NFTs not annoying enough? Now they come with wallet-emptying malware

Plus rifle-toting robot dogs, but makers insist they're really dumb


In brief Whether or not non-fungible tokens are a flash in the pan or forever, malware operators have been keen to weaponise the technology.

An investigation was triggered after a number of cryptowallets belonging to customers of the largest NFT exchange OpenSea got mysteriously emptied. Researchers at security shop Check Point found a nasty form of NFT was in circulation, one that came with its own malware package.

People were receiving free NFTs from an unknown benefactor, but when they accepted the gift the attackers got access to their wallet information in OpenSea's storage systems. The code generated a pop-up, that if clicked, allowed wallets to be emptied.

After disclosing the issue Opensea had a fix sorted within an hour - we wish others took such prompt action - and the platform appears to be secured. But beware of "free" gifts, particularly where money is involved.

Crime doesn't pay? really?

A US Treasury report has said that in the last three years ransomware operators using over 60 different variants have siphoned off $5.3bn in Bitcoin payments.

The Financial Crimes Enforcement Network report [PDF], first spotted by The Record, said that the ransoms taken in the the first six months of this year amounted to $590m, up from $416m for 2020, and the problem is getting worse, according to ten years of 2,184 Suspicious Activity Reports (SARs) analysed by the agency.

"If current trends continue, SARs filed in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous 10 years combined, which would represent a continuing trend of substantial increases in reported year-over-year ransomware activity," the Treasury team warned.

Arming robots with sniper rifles, not worrying at all

US-based Ghost Robotics showed off an unusual new gadget this week at a meeting of the Association of the United States Army - a sniper rifle robot.

The robotics firm already has unarmed robot dogs acting as sentries at Tyndall Air Force Base but mounted a 6.5mm sniper rifle with a range of up to 1,200 meters (3937 feet) with both day and night vision cameras. The manufacturers were at pains to point out that this is not autonomous in any way and a human always controls the trigger, the robot just gets into position to keep its human operator safe.

The robot caused something of a storm, and Ghost Robotics CEO Jiren Parikh attributed this to the emotional connection robot dogs evoke and decades of movies about killer robots.

US warns critical water systems under attack

American online watchdogs at the Cybersecurity and Infrastructure Security Agency has issued a security advisory following a spate of attacks against water and waste management facilities.

Since 2019 CISA said it had recorded five attacks against water systems, mostly ransomware but also aa former employee at Kansas-based water company who tried to tamper with drink water quality using credentials that should have been revoked when they left the biz.

For ransomware operators such businesses are tempting targets. Since water is such an essential service, it's no-doubt thought that they'd be more likely to pay up rather than cause widespread disruption and panic.

Ukrainian cops cuff botnet suspect

The Security Service of Ukraine announced this week that they had arrested a man accused of running a massive botnet and charging for its use.

The man, a resident of Ivano-Frankivsk region in the west of the country, is said to have been running a botnet made up of over 100,000 infected systems. His opsec wasn't great, he used telegram to tout for customers and, police say, made use of "electronic payment systems banned in Ukraine."

A search of the suspect's premises revealed computer equipment used to operate the botnet, and data stolen from botnet participants. Police say the suspect was also a representative of legitimate Russian payment service Webmoney, which is however under sanctions from the Ukrainian government.

Similar topics


Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021