By Deeba Ahmed
The scammers creates fake investment platforms using popular companies like Tesla, Meta, and Imperial Oil and lures unsuspecting users into depositing funds.
This is a post from HackRead.com Read the original post: Savvy Seahorse Using Fake ChatGPT, Facebook Ads in DNS Investment Scam

Infoblox cybersecurity researchers are warning users about a fraudulent scheme launched by a DNS threat actor Savvy Seahorse, which uses Facebook advertisements to trick users into fraudulent investment platforms and transfers deposits to Russian-state-owned banks.

California-based IT automation and security company Infoblox has discovered a relatively new DNS threat actor called “Savvy Seahorse.” According to the company’s report, the actor creates fake investment platforms using popular icons like Tesla, Meta, and Imperial Oil and lures unsuspecting users into depositing funds. 

Savvy Seahorse prefers using Facebook ads to trick users into trusting fake investment platforms and transfers deposits to Russian-state-owned banks. Savvy Seahorse employs advanced techniques like fake ChatGPT and WhatsApp bots to lure users into high-return investment scams, which are the costliest category of threat reported to the FBI’s Internet Crime Complaint Center.

ChatGPT and WhatsApp bots engage users through automated responses for high-return investment opportunities. These campaigns target users in various countries, including Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers but interestingly users in Ukraine are protected. 

Through DNS canonical name (CNAME) records, the actor creates a traffic distribution system (TDS) for conducting sophisticated financial scams, controlling access to content and updating the IP addresses of malicious campaigns. This also helps them evade detection by the security industry. It is worth noting that Savvy Seahorse, active since 2021, is the first publicly reported threat actor abusing DNS CNAME records for sophisticated scam campaigns.

In a blog post, Infoblox researchers have identified several red flags associated with the Savvy Seahorse scam. These include short-lived campaigns (active for only 5-10 days), using a phased deployment system, frequent changes in IP addresses (to complicate/block tracking of malicious infrastructure), and the use of wildcard DNS entries.

These entries entail creating numerous subdomains, potentially confusing passive DNS analysis. These characteristics make it difficult to track and block malicious infrastructure. Victims’ data is sent to a secondary HTTP-based TDS server for validation and geofencing.

Around 4.2k base domains with CNAME records are used by Savvy Seahorse to host campaigns, Infoblox researchers confirmed. The attackers create subdomains for each SLD using a domain generation algorithm, using pseudo-random hostnames. Registration forms are used to gather victim information, and after validating it, they are redirected to the fake trading platform. The actor monitors users to prevent security threats.

The scam poses potential risks to individuals, including financial loss, data theft, and malware infection. Users who invest in the fake platform may lose their funds, while the scammers may steal personal and financial information.

Therefore, consumers must be vigilant when trusting unverified sources for making deposits. Remember that the US cumulatively lost over $4.6 billion in 2023 over investment scams.

1.  **WhatsApp Pink is malware spreading through group chats**
2.  **Thousands of Dark Web Posts Expose ChatGPT Abuse Plans**
3.  **China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks**
4.  **Fake Telegram, WhatsApp clones aim at crypto on Android, Windows**
5.  **SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds**

Savvy Seahorse Using Fake ChatGPT, Facebook Ads in DNS Investment Scam

A vulnerability, now fixed, in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all.

A vulnerability in Facebook could have allowed an attacker to take over a Facebook account without the victim needing to click on anything at all.

The bug was found by a bounty hunter from Nepal called Samip Aryal and has now been fixed by Facebook.

In his search for an account takeover vulnerability, the four times Meta Whitehat award receiver started by looking at the uninstall and reinstall process on Android. By using several different user agents he encountered an interesting response in the password reset flow.

After investigation, a few characteristics of the login code made it an interesting attack vector:

*   The code was valid for two hours
*   It did not change during that period when requesting it
*   There was no validation if you attempted a wrong login code

Combined with the fact that these codes are only 6 digits, Samip saw opportunities for a brute force attack, where an attacker repeatedly tries to access login credentials in the hope of eventually getting into an account.

After uncovering all this information, and with his extensive knowledge about the Facebook authentication process, Samip found the method to take over an account was relatively simple:

*   Pick any Facebook account.
*   Try to login as that user and request a password reset (Forgot password).
*   From the available reset options choose “Send code via Facebook notification”.
*   This creates a POST request. As part of a POST request, an arbitrary amount of data of any type can be sent to the server in the body of the request message.
*   Copy that POST request and use a method to try all the 100,000 possibilities. Note, 100,000 possibilities may sound like a lot, but given the two hour time-frame there are plenty of options to do that.
*   The matching code responds with a 302 status code, a redirect that confirms the search was successful.
*   Use the correct code to reset the password of the account and the attacker can now take over the account.

There was one caveat. The owner of the account will see the notification on the device they are logged in with. And strangely enough the notifications came in two flavors.

_The difference in notification which makes it a zero-click or not_

The first one works as described above, but the second one does require the account owner to tap that notification before Facebook generates a login code. That makes it a lot harder to take over the account.

A detailed report of how Samip found the vulnerability is available on his Medium page.

Facebook has awarded Samip a bounty and fixed the issue. Together with other bounty hunters, Samip submitted hundreds of reports to Meta which they resolved, making Facebook and other platforms a safer place along the way.

**Paying attention pays off**

There are a few takeaways from this method that Facebook users, and users of other platforms for that matter, might use to their advantage.

*   Pay attention to the signs that a password request has been initiated (email, notifications, texts, etc.) Somebody could be trying to take over your account. Follow the instructions on the password reset notification if it’s not you doing the reset.
*   Don’t use the Facebook login option on other platforms, and certainly not on ones that have personal or financial information about you.
*   Turn on 2FA for Facebook to make it harder for criminals to hijack your account.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Facebook bug could have allowed attacker to take over accounts 

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?**

The user would have to click on a specially crafted URL to be compromised by the attacker.

CVE-2024-26196: Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

In the tgnet library used in Telegram messenger for Android, there is a use-after-free vulnerability in Connection::onReceivedData that can be triggered remotely.

Telegram For Android Connection::onReceivedData Use-After-Free

Android banking trojans are a serious cyberthreat to everyday users that, through clever trickery, steal passwords and drain bank accounts.

For the most popular operating system in the world—which is Android and it isn’t even a contest—there’s a sneaky cyberthreat that can empty out a person’s bank accounts to fill the illicit coffers of cybercriminals.

These are “Android banking trojans,” and, according to our 2024 ThreatDown State of Malware report, Malwarebytes detected an astonishing 88,500 of them last year alone.

While the 2024 ThreatDown State of Malware report focuses heavily on the corporate security landscape today, make no mistake: Android banking trojans pose a serious threat to everyday users. They are well-disguised, hard to detect in regular use, and are a favorite hacking tool for cybercriminals who want to automate the theft of online funds for themselves.

****What are Android banking trojans?****

The idea behind Android banking trojans—and all cyber trojans—is simple: Much like the fabled “Trojan Horse” which, the story goes, carried a violent surprise for the city of Troy, Android banking trojans can be found on the internet disguised as benign, legitimate mobile apps that, once installed on a device, reveal more sinister intentions.  

By masquerading as everyday mobile apps for things like QR code readers, fitness trackers, and productivity or photography tools, Android banking trojans intercept a person’s online interest in one app, and instead deliver a malicious tool that cybercriminals can abuse later on.

But modern devices aren’t so faulty that an errant mobile app download can lead to full device control or the complete revelation of all your private details, like your email, social media, and banking logins. Instead, what makes Android banking trojans so tricky is that, once installed, they present legitimate-looking permissions screens that ask users to grant the new app all sorts of access to their device, under the guise of improving functionality.

Take the SharkBot banking trojan, which Malwarebytes detects and stops. Last year, Malwarebytes found this Android banking trojan hiding itself as a file recovery tool called “RecoverFiles.” Once installed on a device, “RecoverFiles” asked for access to “photos, videos, music, and audio on this device,” along with extra permissions to access files, map and talk to other apps, and even send payments via Google Play.

These are just the sorts of permissions that any piece of malware needs to dig into your personally identifiable information and your separate apps to steal your usernames, passwords, and other important information that should be kept private and secure.

The introduction screen when opening “RecoverFiles” and the follow-on permissions it asks from users. Once installed, it is invisible on the device home screen.

Still, the tricks behind “RecoverFiles” aren’t yet over.

Not only is the app a clever wrapper for an Android banking trojan, it could also be considered a _hidden_ wrapper. Once installed on a device, the “RecoverFiles” app icon itself does not show up on a device’s home screen. This stealth maneuver is similar to the features of stalkerware-type apps, which can be used to non-consensually spy on another person’s physical and digital activity.

But in the world of Android banking trojan development, cybercrminals have devised far more devious schemes than simple camouflage.

****Slipping under the radar****

The problem with the Ancient Greeks’ Trojan Horse strategy is that it could only work once—if you don’t sack Troy the first time, you better believe Troy is going to implement some strict security controls on all future big horse gifts.

The makers of Android banking trojans have to overcome similar (and far more advanced) security measures from Google. As the Google Play store has become _the_ go-to marketplace for Android apps, cybercriminals try to place their malicious apps on Google Play to catch the highest number of victims. But Google Play’s security measures frequently detect malware and prevent it from being listed.

So, what’s a cybercriminal to do?

In these instances, cybercriminals make an application that is seemingly benign, but, once installed on a device, executes a line of code that actually downloads malware from _somewhere else_ on the internet. This is how cybercriminals recently snuck their malware onto Google Play and potentially infected more than 100,000 users with the Anatsa banking trojan.

What was most concerning in this attack was that the malicious apps that made it onto the Google Play store reportedly worked for their intended purposes—the PDF reader read PDFs, the file manager managed files. But hidden within the apps’ coding, users were actually downloading a set of instructions that directed their devices to install malware.

These malicious packages are sometimes called “malware droppers” as the apps “drop” malware onto a device at a later time.  

****What does it all mean for me?****

There’s a lot of technical machinery at work inside any Android banking trojan that is put in place to accomplish a rather simple end goal, which is stealing your money.

All the camouflage, subterfuge, and hidden code execution is part of a longer attack chain in which Android banking trojans steal your passwords and personally identifiable information, and then use that information to take your money.

As we wrote in the 2024 ThreatDown State of Malware report:

> “Once it has accessibility permissions, the malware initializes its Automated TransferSystem (ATS) framework, a complex set of scripts and commands designed to perform automated banking transactions without user intervention. The ATS framework uses the harvested credentials to initiate unauthorized money transfers to accounts held by the attacker. This mimics real user behavior to bypass fraud detection systems.”

****Staying safe from Android banking trojans****

Protecting yourself from Android banking trojans is not as simple as, say, spotting grammatical mistakes in a phishing email or refusing to click any links sent in text messages from unknown numbers. But just because Android banking trojans are harder to detect by eye does not mean that they’re impossible to stop.

Malwarebytes Premium provides real-time protection to detect and stop Android banking trojans that are accidentally installed on your devices. It doesn’t matter if the banking trojan is simply a malicious app in a convenient package, or if the banking trojan is downloaded through a “malware dropper”—Malwarebytes Premium provides 24/7 cybersecurity coverage and stops dangerous attacks before they can be carried out.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Android banking trojans: How they steal passwords and drain bank accounts 

Meet the guy who taught US intelligence agencies how to make the most of the ad tech ecosystem, "the largest information-gathering enterprise ever conceived by man."

How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other.

Thursday, February 22, 2024 14:00

When we talk about the term “fake news,” most people likely picture a certain person who made the term infamous. 

And when we talk about misinformation and disinformation, many will remember the “Russian troll farms” that popped up during the 2016 U.S. presidential election and were unmasked and shut down during former president Barack Obama’s final days in office. 

But a few recent actions from TikTok, the most popular online social media platform, show that the problem of spreading misinformation and disinformation goes far beyond the borders of the U.S. 

TikTok announced last week it was launching in-app “election centres” to help combat misinformation and inform users of facts when they view videos about elections in European Union nations. This includes 27 unique apps that all use the country’s native language.  

In a statement on their site, the social media company said this effort is to “ensure people can easily separate fact from fiction.” 

Part of me can’t help but wonder if this wasn’t a problem of the company’s own creation after they allowed misinformation about the COVID-19 global pandemic to spread rapidly and use an algorithm that enhances “controversial” videos about different international brands. But I can certainly hope that these election centres provide more context than the little info box Twitter launched a while ago.  

I think this is important to note, though, that this problem just goes beyond American culture. Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other. It is an issue that is spreading on all platforms in all countries. 

I’ve been at fault in the past for just wanting to put the blame on Twitter. While they have been one of the worst offenders of allowing misinformation on their site, they are far from the only offenders or the only platform where users can spread this time of misinformation, even if they are doing it by accident. 

Just like any other platform, it’s easy for someone on TikTok to simply “share” or “like” someone else’s video if they find it compelling without giving it a second thought. Your friends and family are likely spreading misinformation on their feeds without even knowing it or doing it with any malicious intent. Regardless of where you live in the world, this is likely true. 

It’s amplified in the U.S. because our political theater is such that when something happens, everyone else on the world stage notices it. I can’t say that folks in the U.S. are necessarily invested in the national elections in Greece.  

But if misinformation is allowed to spread during the Greek elections, it’s going to spread to U.S. presidential elections. Once the infrastructure is in place for disinformation to flourish on a platform, it’s nearly impossible to get rid of, no matter the topic.  

**The one big thing **

Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe. The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly observe new email distribution campaigns. We have observed all three malware families being delivered during the same timeframe from the same storage bucket within Google Cloud. 

**Why do I care? **

Some of the highest volume campaigns recently observed were being used to deliver the Astaroth, Mekotio, and Ousaban banking trojans to victims largely located in Latin American countries. We have also observed lower volume campaign victims located throughout Europe and North America, which may indicate less geographically focused targeting by threat actors moving forward. For example, the current variant of Astaroth targets more than 300 institutions across 15 Latin American countries. 

**So now what? **

Talos has released new ClamAV signatures and Snort rules to protect against these various banking trojans. Our researchers have also alerted Google of this activity so that they may address it internally on Cloud Run. 

**Top security headlines of the week **

**Poland is launching a formal investigation into whether its former government leaders misused the Pegasus spyware.** Parliament created a coalition to see if the Law and Justice (PiS) government, previously the ruling party of Poland, used the controversial spyware to track and target its political opponents. Current ruling leaders used a promise of an investigation as one of their top campaign platforms. Meanwhile, NSO Group, the creators of Pegasus, have reportedly created a new one-click exploit called “MMS Fingerprint” that it offers as an infection tool for the spyware. MMS Fingerprint allows Pegasus users to learn a great deal about a target Blackberry, iPhone or Android device by sending a specially crafted Multimedia Messaging Service (MMS) message. A contract between an NSO Group reseller and a customer in Ghana exposed the information, including a promise that MMS Fingerprint required “No user interaction, engagement, or message opening ... to receive the device fingerprint.” (Politico, DarkReading) 

**The spyware startup Variston is reportedly shrinking and is preparing to completely close.** Variston is known for launching spyware that can target iPhones, Android devices and some PCs. A disgruntled employee reportedly leaked information about the company and the zero-day exploits they used to Google’s Threat Analysis Group, which allowed Google to unmask the operation. This eventually led to several employees and developers leaving Variston. Variston, founded in 2018, previously used three zero-day vulnerabilities to target Apple devices, including a campaign in March 2023 to target iPhones in Indonesia. Reporters and researchers have yet to find who, exactly, Variston sold their services and technology to, though former employees have said some of the spyware was sent to the United Arab Emirates. (Tech Crunch, Google) 

**Volt Typhoon, a large APT based in China, is reportedly still exfiltrating sensitive information on operational technology (OT) networks.** Volt Typhoon has been known to target organizations in the communications, manufacturing, utility, IT and education sectors across the globe, though it’s recently become more noteworthy for its targeting of critical networks in the U.S. A new report from cybersecurity firm Dragos says that it spotted Volt Typhoon conducting scanning activities against electric companies between November and December 2023. Volt Typhoon is traditionally known for espionage and data theft on behalf of the Chinese government. But Dragos also says that the actor has also recently infiltrated a large U.S. city's emergency services network, as well as critical infrastructure networks in Africa. The report states that the OT data stolen may cause “unintended disruption to critical industrial processes or provide the adversary with crucial intelligence to aid in follow-up offensive tool development or attacks against ICS networks.” (SecurityWeek, The Register) 

**Can’t get enough Talos? **

*   Talos Takes Ep. #172: Case study: How Talos IR helped a healthcare tech company avoid a ransomware attack 
*   How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity 
*   Network infrastructure was a prime target for cyber threats in 2023 
*   Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs 
*   Turla hackers backdoor NGOs with new TinyTurla-NG malware 

**Upcoming events where you can find Talos **

**S4x24** **(March 4 - 27)** 

Miami Beach, Florida 

_To protect themselves during Russian aggression, the Ukrainian military utilizes electronic warfare to blanket critical infrastructure to defeat radar and GPS-guided smart munitions. This has the unintended consequence of disrupting GPS synchrophasor clock measurements and creating service outages on an already beleaguered and damaged transmission electric grid. Joe Marshall from Talos’ Strategic Communications team will tell an incredible story of how a group of engineers and security professionals from a diverse coalition of organizations came together to solve this electronic warfare GPS problem in an unconventional technical way, and helped stabilize parts of the transmission grid of Ukraine._ 

**RSA** **(May 6 - 9)** 

_San Francisco, California_ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507    
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f    
**Typical Filename:** VID001.exe    
**Claimed Product:** N/A    
**Detection Name:** Win.Worm.Coinminer::1201 

**SHA 256:** 6d167aee7013d61b0832937773cd71d77493a05d6ffb1849bdfb1477622e54c2   
**MD5:** 36503fd339663027f5909793ea49ccbc   
**Typical Filename:** telivy\_agent\_2.3.1.exe   
**Claimed Product:** N/A    
**Detection Name:** W32.File.MalParent

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91    
**MD5:** 7bdbd180c081fa63ca94f9c22c457376   
**Typical Filename:** c0dwjdi6a.dll   
**Claimed Product:** N/A    
**Detection Name:** Trojan.GenericKD.33515991 

**SHA 256:** 5616b94f1a40b49096e2f8f78d646891b45c649473a5b67b8beddac46ad398e1      
**MD5:** 3e10a74a7613d1cae4b9749d7ec93515      
**Typical Filename:** IMG001.exe      
**Claimed Product:** N/A      
**Detection Name:** Win.Dropper.Coinminer::1201 

**SHA 256:** 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa     
**MD5:** df11b3105df8d7c70e7b501e210e3cc3     
**Typical Filename:** DOC001.exe     
**Claimed Product:** N/A     
**Detection Name:** Win.Worm.Coinminer::1201

TikTok’s latest actions to combat misinformation shows it’s not just a U.S. problem

By Waqas
Another day, another Apple Security Vulnerability!
This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

Apple Shortcuts security vulnerability (CVE-2024-23204) allows attackers to access targeted devices and steal sensitive data – update your devices now!

Cybersecurity firm Bitdefender has discovered a 7.5/10 severity rating vulnerability in Apple Shortcuts, allowing attackers to access sensitive data without prompting users. According to Bitdefender’s blog post published on 22 February 2024, this vulnerability tracked as **CVE-2024-23204**, allows attackers to create a Shortcuts file bypassing Apple’s security framework for macOS and iOS.

Apple Shortcuts is a popular **macOS and iOS** automation app that simplifies tasks by allowing users to create personalized workflows using visual programming to automate tasks like app control, media management, messaging, location-based actions, and more. Users can create workflows for file management, health tracking, web automation, education, and smart home integration, thereby improving productivity and user experience.

The vulnerability was found in the shortcut sharing/expanding mechanism in Apple’s Shortcuts community. The community allows users to discover and expedite automation workflows and export/share shortcuts.

CVE-2024-23204 on the other hand, lets users unknowingly import shortcuts that could exploit the Transparency, Consent, and Control (TCC) security framework in macOS and iOS. This framework helps ensure user privacy and security by requiring explicit permission before accessing sensitive data or functionalities.

During the attack, as noted by researchers in their **blog post**, the ‘Expand URL’ function in Shortcuts lets attackers transmit base64-encoded photo data to a malicious website. This involves selecting sensitive data, importing it, converting it using the base64 encode option, and forwarding it to the server. A Flask program captures the transmitted data, allowing the attacker to store it for exploitation. The issue is fixed in **macOS Sonoma 14.3**, **watchOS 10.3**, **iOS 17.3, and iPadOS 17.3**. 

Still, it highlights the need for continuous security vigilance in Apple’s Shortcuts application, given its potential for privacy breaches. Users are advised to use the latest software. Users are advised to update macOS, iPadOS, and watchOS devices, remain cautious when executing shortcuts from untrusted sources, and regularly check for **Apple security updates and patches**.

****Watch the vulnerability in action!****

The rising number of flaws identified in Apple apps and devices recently has effectively busted the myth of Apple products being the most reliable in safeguarding user data. Last year Apple patched a record number of vulnerabilities.

In July 2023, Apple issued a critical **security alert** for iPhone, iPad, and Mac users, urging them to update their devices soon due to a software vulnerability in its Safari WebKit browser engine.

In October 2023, researchers from Georgia Tech, the University of Michigan, and Ruhr University Bochum **discovered an iLeakage** vulnerability in Apple devices, affecting Macs and iPhones since 2020. The attack exploited a side-channel vulnerability in CPUs, allowing Safari to divulge sensitive data, including passwords and Gmail content.

In December 2023, a **Bluetooth vulnerability**, CVE-2023-45866, let attackers control Android, Linux, macOS, and iOS devices without user confirmation to install malicious apps, run commands, and perform unauthorized actions.

The same month, Apple **released** security updates to address two zero-day vulnerabilities, CVE-2023-42916 and CVE-2023-42917, which allowed hackers to execute code and access sensitive data on compromised devices through malicious web pages.

1.  **Apple Approves Fake App Before Real Rabby Wallet**
2.  **Apple Safari Safest, Google Chrome Riskiest Browser**
3.  **Apple AirTags can be used as trojan for credential hacking**
4.  **55 Apple vulnerabilities risked iCloud account takeover, data theft**
5.  **Apple Bug bounty: Earn big backs for hacking iPhone, other products**

Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

By Uzair Amir
Meet Curium by Bluzelle, a new Miner Pool app.
This is a post from HackRead.com Read the original post: Bluzelle’s Curium App Makes Crypto Earning Effortless

Bluzelle, a Singapore-based decentralized storage company, is making it easier than ever to earn cryptocurrency with the launch of Curium, a new Miner Pool app. Curium allows anyone to contribute storage space and security to Bluzelle’s network and earn BLZ tokens in return, all from their computer or mobile device.

Traditionally, running nodes for blockchain projects has been a complex process requiring technical expertise and expensive hardware. Curium eliminates these barriers by offering a user-friendly app that works on any device, regardless of operating system.

The good news is that Bluzelle solves this by making it easy for anyone to install the Curium app on their computers or mobile devices. This app works on any operating system, including Windows, Mac, Linux, Android, or iOS. Once installed, users simply need to provide their Bluzelle wallet address.

Their device then becomes a “just in time” (JIT) storage node service provider, earning BLZ tokens for the fractional times their machine is online. This operation is similar to an Ethereum PoS pooler miner app, where anyone can install the app on their PC and start earning fractional amounts of ETH based on their device’s uptime.

However, it’s worth mentioning that users must remain alert against fake crypto apps created by scammers targeting iOS, Android, and Windows devices. Recently, Apple approved a fake wallet app on the Play Store that stole user data.

Similarly, Microsoft permitted a fake fundraising app that siphoned almost a million dollars from users. Furthermore, Google has been involved in multiple incidents where fake apps led to the theft of users’ funds. Therefore, it is significant to note that the Curium app is expected to be released by the end of 2024.

“The Curium storage node application is one of the core technologies we envisioned when we launched Bluzelle’s white paper over six years ago,” said Neeraj Murarka, co-founder and CTO of Bluzelle. “Now anyone can become part of our decentralized infrastructure network and earn rewards for simply having their device online.”

With Curium, users can contribute to the security and storage of Bluzelle’s network while earning BLZ tokens. This opens up the world of cryptocurrency to a wider audience, making it easier for anyone to participate in the Web3 revolution.

1.  **Navigating the new frontier of cryptocurrency futures**
2.  **What the Bitcoin ETF Approval Mean for the Crypto Market** 
3.  **Powerloom to Hold First Ever Node Mint on Polygon Network**
4.  **Exploring the Phenomenal Rise of Ethereum as a Digital Asset**
5.  **The Anatomy of Trading Bot Scams: Strategies for Secure Investments**

Bluzelle’s Curium App Makes Crypto Earning Effortless

By Waqas
Crypto Nightmare! Fake Rabby Wallet App Steals Millions After Apple App Store Fails to Catch It.
This is a post from HackRead.com Read the original post: Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen

Users report significant losses due to the fake Rabby Wallet app, including one reporting a $5000 loss, another experiencing a 10% portfolio loss, and an NFT collector reporting $40,000 worth of ETH drained from their wallet. 

A fake version of the Rabby Wallet app, a popular crypto wallet developed by DeBank Global Pte Ltd., was tricking users and stealing their funds on the Apple App Store. DeBank’s team confirmed that any app available on the store currently is fake, as its official app is still under review and yet to be approved by Apple.

For your information, Rabby Wallet’s mobile app’s beta version was announced on 16 February by team DeBank. However, scammers acted quickly and uploaded the app’s fake version to the iOS App Store, which was a wallet drainer and had no connection with the real app.

Interestingly, this fake version was approved by Apple before the actual wallet app, prompting users to download the drainer and get scammed.

The fake Rabby Wallet app, created by a developer called “Solution Development,” appeared on the App Store under the name “Rabby Wallet & Crypto Solution” and was detected after four days. A thread warning others about the fake app was posted on Rabby Wallet’s **Apple discussion board** and **Discord** channel with screenshots from scammed users.

The fake Rabby App on the Apple App Store

Affected users have also created a thread on Reddit to warn others about the fake app. One user claimed that a fake app by “VIET LONG FINANCIAL INVESTMENT JOINT STOCK COMPANY” has been approved, causing users to lose cryptocurrencies, with a user losing around 14 ETH.

“This scammer’s approved AppStore App called “Rabby Wallet & Crypto Solution” is tricking people into thinking it is the genuine one, they enter the seed phrase or private key, and moments later all of their life savings, crypto belongings are GONE!” a user u/CryptoCurrency **wrote** on Reddit.

Rabby Wallet team **posted** a statement on X to notify users about the presence of a fake app and to avoid downloading it. The fake app has now been removed by Apple.

However, this isn’t the first instance where fake apps appeared on a credible platform like the Apple App Store and deceived users. On February 7, 2024, Hackread.com **published a warning from LastPass**, urging users to avoid downloading fraudulent applications and remain cautious after a fake app was uploaded to the Apple App Store, posing as the legitimate LastPass Password Manager app. The app was developed by Parvati Patel and closely resembled LastPass’ branding and user interface.

In July 2023, **Apple approved a fake THREADS app**, which subsequently ranked first on the European Apple Store, despite the original app being launched by META just days before and wasn’t available in Europe. Nevertheless, such incidents are steadily rising, making Apple’s app review and approval process doubtful and questionable.

****RELATED ARTICLES****

1.  **Google Deletes Fake BatteryBot Pro Malware App**
2.  **MMRat Android Trojan Uses Fake App Stores for Bank Fraud**
3.  **Fake Ledger App on Microsoft Store Stole $800,000 in Crypto**
4.  **Chinese Scammers Use Fake Loan Apps for Money Laundering**
5.  **Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App**

Tag

#android