11251
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia • Chat: t.me/+C6RfnbB33AYzNGIy
Beware of Scams Targeting Development Teams
Recently, a development company received a request to create a high-value product, but the process required completing a test task as a preliminary qualification. To begin, the team was instructed to download a project from Bitbucket. Upon inspection, they discovered suspicious activity in one of the files: a malicious code snippet known as a “stealer.”
What is a Stealer?
A “stealer” is malware designed to extract sensitive information from the victim’s system, including cryptocurrency wallets, browser-stored passwords, and other private data. Some stealers also install backdoors, allowing further unauthorized access to the compromised computer. This code often includes hexadecimal values and obfuscated strings, which only reveal their full intent during runtime.
For more information on stealers, refer to this Malwarebytes article.(https://lnkd.in/dfAv_cyJ)
In this case, the application immediately transmitted collected data to a remote server before installing a backdoor on the computer. The hacker had embedded their IP address, 138.201.199.46, as the destination for the stolen information—a significant oversight that aided in identifying the threat.
How to Protect Yourself
Unfortunately, this is not a first incident. To avoid falling victim to similar scams, always follow these best practices:
• Analyze Code Thoroughly: Avoid cloning or executing unverified code, especially on non-isolated environments. Always inspect unfamiliar code in a virtual machine to mitigate potential risks.
• Enhance Personal Security: Regularly audit your communication channels. Disable auto-downloads in messaging apps, enable multi-factor authentication (MFA), and be aware of SIM-swapping threats.
• Educate Yourself: Explore security resources like the following to strengthen your online defenses:
• Telegram Security Best Practices
https://lnkd.in/dDS6bDxZ
• Crypto-OpSec-SelfGuard-RoadMap
https://lnkd.in/dQAUrk2g
Stay vigilant, and remember that investing time in security today can protect you and your friends from significant losses in the future.
https://www.linkedin.com/posts/vvlnko_beware-of-scams-targeting-development-teams-activity-7260643728539734017-wGO0?utm_source=share&utm_medium=member_ios
Via Mirror: https://officercia.mirror.xyz/QAX5XNfBcSnMelGrVLbdJz-N4vjvdylgMPElLyclOuQ
#opsec #security
🫡🫡🫡
• x.com/web3privacy/status/1854801391665266969
#opsec #security
Want to learn Web3 security but not sure where to start?
We get this question all the time.
Here’s our answer: x.com/xyz_remedy/status/1853844986543952263
#web3 #security
600 users have collected my article, thank you fam 🫡
• Please RT: x.com/officer_cia/status/1853260026443358233
• Article link: officercia.mirror.xyz/z7UhL4a_R5L0iPiAufCx7OXC24-onnNg92RzcwPP1VQ
#opsec #security
Dear friends, you can order an OpSec audit from me for you and your team/project.
I can conduct a series of trainings with you and your team, develop project-specific OpSec guidelines and answer all your questions.
This is about my personalized services. I do not do it on behalf of the company. Thank you! 🙏
Price is negotiated separately, depends on occupancy and number of days. You can count on 3-5 thousand dollars for everything (provided that there will not be any particularly costly cases).
• Can you share more information on the services included specifically?
• Mainly from potential dangers that may be encountered in Web3. Mainly OpSec, in particular, wallet security, social networks, multisig. In other words, everything that fits under OpSec including also workplace setup and basic security guideline including physical security. These includes lectures for team, personal consultations, creation of project-specific guidelines. Typical duration - 1-2 weeks, depends on complexity.
DM: @farm42
#opsec #security
Happy Halloween! 🎃
• x.com/officer_cia/status/1719501383597249020
1inch Front-End seems to be compromised…
• https://x.com/officer_cia/status/1851748045953622304
DO NOT CONNECT WALLET!
P.S. Do not revoke approvals, since only front-end has been hacked so far. Contracts seem to be safe.
Reference: @infinityhedge, Coinspect Security
#security #alert
https://www.coinspect.com/wallets/
Читать полностью…
Whether you are interested in how you can explore the strategies and methodologies for investigating crypto hacks or even what to do if you get scammed or hacked:
• https://x.com/chrisdior777/status/1851225027791692172
#security #web3
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
A great article showcasing that even in case everything has been compromised - the hardware wallet still can safe you on the example of the Radiant key compromise exploit. I personally use SafePal S1 as it doesn't have WiFi, Bluetooth or any other connections to the world - a fully offline device.
bazzanigianfranco/how-to-not-blind-signing-safe-multi-sign-transactions-with-our-hardware-wallet-abd0cee9226c" rel="nofollow">https://medium.com/@bazzanigianfranco/how-to-not-blind-signing-safe-multi-sign-transactions-with-our-hardware-wallet-abd0cee9226c
The first two clients have secured a spot for the next month! I'll take on 2-3 more clients and that's probably it for this year! So hurry up.
DM: @farm42
#offtopic
https://officercia.mirror.xyz/ye7je7tkuy5nEF7oxHiqyfPI48SBKYckkhW1uTqafpo
Читать полностью…
officercia.mirror.xyz/ye7je7tkuy5nEF7oxHiqyfPI48SBKYckkhW1uTqafpo
Читать полностью…
We’re thrilled that Glider helped a whitehat demonstrate the impact of an issue, raising it to critical and unlocking a $1 million prize pool.
Another great use case for Glider! Try out glide.r.xyz - 17 lines of code may result in 1 million $ payout! 👀
• x.com/minato7namikazi/status/1853455576405082148
• x.com/xyz_remedy/status/1853463831579660562
And of course submit your findings to @xyz_remedy!
#security #web3
medium.com/@officercia/my-web3-security-privacy-stack-safeguarding-the-future-of-decentralization-89285ae6e7a6
Читать полностью…
Link: https://github.com/tpiliposian/not-awesome-web3-security-roadmap
#web3 #security
Dear subscribers, I know there are a few themed conferences and meetups coming up... I don't plan on attending them (as I always do), but you can meet my friends from @xyz_remedy!
I keep naively waiting for VRchat to become so popular that we can hold crypto conferences there lol 😂
#offtopic
If you’d like to support me and my work, please donate:0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A
or 0x937028F9A08b39331FAE53741Ada63179C42a7e7 — Ethereum, Base, Optimism, Polygon, BSC;17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU or bc1q75zgp5jurtm96nltt9c9kzjnrt33uylr8uvdds — Bitcoin;TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN — TRX;4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds — XMR;
You can also support me by minting one of my Mirror articles NFTs or just DM me for a clean address! Thank you very much!
The crypto exchange M2 was hacked for ~$13M from hot wallets on multiple chains yesterday.
Theft addresses
ETH: 0x968b6984cba14444f23ee51be90652408155e142
BTC: bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj
SOL: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL
Here’s the ultimate list: 35 top Telegram channels for news, insights, and alpha you don’t want to miss: x.com/tailoredweb3/status/1852014730929738093
#offtopic
An Open Letter to the Manufacturers and Designers of Crypto Wallets
• https://officercia.mirror.xyz/hd13Evk_caRmfKu4d0P9S4W63Tic-sMSLX9y71-CqjM
#security #privacy
Every OG or newly successful individual is a target. Keep this in mind, stay cautious:
• https://x.com/nft_garage_/status/1851093968521482378?1
#security #privacy
That’s an awesome guide!
• https://github.com/tpiliposian/not-awesome-web3-security-roadmap
#audit #security #web3
officercia.mirror.xyz/pJSR4RwyOV_elzP8ymn3Ckn-Mat9s5sKE5Mqdmol06Y
Читать полностью…
Looks like $20M of seized funds tied to the US Government was likely stolen in the past hour. - @investigations
RT for visibility: x.com/officer_cia/status/1849534839319302453
#security #opsec
officercia.mirror.xyz/ao1jrU4bZ61bX5B6SLp7DO91Lc_SMyokLNgmTZPt91I
Читать полностью…
Modern Defense Tactics in the Cryptocurrency Sector: 5 Simple Suggestions
My first article posted on zora.co!
More of my NFTs can be found here: officer_cia/created" rel="nofollow">https://zora.co/@officer_cia/created
#offtopic #nft
https://officercia.mirror.xyz/CR7iP3uj8FRIkPB3ZQvVPucteRDsO9rj0EvU8MQCf5U
Читать полностью…