecurity today: An Indian water supply management company: Software accessible with default manufacturer credentials allowed the team to access the water supply management platform. Attackers could have tampered with water supply calibration, stop water treatments, and manipulate the chemical composition of water supplies. 
CloudSEK
The Indian government: Sets of mail server credentials belonging to the Indian government were found on GitHub.  A gas transport company: This critical service provider’s web server, responsible for managing and monitoring gas transport trucks, was vulnerable to an SQL injection attack and administrator credentials were available in plaintext.  Central view: The team also found hardcoded credentials belonging to the Indian government on a web server supporting monitors for CCTV footage across different services and states in the country.  The US Cybersecurity and Infrastructure Security Agency (CISA) was informed of CloudSEK’s findings, as well as associated international agencies.  “Owing to an increase in remote work and online businesses, most cybersecurity efforts have been focused on IT security,” says Sparsh Kulshrestha, Senior Security Analyst at CloudSEK. “However, the recent OT attacks have been a timely reminder of why traditional industries and critical infrastructure need renewed attention, given that they form the bedrock of our societies and our economies.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Ecoflow
What if you could have an emergency generator that didn’t require gasoline, could be used inside the house without fear of asphyxiation, didn’t make a mess, and was far, far quieter than a traditional gasoline engine? If you live in an area prone to power outages, it could be a game changer.

The key is switching from gasoline technology to battery technology. Yes, there are a few disadvantages to battery technology (like you can’t just fill it back up), but in the main, battery generator technology opens the door to, literally, opening the door and bringing that generator inside your house. As someone who’s lived through multiple week-long power outages in Florida, and a recent set of shorter outages due to wild fires in Oregon, I’m very interested in battery generators as an option. While a whole-house integrated gasoline generator is probably the best choice, it’s also gobsmackingly expensive. To install such a thing, you need to have a team of contractors put in a concrete pad, merge the generator into the house’s electrical system, and install a very permanently-mounted generator. Back in Florida, I test-priced such a thing. When I found that the base cost of entry was well above $50,000, I decided it wasn’t something particularly practical. But smaller portable gasoline generators are a pain to use. You have to set them up outside, where they become targets for thieves, especially after a long power outage turns neighbors into hostile competitors for scarce resources. You also have to have a way to safely store the gasoline — and this is an even bigger problem with permanently-mounted generators. Finally, you have to run a very long extension cord from outside to inside (usually through a cracked-open door or window), and then through much of your house. It’s just not fun.

Battery-based power station

When ZDNet’s long-time DIY-IT project partner Wellbots approached me to look at the Ecoflow Delta Max, I jumped at the opportunity. While I haven’t had a power outage in about a year, the possibility is always there.I’ve used gasoline generators, but the Ecoflow (and all battery-based generators) require a bit of a mindset shift.First, even though it’s a big battery you plug stuff into, it’s not a battery backup or surge suppressor. The difference is that it provides power like a generator, unlike a battery backup unit, which is designed to rapidly switch from wall power to battery power. Also, of course, the amount of battery even the biggest consumer UPSs put out is a tiny fraction of what something like the Ecoflow Delta Max is capable of.

Let’s talk about that power, and then I’ll circle back to how you should maintain and operate this thing. Understanding power The Ecoflow Delta Max is a  2016Wh power station. Wh is the abbreviation for watt hour. So, let’s back up a minute. A watt is a unit of power. Power, for those who slept through all those electrical engineering courses, is energy that is produced or consumed. Power is the flow of energy. If it were water, it would be water running in a river or through your pipes. It wouldn’t be water sitting in a glass or a tub.

So, a watt is a unit of power. We all know the term from incandescent bulbs. A 10W bulb is a lot less bright than a 100W bulb, and that’s because there’s one tenth of the power driving the light. By contrast, a watt hour is a unit of energy. Power is the flow of energy, but it’s the energy itself that does the work. That’s why your electric bill is often measured in kWh, or kilowatt hours. That’s the thousands of watt hours being put to work powering your home and place of work. Another way of thinking about it is watt measures the flow, while watt hours measures how much flow you’ve used or can use in a given time. The 2016Wh means that the Ecoflow can handle roughly two kWh. A more useful spec, however, is the wattage the device can produce. It can produce 2400W, which means it can power roughly 15 devices at once. A fridge uses somewhere between 100W and 250W, so even with a fridge on the circuit, quite a few devices can be powered.

Of course, since this is a battery, the more devices being used, the shorter the available power for those devices. The Ecoflow can interface with solar power, but I wasn’t sent any solar arrays for testing. Without solar to recharge, the Ecoflow has the charge that it has. Once depleted, you’re out of juice. It’s vaguely similar to being out of gas for your generator. The Ecoflow does recharge rather rapidly. So if you did have a situation where the power was out, but came back on for a bit, before failing again, the Ecoflow could recharge. It takes less than two hours to recharge using wall power. How long does it last? That, of course, depends on what you want it to do. If you want it to provide supporting power out in a shed, on a boat, or on a camping trip, it will support most small appliances and tools. You probably could run a table saw on it for an hour or so, but that’s about it. By contrast, if you wanted it to keep your phone topped up, you could charge your phone probably a hundred times. This also offers a particularly interesting work-at-home option. Many of us working at home have deadlines to meet and “show ups” to do, regardless of what our home situation is at the time. I’ve had to meet deadlines while driving through the desert during a hurricane evacuation. This unit could definitely power your phone to act as a Wi-Fi hotspot, and then keep your laptop charged up so you can get the job done. Add the ability to brew coffee to keep your brain running, and you have a work-from-home continuity plan. You might have some tradeoff decisions. It can keep a full size fridge cold for about 10 hours, a mini fridge cold for a little less than a day, but you might only get an hour or two from a window-shaker air conditioner. For an extended outage, you might want to plug in the fridge for an hour, then unplug for an hour, which would extend the service for a longer time. You could use it to cook dinner with an air fryer, but choose something that cooks fast. An hour or so use will deplete the charge. If you use a coffee maker (which uses roughly a thousand watts), make just a few cups and unplug it. It will deplete a coffee maker churning out coffee constantly in about an hour or two (the scenario for this might be where the coffee maker is brought to an event or, say, a scouting weekend where lots of people are filling up). According to the U.S. Energy Information Administration, power outages since 2013 averaged about two hours. However, starting in 2018, with increased wildfires and hurricanes, the average outage jumped to about 5.8 hours. It’s in these situations where the Ecoflow shines. If you’re concerned about help making it through a typical outage, the Ecoflow could keep your food from spoiling, brew a cup or two of coffee, and recharge your phones. It probably couldn’t keep you cool all night, but it could help make it easier to get through the outage. I, personally, have a bunch of battery-powered fans, and these use so little current that they can make it through most of the night on a set of D-cells. If, on the other hand, you live in hurricane country, where you’re likely to be without power for a week or more, the Ecoflow can’t help you on its own. You’ll need to invest in a set of solar panels. I haven’t done any testing of how fast these recharge and what the drain cycle would be. That’s something for a future article, if I ever get panels in to test. The best case is if you can connect solar power to the unit to recharge. But even without solar power, this unit could help you get through a typical power outage. Maintenance best practices Maintaining a gas generator is different than maintaining a battery-based generator. You can’t just leave the Ecoflow out in the shed and add gas and plug things in when the power goes out. You have to keep it charged up so it’s available in case of power failure. And that requires a maintenance practice.

I reached out to the company for guidance and they told me that Ecoflow does NOT recommend keeping the unit plugged in, “as it may hurt the battery.” Instead, it requires a “charging-discharging maintenance every 3 months.” They recommend you discharge the device to 30%, and then recharge it to 85% every three months. I’m not sure why they want it charged to 85% and not 100%, but that’s their recommendation. So, if you truly do want a power station that will get you through most power outages, you’ll need to add the discharge/charge maintenance cycle to your quarterly to-do list. That’s probably not too big a price to pay to have food-loss free power outages. Bottom line The Ecoflow Delta Max is not cheap. Wellbots sells it for a little over $2,000. For that price, you’re going to want the device to work for you when you need it. That means you’re going to need to do some proactive planning. Decide what devices you want it to power during a power outage. Make sure you know where you’re going to deploy it, make sure you have the proper extension cords (best if stored with the unit). Perhaps even conduct a dry run or two to be sure your plans will work. And, of course, conduct the quarterly maintenance we discussed above. Finally, there are a few things worth noting about this power station. The Ecoflow Delta Max isn’t the only power station in the Ecoflow line. Wellbots offers units ranging from about $350 and up, but of course the smaller units provide less power. Also, I dug around on forums and reviews to get a feel for how customers liked the units and found an interesting set of mixed reviews. Overall, it seems that those who knew what they were getting were very happy with the device, while those who expected more of a magical power source were somewhat disappointed. One particular trend is something that’s easy to be aware of. Apparently, the unit doesn’t provide its full power output right after a charge. Charging heats up the unit, so to manage heat, the unit throttles output until it’s cool enough to provide full power. Can you say “first law of thermodynamics”? Sure. I knew you could. So, my bottom line is that this is what it is, and that’s a pretty cool thing. It’s a battery-based power station. If you understand how batteries and power work, and your expectations aren’t that of a mystical, never-ending power source, this is a solid solution. If you want it to offer more, you might want to invest in additional add-on batteries and solar panels. What about you? Do you live somewhere where there are regular power outages? Do you have a plan for keeping going? Have you bought a generator? Do you like the idea of a battery-powered generator compared to a gasoline-powered one? Let us know in the comments below. See also:You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

Google’s policy to send alerts to people with Google Accounts that are targeted by suspected state-sponsored hackers is getting a full work out in 2021. The company says it has already sent over 50,000 such warnings to users, marking a 33% increase from the same period in 2020. “So far in 2021, we’ve sent over 50,000 warnings, a nearly 33% increase from this time in 2020. This spike is largely due to blocking an unusually large campaign from a Russian actor known as APT28 or Fancy Bear,” Google security engineer and TAG team member Ajax Bash notes in a blogpost. 

ZDNet Recommends

Shane Huntley from Google’s Threat Analysis Group (TAG) tweeted on October 7 that the group had sent an “above average batch of government-backed security warnings yesterday”. TAG sends warnings over phishing attempts and malware attacks. SEE: This new ransomware encrypts your data and makes some nasty threats, tooGoogle’s suggestion that Kremlin-backed hackers are a major problem chimes with Microsoft’s data that 58% of nation-state cyberattacks came from Russia over the past year. The US National Security Agency warned in July that APT28 had run a massive password-guessing campaign targeting US and European organizations for the past two years. APT28 was one of several nation-state groups using password attacks and exploiting Microsoft Exchange email server vulnerabilities tracked as CVE-2020-0688 and CVE-2020-17144. 

Google says it sends the warnings in batches to all users who may be at risk so as not to alert attackers to its defense strategies. “On any given day, TAG is tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. This means that there is typically more than one threat actor behind the warnings,” says Bash. Another nation-state hacker group that TAG is tracking closely is APT35, an Iranian group known for phishing attempts against high-value targets in government and defense. The group, also known as Charming Kitten or Phosphorus, has targeted victims in the Persian Gulf, Europe, and the US. APT35 has been actively targeting the US defense industry for years and Google disrupted the group’s efforts to phish campaign staffers of Joe Biden and Donald Trump in the lead up to the 2020 US presidential election.   Microsoft this week warned that 250 Office 365 customers in the US and Israeli defense technology sector were targeted with password-spraying attacks by a separate emerging Iranian threat it tracks as DEV-0343. “In early 2021, APT35 compromised a website affiliated with a UK university to host a phishing kit,” notes Google’s Bash. “Attackers sent email messages with links to this website to harvest credentials for platforms such as Gmail, Hotmail, and Yahoo. Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices.”APT35 has been using the same methods since 2017 to target accounts in government, academia, journalism, NGOs, foreign policy, and national security. 

The group uploaded a bogus VPN app to Google’s Play Store last May that could have been used to collect data from Android phones. However, Google says it removed the app before any users could install it. SEE: This is how Formula 1 teams fight off cyberattacksOnline video meetings have become essential in the pandemic and APT35 has adapted its phishing techniques to suit this, according to Google. “Attackers used the Munich Security and the Think-20 (T20) Italy conferences as lures in non-malicious first contact email messages to get users to respond. When they did, attackers sent them phishing links in follow-on correspondence,” Bash noted. Those links often included link shorteners and click trackers, frequently embedded in PDF documents. The attacks abused Google Drive, Google Sites pages, Dropbox, Microsoft services, and messaging app Telegram.   Like Microsoft, Google recommends Workspace admins and general users enable two-factor authentication or sign up to its Advanced Protection Program, which requires two-factor authentication. “Workspace administrators are also notified regarding targeted accounts in their domain. Users are encouraged to take these warnings seriously and consider enrolling in the Advanced Protection Program or enabling two-factor authentication if they haven’t already,” notes Bash. More

The long-running botnet known as MyKings is still in business and has raked in at least $24.7 million by using its network of compromised computers to mine for cryptocurrencies. MyKings, also known as Smominru and Hexmen, is the world’s largest botnet dedicated to mining cryptocurrencies by free-riding off its victims desktop and server CPUs. It’s a lucrative business that gained attention in 2017 after infecting more than half a million Windows computers to mine about $2.3 million of Monero in a month. 

ZDNet Recommends

Security firm Avast has now confirmed its operators have acquired at least $24.7 million in various cryptocurrencies that have been transferred to Bitcoin, Ethereum and Dogecoin accounts. SEE: This new ransomware encrypts your data and makes some nasty threats, tooIt contends, however, that the group made most of this through its ‘clipboard stealer module’. When it detects that someone has copied a cryptocurrency wallet address (for example to make a payment) this module then swaps in a different cryptocurrency address controlled by the gang. Avast claims to have blocked the MyKings clipboard stealer from 144,000 computers since the beginning of 2020: the clipboard stealer module has existed since 2018. Security firm Sophos’s research found that the clipboard stealer, a trojan, monitors PCs for the use of various coin wallet formats. It works because people often use the copy/paste function to insert relatively long wallet IDs when accessing an account. 

“This method relies on the practice that most (if not all) people don’t type in the long wallet IDs rather store it somewhere and use the clipboard to copy it when they need it,” Sophos notes in a report. “Thus, when they would initiate a payment to a wallet, and copy the address to the clipboard, the Trojan quickly replaces it with the criminals’ own wallet, and the payment is diverted to their account.”However, Sophos also noted that the coin addresses it identified “hadn’t received more than a few dollars”, suggesting coin stealing was a minor part of the MyKings business. The crypto-mining side of the business was doing well in 2019, with Sophos estimating it made about $10,000 a month in October 2019.    

Avast now argues that that MyKings is making a lot more money from the clipboard trojan after expanding on the 49 coin addresses identified in Sophos’ research to more than 1,300 coin addresses. Avast suggests the role of the clipboard stealer might be much larger than Sophos discovered. SEE: This is how Formula 1 teams fight off cyberattacks”This malware counts on the fact that users do not expect to paste values different from the one that they copied,” Avast researchers explain in a report. “It is easy to notice when someone forgets to copy and paste something completely different (e.g. a text instead of an account number), but it takes special attention to notice the change of a long string of random numbers and letters to a very similar looking string, such as cryptowallet addresses. “This process of swapping is done using functions OpenClipboard, EmptyClipboard, SetClipboardData and CloseClipboard. Even though this functionality is quite simple, it is concerning that attackers could have gained over $24,700,000 using such a simple method.”   Some circumstantial evidence to back the theory that the clipboard stealer is actually effective include comments from people on Etherscan who claimed to have accidentally transferred sums to accounts included in Avast’s research. “We highly recommend people always double-check transaction details before sending money,” Avast notes.  More