Known for doing business with far-right extremist websites, Epik has been acquired by a company that specializes in helping businesses keep their operations secret.

A technology company that has been essential in keeping far-right and extremist websites online was acquired last year by a firm that operates an empire of shell companies across the United States, according to people familiar with the deal.

Epik.com has been for years the go-to domain registrar for websites that other companies refuse to do business with. Sites dedicated to white nationalism, QAnon conspiracy theories, and harassing transgender people were all welcomed by Epik. Now, it appears that Epik’s new owner may abandon the extremist fringe and shift its customer base toward companies seeking to operate in the shadows.

Rob Monster, a born-again Christian who founded Epik in 2009, had been key in keeping many of the most extreme websites online. He often went to great lengths to personally defend the sites and extolled the virtues of free speech. Epik was sold to new ownership last year after the company unraveled amid allegations of gross financial mismanagement.

An accounting firm hired by Epik to conduct a forensic investigation alleged that Monster had misappropriated more than $3.5 million, according to an internal preliminary report obtained by WIRED. More than $1.5 million was attributed to Monster personally withdrawing funds from the company. Nearly $2 million of Epik funds was used in Kingdom Ventures, Monsters’ venture capital firm, according to the report.

Monster didn’t respond to multiple requests for comment.

The buyer of Epik’s domain registrar business was a brand-new company that had been incorporated in Wyoming weeks before the sale was completed last summer: Epik LLC. The owner of Epik LLC, according to two people familiar with the deal, is Registered Agents Inc. The company confirmed its ownership in a press release late Friday night.

Registered Agents Inc. and its subsidiary companies claim to have offices in every state and Washington, DC. Its services allow companies to operate anonymously in a jurisdiction of its choosing. Registered Agents Inc. says it provides services to over 1 million companies.

The founder and owner of Registered Agents, according to two people familiar with the company, is a man named Dan Keen. In an email, a lawyer for Registered Agents Inc. says Keen is not the owner nor an employee of Registered Agents Inc. or Epik, and that he acted as a consultant in the acquisition.

Keen is intensely private, according to multiple people who have worked with him who requested anonymity to discuss details of the deal. “He has made it his mission in life to be invisible,” said one. “He’s someone who likes to operate in the shadows,” claims another. Keen is a serial entrepreneur who previously ran a lawn care and tree-trimming business, according to public records.

Keen has no website or social media pages. Emails sent by Keen don’t include a signature. Attempts to reach Keen for comment led to a reply from Bryce Myrvang, a lawyer for Registered Agents Inc.

Using a registered agent to incorporate a business allows the owner to shield who actually owns it. A registered agent will act as an official point of contact for a company, receiving legal notices and mail, and filing incorporation documents with the state. In Wyoming alone, Registered Agents Inc. represents around 50,000 companies, according to the Wyoming secretary of state.

For example, a company that uses Registered Agents Inc. to set up shop in Wyoming would have its address listed as 30 N. Gould Sreet, a squat one-story building in the town of Sheridan.

A local paper in Wyoming, _The Sheridan Press_, reported in August 2021 that scam business had been linked to the 30 N. Gould Street address, where more than 20 registered agent firms claim to have their offices. An editor's note added after publication stated, “It remains completely legal for registered agents to do what they’re doing under Wyoming Statute.”

A 2022 investigation by the International Consortium of Investigative Journalists found that “oligarchs, criminals and online scammers” have used registered agents to operate in the United States and shield their true identity.

Registered Agents Inc.’s acquisition of Epik allows the company to extend its offerings to the internet, providing its customers another layer of anonymity for their websites.

“This most recent acquisition provided an opportunity to expand our business offerings to include a business email address, a domain name, and open source website hosting at a reasonable cost,” Myrvang tells WIRED. “Registered Agents Inc. now has the capability to establish an entire business identity for its customers in less than 10 minutes.”

Clues about changes within Epik first emerged in January, when the company terminated its relationship with Kiwi Farms, a notorious trolling site whose users are dedicated to perpetuating never-ending drama and misery. In a series of bizarre and now deleted tweets, Epik claimed it suspended Kiwi Farms in response to a US court order and that the site hosted child sexual abuse material. In response, the Kiwi Farms administrator began crowdfunding money for a defamation lawsuit against Epik.

“You specialize in defamation, revenge porn, harassment, and hate speech and you want to sue us? We will expose all your and your users dirty secrets and they will be permanent public records,” the EpikLLC X account replied. “The judgment we will win against you will follow you the rest of your life.”

It was as if a new set of trolls with an entirely different worldview had taken over Epik.

“Alright all Whiny, Beta Snowflakes. Our DEI hires of the month canceled #Kiwifarms,” another post from EpikLLC read. “We don't like hate speech, porn, or doxxing. #JoeBiden will fix it! 2024!”

Some of the tweets trolling Epik were later deleted. “If such comments and or interactions on X were found to be offensive, Epik LLC formally apologizes to those individuals and or company,” Myrvang, the company's lawyer, says. “Further, the appropriate action has been taken internally in relation to the comments made on X.”

It’s unclear if Epik’s new owners singled out Kiwi Farms or if it has booted other sites from its service. “Epik.com’s Terms of Service has been updated to maintain compliance with all regulatory requirements,” Myrvang says.

When asked if the company has stopped working with other customers, Myrvang says, “Epik LLC will suspend and or terminate relationships with any company and or individual who violates its Terms of Services.”

In late 2022, Epik customers began reporting that they were suddenly unable to withdraw money from Masterbucks, Epik’s payment platform, which facilitated buying and selling pricey domain names. One customer, Luigi Marruso, posted on the domain name forum NamePros claiming that Epik was holding onto $1.5 million of its money. In an email to WIRED, Marruso says he still hasn’t been paid back.

Another customer, Matthew Adkisson, sued Epik and Monster, claiming they had mismanaged or embezzled $327,000 from him as he sought to purchase nourish.com. Epik later settled with Adkisson.

Claims like Adkisson’s began to pile up on forums for professionals in the domain name business (known as “domainers”), and Epik was in serious financial jeopardy.

Epik’s customers, fearing the worst, rushed to get their money back from the company. Epik even had outstanding debts with ICANN, the nonprofit that serves as a global administrator for the internet, according to legal filings.

“They were using customer funds to fund its operations. People started asking for those customer funds back, and they couldn't pay them,” says Andrew Allemann, a journalist who covered the fiasco for Domain Name Wire. “There was a run on the bank, and the money wasn’t there.”

In September 2022, a new CEO was installed at Epik in an attempt to stem the bleeding and settle the company’s debts. Epik, once valued by an investor at around $150 million was sold for around $5 million dollars in June 2023, according to a purchase agreement released as an exhibit in the Adkisson lawsuit. Much of the $5 million purchase price was allocated to paying off some of Epik’s debts. It’s unclear if the terms of the final deal match the one released as part of the lawsuit, but a source familiar with the acquisition says it was generally similar.

The rest of the debt was left with Monster. Just how much Monster owes former customers and vendors is unknown. Two former Epik customers told WIRED they’re still waiting to be paid back $38,000 and $20,000, respectively.

_Updated: 2/8/2024, 2:35 pm ET: Added additional comment from a Registered Agents Inc. spokesperson regarding Dan Keen's relationship with the company._

Epik, the Far-Right's Favorite Web Host, Has a Shadowy New Owner

Passkeys are here to replace passwords. When they work, it’s a seamless vision of the future. But don’t ditch your old logins just yet.

Using passkeys likely means having a different mindset from how you think about passwords. There’s nothing to remember when you log in, and you have to use something else to store your passkeys. Passkeys can be stored in Apple’s, Google’s or Microsoft’s password manager systems; your browser; a dedicated password manager; or on a physical security key. I created a Google passkey on one USB key, and all I need to do to sign in is, essentially, plug it in. (All of the devices I use professionally and personally are Apple, meaning I haven’t tested passkeys between my iPhone and a Windows laptop, for instance.)

“The technology is mature, the front ends are still nascent,” Shikiar from the FIDO Alliance says. Over the past year, the FIDO alliance has also been working on user experience guidelines, he says, making it more straightforward for people to sign up and use passkeys across systems. Gary Orenstein, the chief customer officer of password manager Bitwarden, says there are multiple groups involved in the creation and rollout of passkeys, so transitioning to a world where everything is seamless takes coordination. “The standards are at one level, user expectations are at a different level,” he says. “The vendor implementations are at a third level, and they’re merging, but it takes time.”

Being able to save a passkey on essentially any device makes them more useful and means you aren’t locked in to Google’s, Microsoft’s, or Apple’s ecosystems. However, where you save a passkey is going to take some remembering. When setting up one passkey, I was asked by my password manager, browser, and the device operating system whether I wanted to save my passkey with each of them. Picking one spot and sticking to it is probably the best option.

Most of my work is done on my laptop—and it's rare that I download new apps or log out of apps on my phone—so I have been saving the majority of my passkeys in Bitwarden, which costs me $10 a year for a premium account alongside my hundreds of passwords. It works like this: When logging in to my Amazon account, I enter my username, and then Bitwarden’s browser extension pops up asking whether I want to log in with my passkey for Amazon. I press confirm, and I am logged in. It also offers the option to use my device or a hardware key to log in, and if I select one of these options, it looks for passkeys stored on my laptop.

However, as mentioned, Bitwarden doesn’t currently offer passkeys on mobile, meaning that to get the mobile-first Coinbase integration to work, I ended up saving that passkey to iCloud’s Keychain instead. Orenstein, from Bitwarden, says that making passkeys work on mobile is a priority for Bitwarden and more support should be rolling out in the coming months. The company has seen a “fantastic” adoption of passkeys so far, he says, but acknowledges people will have to get used to the change. “You still need an awareness about where it is,” Orenstein says. “I think, over time, as an industry, we can reduce the need for that awareness, hopefully to zero.”

The Password’s Long Goodbye

You may not have set up any passkeys yet, but it’s only a matter of time. Tech companies are starting to make passkeys the default, and more businesses are adopting them. In the past couple of weeks, X has started allowing some people to use passkeys, and WhatsApp is bringing them to iPhones and iPads after previously rolling out passkey support for Android devices.

Leona Lassak, Blase Ur, and Maximilian Golla, three academics from Germany and the US who have researched the adoption of passkeys, say that businesses they’ve interviewed are generally positive about the adoption of passkeys and the extra security it will bring. However, it will likely take some time until the majority of websites, apps, and companies are using passkeys for everything. “I don’t think we will have a big bang in the next few months,” Lassak says. “It’s going to be a slow process, which on the way will then also catch other and smaller entities.”

As a result, passwords will still be around for a while. It’ll be a long time until I have converted my remaining 320-ish accounts to be using passkeys. And for the time being at least, those accounts where I do have passkeys will still have existing passwords that I can fall back on. “Passkeys is having fewer passwords, but not necessarily no passwords,” says Golla.

Experts recommend setting up a few passkeys whenever you come across them on your online accounts, rather than necessarily trying to change them all at once. There are guides to what websites are using passkeys already, and Google, Microsoft, and Apple all have straightforward explanations on how to create passkeys. And there are plenty of benefits to getting started now.

“They are a true password replacement that eliminate the threat of phishing, eliminate the hassle of password resets, and eliminate the liability that service providers have when they’re managing thousands, tens of thousands, or tens of millions, or billions of passwords,” Shikiar says. “It really is an entirely new way of doing user authentication.”

I Stopped Using Passwords. It's Great—and a Total Mess

“The people are in the streets. We can’t ignore them any longer. Really, we have little choice. Either we heal together, or we tear ourselves apart.” An exclusive excerpt from 2054: A Novel.

2054, Part IV: A Nation Divided

“You’d have an incomprehensible level of computational, predictive, analytic, and psychic skill. You’d have the mind of God.” An exclusive excerpt from 2054: A Novel.

2054, Part III: The Singularity

New EU rules mean WhatsApp and Messenger must be interoperable with other chat apps. Here’s how that will work.

A frequent annoyance of contemporary life is having to shuffle through different messaging apps to reach the right person. Messenger, iMessage, WhatsApp, Signal—they all exist in their own silos of group chats and contacts. Soon, though, WhatsApp will do the previously unthinkable for its 2 billion users: allow people to message you from another app. At least, that's the plan.

For about the past two years, WhatsApp has been building a way for other messaging apps to plug themselves into its service and let people chat across apps—all without breaking the end-to-end encryption it uses to protect the privacy and security of people’s messages. The move is the first time the chat app has opened itself up this way, and it potentially offers greater competition.

It isn’t a shift entirely of WhatsApp’s own making. In September, European, lawmakers designated WhatsApp parent Meta as one of six influential “gatekeeer” companies under its sweeping Digital Markets Act, giving it six months to open its walled garden to others. With just a few weeks to go before that time is up, WhatsApp is detailing how its interoperability with other apps may work.

“There’s real tension between offering an easy way to offer this interoperability to third parties whilst at the same time preserving the WhatsApp privacy, security, and integrity bar,” says Dick Brouwer, an engineering director at WhatsApp who has worked on Meta rolling out encryption to its Messenger app. “I think we're pretty happy with where we’ve landed.”

Interoperability in both WhatsApp and Messenger—as dictated by Europe’s rules—will initially focus on text messaging, sending images, voice messages, videos, and files between two people. Calls and group chats will come years down the line. Europe’s rules apply only to messaging services, not traditional SMS messaging. “One of the core requirements here, and this is really important, is for users for this to be opt-in,” says Brouwer. “I can choose whether or not I want to participate in being open to exchanging messages with third parties. This is important, because it could be a big source of spam and scams.”

WhatsApp users who opt in will see messages from other apps in a separate section at the top of their inbox. This “third-party chats” inbox has previously been spotted in development versions of the app. “The early thinking here is to put a separate inbox, given that these networks are very different,” Brouwer says. “We cannot offer the same level of privacy and security,” he says. If WhatsApp were to add SMS, it would use a separate inbox as well, although there are no plans to add it, he says.

Overall, the idea behind interoperability is simple. You shouldn’t need to know what messaging app your friends or family use to get in touch with them, and you should be able to communicate from one app to another without having to download both. In an ideal interoperable world, you could, for example, use Apple’s iMessage to chat with someone on Telegram. However, for apps with millions or billions of users, making this a reality isn’t straightforward—encrypted messaging apps use their own configurations and different protocols and have different standards when it comes to privacy.

Despite WhatsApp working on its interoperability plan for more than a year, it will still take some time for third-party chats to hit people’s apps. Messaging companies that want to interoperate with WhatsApp or Messenger will need to sign an agreement with the company and follow its terms. The full details of the plan will be published in March, Brouwer says; under EU laws, the company will have several months to implement it.

Brouwer says Meta would prefer if other apps use the Signal encryption protocol, which its systems are based upon. Other than its namesake app and the Meta-owned messengers, the Signal Protocol is publicly disclosed as being used in Google Messages and Skype. To send messages, third-party apps will need to encrypt content using the Signal Protocol and then package it into message stanzas in the eXtensible Markup Language (XML). When receiving messages, apps will need to connect to WhatsApp’s servers.

“We think that the best way to deliver this approach is through a solution that is built on WhatsApp’s existing client-server architecture,” Brouwer says, adding it has been working with other companies on the plans. “This effectively means that the approach that we’re trying to take is for WhatsApp to document our client- server protocol and letting third-party clients connect directly to our infrastructure and exchange messages with WhatsApp clients.”

There is some flexibility to WhatsApp interoperability. Meta’s app will also allow other apps to use different encryption protocols if they can “demonstrate” they reach the security standards that WhatsApp outlines in its guidance. There will also be the option, Brouwer says, for third-party developers to add a proxy between their apps and WhatsApp’s server. This, he says, could give developers more “flexibility” and remove the need for them to use WhatsApp’s client-server protocols, but it also “increases the potential attack vectors.”

So far, it is unclear which companies, if any, are planning to connect their services to WhatsApp. WIRED asked 10 owners of messaging or chat services—including Google, Telegram, Viber, and Signal—whether they intend to look at interoperability or had worked with WhatsApp on its plans. The majority of companies didn’t respond to the request for comment. Those that did, Snap and Discord, said they had nothing to add. (The European Commission is investigating whether Apple’s iMessage meets the thresholds to offer interoperability with other apps itself. The company did not respond to a request for comment. It has also faced recent challenges in the US about the closed nature of iMessage.)

Matthew Hodgson, the cofounder of Matrix, which is building an open source standard for encryption and operates the messaging app Element, confirms that his company has worked with WhatsApp on interoperability in an “experimental” way but that he cannot say any more due to signing a nondisclosure agreement. In a talk last weekend, Hodgson demonstrated “hypothetical” architectures for ways that Matrix could connect to the systems of two gatekeepers that don’t use the same encryption protocols.

Meanwhile, Julia Weis, a spokesperson for the Swiss messaging app Threema, says that while WhatsApp did approach it to discuss its interoperability plans, the proposed system didn’t meet Threema’s security and privacy standards. “WhatsApp specifies all the protocols, and we’d have no way of knowing what actually happens with the user data that gets transferred to WhatsApp—after all, WhatsApp is closed source,” Weis says. (WhatsApp’s privacy policy states how it uses people’s data.)

When the EU first announced that messaging apps may have to work together in early 2022, many leading cryptographers opposed the idea, saying it adds complexity and potentially introduces more security and privacy risks. Carmela Troncoso, an associate professor at the Swiss university École Polytechnique Fédérale de Lausanne, who focuses on security and privacy engineering, says interoperability moves could potentially lead to different power relationships between companies, depending on how they are implemented.

“This move for interoperability will, on the one hand, open the market, but also maybe close the market in the sense that now the bigger players are going to have more decisional power,” Troncoso says. “Now, if the big player makes a move and you want to continue being interoperable with this big player, because your users are hooked up to this, you're going to have to follow.”

While the interoperability of encrypted messaging apps may be possible, there are some fundamental challenges about how the systems will work in the real world. How much of a problem spam and scamming will be across apps is largely unknown until people start using interoperable setups. There are also questions about how people will find each other across different apps. For instance, WhatsApp uses your phone number to interact and message other people, while Threema randomly generates eight-digit IDs for people’s accounts. Linking up with WhatsApp “could de-anonymize Threema users,” Weis, the Threema spokesperson says.

Meta’s Brouwer says the company is still working on the interoperability features and the level of support it will make available for companies wanting to integrate with it. “Nobody quite knows how this works,” Brouwer says. “We have no idea what the demand is.” However, he says, the decision was made to use WhatsApp’s existing architecture to run interoperability, as it means that it can more easily scale up the system for group chats in the future. It also reduces the potential for people’s data to be exposed to multiple servers, Brouwer says.

Ultimately, interoperability will evolve over time, and from Meta’s perspective, Brouwer says, it will be more challenging to add new features to it quickly. “We don't believe interop chats and WhatsApp chats can evolve at the same pace,” he says, claiming it is “harder to evolve an open network” compared to a closed one. “The second you do something different—than what we know works really well—you open up a wormhole of security, privacy issues, and complexity that is always going to be much bigger than you think it is.”

WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

“If molecules really were the new microchips, the promise of remote gene editing was that the body could be manipulated to upgrade itself.” An exclusive excerpt from 2054: A Novel.

2054, Part II: Next Big Thing

The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members.
"The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken said. "Such targeting has been

The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members.

"The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken said. "Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases."

The latest measures, underscoring continued efforts on part of the U.S. government to curtail the proliferation of surveillance tools, are designed to "promote accountability" for individuals involved in commercial spyware misuse.

The new policy covers people who have used such tools to "unlawfully surveil, harass, suppress, or intimidate individuals," as well as those who stand to financially benefit from the misuse.

It also includes the companies (aka private sector offensive actors or PSOAs) that develop and sell the spyware to governments and other entities. It's currently not clear how the new restrictions will be enforced for individuals who possess passports that don't require a visa to enter the U.S.

However, CyberScoop notes that executives potentially affected by the ban would no longer be eligible to participate in the visa waiver program, and that they would need to apply for a visa to travel to the U.S.

The development comes days after Access Now and the Citizen Lab revealed that 35 journalists, lawyers, and human-rights activists in the Middle Eastern nation of Jordan were targeted with NSO Group's Pegasus spyware.

In November 2021, the U.S. government sanctioned NSO Group and Candiru, another spyware vendor, for developing and supplying cyber weapons to foreign governments that "used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."

Then early last year, U.S. President Joe Biden signed an executive order barring federal government agencies from using commercial spyware that could pose national security risks. In July 2023, the U.S. also placed Intellexa and Cytrox on a trade blocklist.

According to an intelligence assessment released by the U.K. Government Communications Headquarters (GCHQ) in April 2023, at least 80 countries have purchased commercial cyber intrusion software over the past decade.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy.
Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called **VajraSpy**.

Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between April 2021 and March 2023.

"VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code," security researcher Lukáš Štefanko said. "It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera."

As many as 148 devices in Pakistan and India are estimated to have been compromised in the wild. The malicious apps distributed via Google Play and elsewhere primarily masqueraded as messaging applications, with the most recent ones propagated as recently as September 2023.

*   Privee Talk (com.priv.talk)
*   MeetMe (com.meeete.org)
*   Let's Chat (com.letsm.chat)
*   Quick Chat (com.qqc.chat)
*   Rafaqat رفاق (com.rafaqat.news)
*   Chit Chat (com.chit.chat)
*   YohooTalk (com.yoho.talk)
*   TikTalk (com.tik.talk)
*   Hello Chat (com.hello.chat)
*   Nidus (com.nidus.no or com.nionio.org)
*   GlowChat (com.glow.glow)
*   Wave Chat (com.wave.chat)

Rafaqat رفاق is notable for the fact that it's the only non-messaging app and was advertised as a way to access the latest news. It was uploaded to Google Play on October 26, 2022, by a developer named Mohammad Rizwan and amassed a total of 1,000 downloads before it was taken down by Google.

The exact distribution vector for the malware is currently not clear, although the nature of the apps suggests that the targets were tricked into downloading them as part of a honey-trap romance scam, where the perpetrators convince them to install these bogus apps under the pretext of having a more secure conversation.

This is not the first time Patchwork – a threat actor with suspected ties to India – has leveraged this technique. In March 2023, Meta revealed that the hacking crew created fictitious personas on Facebook and Instagram to share links to rogue apps to target victims in Pakistan, India, Bangladesh, Sri Lanka, Tibet, and China.

It's also not the first time that the attackers have been observed deploying VajraRAT, which was previously documented by Chinese cybersecurity company QiAnXin in early 2022 as having been used in a campaign aimed at Pakistani government and military entities. Vajra gets its name from the Sanskrit word for thunderbolt.

Qihoo 360, in its own analysis of the malware in November 2023, tied it to a threat actor it tracks under the moniker Fire Demon Snake (aka APT-C-52).

Outside of Pakistan and India, Nepalese government entities have also been likely targeted via a phishing campaign that delivers a Nim-based backdoor. It has been attributed to the SideWinder group, another group that has been flagged as operating with Indian interests in mind.

The development comes as financially motivated threat actors from Pakistan and India have been found targeting Indian Android users with a fake loan app (Moneyfine or "com.moneyfine.fine") as part of an extortion scam that manipulates the selfie uploaded as part of a know your customer (KYC) process to create a nude image and threatens victims to make a payment or risk getting the doctored photos distributed to their contacts.

"These unknown, financially motivated threat actors make enticing promises of quick loans with minimal formalities, deliver malware to compromise their devices, and employ threats to extort money," Cyfirma said in an analysis late last month.

It also comes amid a broader trend of people falling prey to predatory loan apps, which are known to harvest sensitive information from infected devices, and employ blackmail and harassment tactics to pressure victims into making the payments.

According to a recent report published by the Network Contagion Research Institute (NCRI), teenagers from Australia, Canada, and the U.S. are increasingly targeted by financial sextortion attacks conducted by Nigeria-based cybercriminal group known as Yahoo Boys.

"Nearly all of this activity is linked to West African cybercriminals known as the Yahoo Boys, who are primarily targeting English-speaking minors and young adults on Instagram, Snapchat, and Wizz," NCRI said.

Wizz, which has since had its Android and iOS apps taken down from the Apple App Store and the Google Play Store, countered the NCRI report, stating it's "not aware of any successful extortion attempts that occurred while communicating on the Wizz app."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.
Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.

Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary surveillanceware tool. The infections are estimated to have taken place from at least 2019 until September 2023.

"In some cases, perpetrators posed as journalists, seeking an interview or a quote from victims, while embedding malicious links to Pegasus spyware amid and in between their messages," Access Now said.

"A number of victims were reinfected with Pegasus spyware multiple times — demonstrating the relentless nature of this targeted surveillance campaign."

The Israeli company has been under the radar for failing to implement rigorous human rights safeguards prior to selling its cyber intelligence technology to government clients and law enforcement agencies for "preventing and investigating terrorism and serious crimes."

NSO Group, in its 2023 Transparency and Responsibility Report, touted a "significant decrease" in reports of product misuse during 2022 and 2023, attributing the downturn to its due diligence and review process.

"Cyber intelligence technology enables government intelligence and law enforcement agencies to carry out their basic duties to prevent violence and safeguard the public," the company noted.

"Importantly, it allows them to counter the widespread deployment of end-to-end encryption applications by terrorists and criminals without engaging in mass surveillance or obtaining backdoor access to the devices of all users."

It further sought to "dispel falsehoods" about Pegasus, stating it is not a mass surveillance tool, that it's licensed to legitimate, vetted intelligence and law enforcement agencies, and that it cannot take control of a device or penetrate computer networks, desktop or laptop operating systems.

"It is technologically impossible for Pegasus to add, alter, delete, or otherwise manipulate data on targeted mobile devices, or perform any other activities beyond viewing and/or extracting certain data," NSO Group said.

Despite these assurances, the invasive spyware attacks targeting Jordan civil society members underscores the continued pattern of abuse that run counter to the company's claims.

Access Now said the victims' devices were infiltrated with both zero-click and one-click attacks using Apple iOS exploits like FORCEDENTRY, FINDMYPWN, PWNYOURHOME, and BLASTPASS to breach security guardrails and deliver Pegasus via social engineering attacks.

The attacks were characterized by the propagation of malicious links to victims via WhatsApp and SMS, with the attackers posing as journalists to increase the likelihood of success of the campaign.

The non-profit further said that enabling Lockdown Mode on the iPhones likely prevented some of the devices from being re-infected again with the spyware. It also called on world governments, including Jordan's, to halt the use of such tools and enforce a moratorium on their sale until adequate countermeasures are adopted.

"Surveillance technologies and cyberweapons such as NSO Group's Pegasus spyware are used to target human rights defenders and journalists, to intimidate and dissuade them from their work, to infiltrate their networks, and to gather information for use against other targets," Access Now said.

"The targeted surveillance of individuals violates their right to privacy, freedom of expression, association, and peaceful assembly. It also creates a chilling effect, forcing individuals to self-censor and cease their activism or journalistic work, for fear of reprisal."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

By Waqas
It's crucial to note that this sale of compromised AnyDesk accounts isn't connected to the security breach incident disclosed by the company on February 2, 2024.
This is a post from HackRead.com Read the original post: Thousands of Stolen AnyDesk Login Credentials Sold on Dark Web

Cybersecurity researchers have identified multiple threat actors on a Russian language dark web forum actively selling AnyDesk accounts, ranging from 18,000 to 30,000 accounts.

On February 2, 2024, AnyDesk, a popular remote desktop application, disclosed a security breach incident involving unauthorized access to its production systems by unknown hackers.

Now, in its latest blog post published on Sunday, February 4, 2024, cybersecurity researchers at Resecurity disclosed alarming findings: multiple threat actors are selling compromised AnyDesk login credentials on both the clear web and the dark web.

It’s crucial to note that the sale of AnyDesk credentials on the dark web is separate from the recent security breach. According to Resecurity, the stolen login credentials being sold are a result of infostealing malware infecting PCs to harvest sensitive information.

This parallels a similar incident in June 2023, where hackers were found selling 100,000 ChatGPT login accounts. These accounts were obtained through devices infected with Raccoon, Vidar, and Redline malware worldwide.

According to Resecurity’s blog post, researchers have identified a threat actor operating under the alias “Jobaaaaa,” who has been observed selling 18,317 compromised AnyDesk accounts. These accounts are being offered for sale for $15,000 worth of Bitcoin (BTC) or Monero (XMR) cryptocurrency, with transactions facilitated through escrow services.

AnyDesk accounts being sold – Screenshot translated from Russian to English by Hackread.com using Yandex AI translator (Credit: Resecurity)

However, Alon Gal of Hudson Rock has countered Resecurity’s findings, stating that the threat actor is actually selling over 30,000 AnyDesk accounts. Despite this difference, the use of Escrow—a trusted third-party payment service—by the hacker adds a level of credibility to the offer.

These compromised AnyDesk accounts are being marketed on Exploitin, a cybercrime and hacker forum accessible on both the clear and dark web and primarily operating in Russian. This forum has gained notoriety for facilitating various cybercrimes, including exploiting vulnerabilities, selling databases, and leaking sensitive information.

Interestingly, it’s the same platform where administrators of the Genesis cybercrime market acknowledged the seizure of their clear web domain in April 2023.

****Timestamp Disaster****

Resecurity’s latest revelation centers on the timestamps related to the sale of compromised accounts. The timestamps visible on the shared screenshots illustrate instances of successful unauthorized access on February 3, 2024, after the disclosure of the security incident.

Furthermore, researchers have verified that the compromised accounts include those of both individual users and enterprises. This highlights the potential for a significant disaster for organizations and unsuspecting users if these accounts fall into the wrong hands. As a precautionary measure, it is crucial for all AnyDesk users, irrespective of their location, to promptly change their passwords.

The screenshot shared by the threat actor with Resecurity displays recent successful login sessions from the AnyDesk accounts currently being sold on the dark web forum.

****The potential impact****

The potential impact, whether on an individual or enterprise, would be devastating. Here’s what could happen if a functioning AnyDesk account for either an individual or an enterprise falls into the hands of a malicious threat actor:

****For Individual****

*   **Financial Loss:** Hackers could use stolen credentials to make fraudulent transactions, steal money from linked accounts, or commit financial extortion.
*   **Data Theft:** Personal data like documents, photos, and browsing history could be stolen and sold or used for identity theft.
*   **Identity Theft:** Hackers could impersonate the individual online or over the phone to steal their identity or commit other crimes.
*   **Reputational Damage:** Stolen accounts could be used to spread misinformation or engage in other harmful activities, damaging the individual’s reputation.
*   **Operational Disruption:** Individuals might lose access to important accounts or data if hackers change passwords or lock them out.

****For enterprises:****

*   **Financial Losses:** Businesses could suffer financial losses due to fraud, data breaches, and ransomware attacks.
*   **Data Theft:** Sensitive business data, trade secrets, and customer information could be stolen and sold or used for competitive advantage.
*   **Employee Impersonation:** Hackers could impersonate employees to gain access to sensitive systems or data.
*   **Reputational Damage:** Data breaches and other security incidents can damage a company’s brand image and customer trust.
*   **Operational Disruption:** Stolen credentials could be used to disrupt business operations, causing productivity loss and downtime.
*   **Ransomware Attacks:** Hackers could encrypt data and demand a ransom payment to decrypt it.

**What Should Victims Do?**

Here are some steps that individuals and enterprises can take to protect themselves:

*   **Change passwords immediately:** If you think your AnyDesk credentials might be compromised, change your password immediately and enable two-factor authentication if available.
*   **Be cautious of phishing emails:** Don’t click on links or open attachments in suspicious emails, even if they appear to be from AnyDesk.
*   **Report suspicious activity:** If you see any suspicious activity on your AnyDesk account, report it to AnyDesk immediately.
*   **Use strong passwords:** Use strong, unique passwords for all your online accounts, and avoid using the same password for multiple accounts.
*   **Enable two-factor authentication:** Two-factor authentication adds an extra layer of security by requiring a second factor, such as a code from your phone, to log in.
*   **Stay informed:** Keep yourself informed about the latest security threats and best practices.

Nevertheless, regardless of your location or whether you recently changed your AnyDesk account password, it’s critical to change the password once again immediately. The timestamps of login sessions from these accounts authenticate their legitimacy.

1.  **New Windows Infostealer ‘ExelaStealer’ Sold on Dark Web**
2.  **Thousands of Dark Web Posts Expose ChatGPT Abuse Plans**
3.  **360m WhatsApp Records Shared on Telegram and Dark Web**
4.  **Cloudflare Hacked After State Actors Leverages Okta Breach**
5.  **TeamViewer Used to Obtain Remote Access, Deploy Ransomware**

Tag

#sap