Yearn Finance doppelganger scam tries to trick visitors out of their keys

Yearn Finance doppelganger scam tries to trick visitors out of their keys

Scam websites posing as famous crypto projects ask for private keys so they can steal users‘ funds.

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

Decentralized finance yield farming platform Yearn Finance has a doppelganger that is tricking visitors into sharing the private keys of their cryptocurrency wallets.

The scam website of Yearn Finance perfectly copies almost every aspect of the original yearn.finance website down to its design, website copy and even domain name. The scammers behind the website chose the domain name “yaerm.finance,” making it look extremely similar to “yearn.finace.” 

They have also promoted their landing page for the search keyword “yearn finance” so it shows up on top of the search results when people search for the actual real website.

The fake address (in red) above the genuine address (in green).

Once a user clicks the ad, it directs them to the yaerm.finance page that looks exactly like Yearn Finance’s official website. However, after scrolling down from the first window that appears, one finds that the website contains a strange guide to „seven easy hairstyles.“

Similar to the original website, the scam website also has six different options in the first window. These include Dashboard, Vaults, Earn, Zap, Cover and Stats.

Irrespective of what option a user clicks, it directs them to a page that prompts users to connect their wallets.

When users try to connect their wallets, the scam site presents a list of crypto wallets they may choose from. Then, it shows a pop up that asks the users to share the private key or passphrase.

Doppelganger scams are relatively common in the crypto space. Another website is posing as Trust Wallet to cheat crypto users. 

Crypto India wrote on Twitter that scammers have been sending Binance Coin (BNB) dust — a very small fraction of a cryptocurrency that cannot be exchanged or transacted — to random cryptocurrency wallets. Each of these transactions had a memo that notified users that they had won 30 or 50 BNB tokens and contained an external link to “claim” those tokens.

The Trust Wallet-like website has a call-to-action button that reads “Claim Prize” and upon clicking, opens a window that requests the users to enter their private keys.

Users who are new to crypto and are not aware of the importance of keeping their private keys “private” may easily fall for these scams and give the scammers easy access to their funds.


Zur Quelle
[/ihc-hide-content]

Scam websites posing as famous crypto projects ask for private keys so they can steal users‘ funds.

Scam IRS Letters Trying to Trick Cryptocurrency Users to Pay Up

Scam IRS Letters Trying to Trick Cryptocurrency Users to Pay Up

Scam letters purporting to be from the United States Internal Revenue Service are trying con cryptocurrency taxpayers and others out of their funds

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

Scam letters purporting to be from the United States Internal Revenue Service (IRS) are trying con cryptocurrency taxpayers and others out of their funds.

According to a Forbes report published on August 5, bogus letters are attempting to capitalize on the public’s lack of familiarity with legitimate IRS correspondence and soliciting payments by using threats of enforcement action against them, among other tactics.

F is for fake

Among the strategies used by the IRS scammers, some letters claim that a warrant has been claimed against the recipient due to their unpaid tax obligations. Failure to make a payment immediately, they go on to falsely claim, could result in an arrest or other criminal action. 

Other bogus letters make use of bona fide information relating to recipients’ actual tax debts — such as liens filed against them — further bolstering their false sheen of authenticity.

Yet as Forbes notes, tax-related data such as liens are made publicly available — meaning there is no reason to trust these letters any more than others. 

One scam reportedly warns the recipient of taxes owed to the so-called “Bureau of Tax Enforcement” — an agency that is itself a fake, as the IRS itself has cautioned.

Aside from letters, thieves are also demanding bogus payments on the phone — another practice that, as Forbes notes, is never used by the legitimate IRS. Neither will the agency threaten — in writing or by phone — to arrest or deport taxpayers.

Distinguishing fake IRS letters

To help taxpayers navigate these risks, Forbes provides a list of characteristics that can help distinguish a bonafide IRS letter from a fake. 

These include the inclusion of a notice or letter number, use of a government envelope and IRS seal, a 1-800 contact number for the agency and a note of the recipient’s truncated tax ID number and tax years in question. 

As recently reported, the prevalence of such scams comes at a time when the — real — IRS is sending letters to crypto investors to clarify their crypto tax filing requirements and, in certain cases, compel them to pay back taxes. 

Some tax attorneys have however argued that this recent wave of letters is likely to be a blanket campaign by the agency and is unlikely to be tied to any evidence that recipients have under-reported.


Zur Quelle
[/ihc-hide-content]

Scam letters purporting to be from the United States Internal Revenue Service are trying con cryptocurrency taxpayers and others out of their funds

Trend Micro: Cybercriminals Use Obfuscation Trick to Install Crypto Mining Malware

Trend Micro: Cybercriminals Use Obfuscation Trick to Install Crypto Mining Malware

Cybersecurity firm Trend Micro has confirmed that attackers have been exploiting a vulnerability in the Oracle WebLogic server to install XMR mining malware

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

Cybersecurity firm Trend Micro has confirmed that attackers have been exploiting a vulnerability in the Oracle WebLogic server to install monero (XMR) mining malware, while using certificate files as an obfuscation trick. The news was revealed in a Trend Micro blog post published on June 10.

As previously reported, forms of stealth crypto mining are also referred to with the industry term cryptojacking — the practice of installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

According to Trend Micro’s post, a security patch for theOracle WebLogic vulnerability (“CVE-2019-2725”) — reportedly caused by a deserialization error — was released in the national vulnerability database earlier this spring.

However, Trend Micro cites reports that emerged on the SANS ISC InfoSec forum alleging that the vulnerability has already been exploited for cryptojacking purposes, and confirms that it has verified and analyzed the allegations.

The firm notes that the identified attacks deployed what it describes as “an interesting twist” — namely that “the malware hides its malicious codes in certificate files as an obfuscation tactic”:

“The idea of using certificate files to hide malware is not a new one […] By using certificate files for obfuscation purposes, a piece of malware can possibly evade detection since the downloaded file is in a certificate file format which is seen as normal -— especially when establishing HTTPS connections.”

Trend Micro’s analysis begins by noting that the malware exploits CVE-2019-2725 to execute a PowerShell command, prompting the download of a certificate file from the command-and-control server.

After continuing to trace its steps and characteristics — including the installation of the XMR miner payload — Micro Trend notes an apparent anomaly in its current deployment:

“[O]ddly enough, upon execution of the PS command from the decoded certificate file, other malicious files are downloaded without being hidden via the certificate file format mentioned earlier. This might indicate that the obfuscation method is currently being tested for its effectiveness, with its expansion to other malware variants pegged at a later date.”

The post concludes with a recommendation to firms using WebLogic Server to update their software to the latest version with the security patch in order to mitigate the risk of cryptojacking.

As recently reported, Trend Micro detected a major uptick in XMR cryptojacking targeting China-based systems this spring, in a campaign mimicking earlier activities that had used an obfuscated PowerShell script to deliver XMR-mining malware.


Zur Quelle
[/ihc-hide-content]

Cybersecurity firm Trend Micro has confirmed that attackers have been exploiting a vulnerability in the Oracle WebLogic server to install XMR mining malware