OneCoin Crypto Ponzi Scheme Used Fake Reviews to Improve Its Image

Research conducted by the Digital Forensic Research Lab (DFRLab) of the Atlantic Council think tank suggests that the infamous cryptocurrency-themed Ponzi scheme OneCoin used fake reviews on TrustPilot and Quora to lure investors.

According to a report published on Jan. 29, OneCoin received an anomalous number of five-star reviews on TrustPilot after the media started negatively covering OneCoin in October 2019.

OneCoin’s TrustPilot reviews over time

OneCoin’s TrustPilot reviews over time. Source: DFRLab

Per the report, of the 579 TrustPilot reviews of OneCoin,  90% were positive and about 400 of the five-star ratings were published in a single month. DFRLab states that OneCoin also received some one-star ratings, but those were by far outnumbered by positive reviews.

Signs of inauthentic activity

Researchers were unable to guarantee whether the accounts behind the reviews were inauthentic or automated due to TrustPilot’s design, but said that their activity was suspicious:

“October 2019 spike in five-star ratings, however, indicated an abnormal influx of favorable reviews just as OneCoin’s public relations and legal woes mounted. The possibility remains that the influx for both ratings and reviews was organic, though the timing and extreme bias was highly suspicious.”

DFRLab also found profiles praising OneCoin on question-answer platform Quora which showed “inauthentic behaviour, such as no profile pictures, no biographical information, inconsistent posting times, and an exclusive interest in OneCoin-related discussions.”

The researchers show one profile, in which the owner described herself as a “cryptocurrency expert and investor” but only answered questions about OneCoin. The account was active from January to March 2018, and its peak activity was when OneCoin was most active. The report reads:

“As OneCoin’s legal challenges mounted, the company’s pyramid marketing scheme garnered significant attention. Its digital marketing tactics, however, received considerably less scrutiny.”

OneCoin is one of the most well-known scams in the cryptocurrency space. The official OneCoin website only ceased operations in early December 2019. During the same month, the New York Southern District Court granted a continuance in the lawsuit against David Pike — the CFO of a private equity fund — over his alleged link to the scam.

Source Cointelegraph

Vinnik’s Children File a Complaint About Rights Violation to Greek Court

The lawyers for Alexander Vinnik, the alleged operator of defunct crypto exchange BTC-e, have filed a complaint alleging violation of Vinnik’s rights.

Written on behalf of Vinnik’s young children, the complaint has been filed with a Greek court to prevent the allegedly approaching criminal’s extradition to France and the United States.

Vinnik’s extradition from Greece was allegedly scheduled for last weekend

Timofey Musatov, the head of Vinnik’s legal representation alleges that Vinnik’s extradition had been scheduled for last weekend, Russian news agency RIA Novosti reported Jan. 17.

Musatov suggested that Vinnik’s extradition had been planned for this past weekend based on enhanced security of the hospital department, where the alleged Bitcoin (BTC) launderer was kept in solitary confinement. The lawyer said on Friday:

“What I saw in the hospital today clearly shows that there is a new group that is ready to get him out at any moment. They usually had 12-15 internal security officers, which are now joined by external security armed with grenades, assault rifles and everything […] Special forces are armed to the teeth everywhere, and this all concerns Vinnik. This is all very serious.”

Vinnik, who has been imprisoned for 30 months since he was arrested in Greece in July 2017, reportedly expects that he is going to be exploited in an information war against Russia, Musatov added.

Accused of operating an international crypto-related money laundering scheme that processed over $4 billion worth of capital flows, Vinnik publicly declared his innocence and even offered to help Russian President Vladimir Putin as a digital technology specialist. The alleged Bitcoin criminal, aka “Mr. Bitcoin,” previously argued that his rights were violated during his arrest in Greece and even went on a hunger strike in 2018 in order to “get a fair trial.”

Russia’s multiple attempts to prevent Vinnik’s extradition to other countries

The news comes against the backdrop of years of disagreement in regard to what jurisdiction should care about the Bitcoin laundering suspect. In mid-December 2019, the Ministry of Justice, Transparency and Human Rights of Greece reportedly decided to finally extradite Vinnik to France. This triggered frustration from the Russian government, which reportedly wants to bring Vinnik back.

Russia has not only filed a number of requests with Greek judicial authorities, but also sought help from the United Nations High Commissioner for Human Rights to bring the alleged criminal under its jurisdiction.

In November 2019, Vinnik’s mother Vera Vinnik appealed for his release, arguing that Greek authorities have shown “no mercy” despite his lawyers’ claim that hasn’t been charged with anything in Greece. According to the recent report by RIA Novosti, Vinnik’s mother has not been allowed to say goodbye to her son ahead of another legal bid to end his detention.

Source Cointelegraph

Canadian Teen Charged for $50 Million Cryptocurrency Theft

An eighteen-year-old from Montreal is facing four criminal charges connected to a $50 million SIM-swapping scam targeting cryptocurrency holders, Infosecurity Magazine reported on Jan. 17.

The hacker, Samy Bensaci, is accused by Canadian authorities of being part of a ring that stole millions of dollars in cryptocurrency from American and Canadian holders. The theft is said to have occurred in spring of 2018, with Québec police representative Hugo Fournier saying that the hackers were responsible for the theft of “$50 million from our neighbors to the south and $300,000 in Canada.”

Among the purported victims were Don and Alex Tapscott, renowned Canadian crypto entrepreneurs and co-authors of the book “Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World.”

Don Tapscott confirmed to The Star to have been targeted by the scheme, while denying that the hackers succeeded in stealing his funds:

“We can confirm that last year a hacker attempted steal crypto assets from our company and its employees. That attempt was unsuccessful. We cooperated with the police [and] have been impressed with their determination to bring those responsible to justice.”

Bersaci was arrested in Victoria, British Columbia in November 2019. The following month, he was released on a 200,000 Canadian dollar bail ($153,000) and prohibited from accessing any online-capable device, including gaming consoles, as well as owning or exchanging any form of cryptocurrency.

Infosecurity Magazine reports that many of the individuals supposedly targeted by the hackers had attended the Consensus conference in New York. Rob Ross, SIM-swapping victim and manager of, told Infosecurity Magazine that hackers spot targets during these events.

What is SIM-swapping?

A SIM-swapping attack occurs when the hackers are able to trick the telecom company to transfer the victim’s phone number to the attacker’s SIM card. Though it is possible to do this by impersonating the victim with the telecom’s customer service, the companies are plagued by insiders that use their access to facilitate this type of crime. With a SIM-swap, attackers can bypass most authentication and password recovery mechanisms that rely on phone numbers.

Cointelegraph previously reported many such cases, including an August 2018 victim who sued AT&T for its alleged negligence in preventing the thefts.

Source Cointelegraph

Ugandan Victims of Dunamiscoins Scam Petition Gov’t for Lost Investments

Over 5,000 victims of the alleged cryptocurrency pyramid scheme Dunamiscoins have petitioned the Ugandan Parliament asking to refund money lost in the scam.

Arthur Asiimwe, the leader of the petitioning group who presented the request to the Parliament’s speaker Rebecca Kadaga, claims that the government has licensed the alleged scam firm, according to an official announcement by the Parliament of Uganda on Jan. 16.

Dunamiscoins victims are not satisfied with investigation results

First spotted in early December 2019, Dunamiscoins is allegedly involved in defrauding over 10,000 people, causing them losses of around $2.7 million. The apparent scam company reportedly closed its offices just a month after opening, stealing money from its investors and employees after previously promising 40% returns on cash investments.

Asiimwe emphasized that the Ugandan government must be held liable for the Dunamiscoins incident:

“Government licensed this company and gave it a go ahead to work as a non-deposit taking financial institution; it carried out its duties as a micro finance company. They gave unrealistic bonuses.”

As two Dunamiscoins directors stood trial in early January, Asiimwe also pointed out that one of the key individuals behind the scam, Susan Awon, has still remained at large. The group leader expressed dissatisfaction with the status of the investigation, arguing that Ugandan authorities should take further steps to arrest the third director and refund the money.

Reports claim that the Ugandan President endorsed Dunamiscoins

Subsequently, Parliament’s speaker Kadaga promised to engage with the responsible state authorities in order to solve the issue. According to the official announcement by the Parliament, she said:

“Since you petitioned the President already, I will talk to him and invite the Minister of Finance, Uganda Micro Finance Regulatory Authority next week so we can forge a way forward.”

While Dunamiscoins victims apparently accuse their government of not taking necessary measures to prevent the scam, some media reports claim that Uganda’s President Yoweri Museveni endorsed the firm earlier. According to local news publication The Independent, the victims told Kadaga that their faith in the company was driven by the President’s endorsement alongside constant media adverts.

Meanwhile, Museveni has definitely taken a positive stance towards both blockchain technology and cryptocurrencies. Back in 2018, the President met with executives at major global crypto exchange Binance to discuss the developments in the industry.

Cointelegraph has contacted the President’s representatives for comment on the alleged endorsement of Dunamiscoins but has not received a response at press time. This article will be updated pending any new information.

Source Cointelegraph

US SEC Charges Convict and Associates for $30M Fraudulent ICO

The United States Securities and Exchange Commision has charged a group of criminals, who raised over $30 million through a fraudulent initial coin offering (ICO).

Per a Jan. 12 press release, the SEC charged convicted Boaz Manor, his business associate, and two companies, CG Blockchain Inc. and BCT Inc. SEZC, with violating the antifraud and securities registration provisions of the federal securities laws. Manor is a dual citizen of Canada and Israel. 

The entities allegedly raised more than $30 million in a fraudulent ICO, conducted with the objective to launch hedge funds testing technology to record transactions on blockchain.

In an effort to develop a “blockchain terminal”

The SEC’s complaint reads that between August 2017 and September 2018, the defendants promoted and sold digital asset securities in an effort to develop technologies for hedge funds. Manor misrepresented himself as “Shaun MacDonald,” an employee of his New Jersey-based associate Edith Pardo, an Israeli citizen, who allegedly ran the company.

At the time, the defendants claimed that they possessed 20 hedge funds testing technology to record transactions on blockchain, while in fact they only sent a prototype to a number of funds, which did not use it. Commenting on the matter, Joseph G. Sansone, chief of the SEC’s Market Abuse Unit, said:

“As alleged in our complaint, Manor’s brazen scheme to conceal his identity and criminal history deprived investors of essential information and allowed defendants to take over $30 million from investors’ pockets.”

The SEC’s requirements

Also today, the U.S. Attorney’s Office for the District of New Jersey announced criminal charges against Manor and Pardo, in a parallel action.

The SEC thus seeks disgorgement of illegally obtained profits plus interest, penalties, and injunctive relief, as well as bars Manor and Pardo from acting as officers or directors of public companies and from participating in future securities offerings.

As Contelegraph previously reported, Manor received a four-year prison sentence in Canada in 2012 for siphoning $106 million from a Toronto-based hedge fund that he co-founded. The Canadian fund reportedly had $800 million in assets under management at its peak from 26,000 investors.

On Jan. 14, the SEC sent out a warning from its Investor Education and Advocacy wing, urging citizens to be wary of initial coin offerings.

Source Cointelegraph

Thai Officials to Investigate Alleged Cryptocurrency Pyramid Scheme

A human rights lawyer representing victims of an alleged cryptocurrency pyramid scheme in Thailand is taking their case to the country’s Department of Special Investigation (DSI).

The Bangkok Post reported on Jan. 16 that roughly 20 victims, whose losses are alleged to total 75 million baht (~$2.5 million), are seeking to go beyond the investigations of local police in Thailand’s Krabi province given the gravity of the case. 

The DSI, a department of the Thai Ministry of Justice, works independently of the Thai Royal Police force and is tasked with the investigation of “special cases,” such as those involving organized criminal networks or cases tied to national security threats.

Eight percent weekly returns — until the check bounces

According to the report, the alleged pyramid scheme, dubbed “Khung Nong Cryptocurrency Trading,” operated in Krabi province in 2018. Promising returns of as high as 8% weekly, locals in the towns of Krabi, Trang, Yala, Pattani, and Narathiwat are reported to have sold off assets including private land, cars and motorcycles to raise the money for their investments.

Between October 2018 and February 2018, the scheme drew in more victims, until its operator abruptly stopped paying out dividends. One investor, Noopad Wachedi, said she had sold her land to raise the money needed to invest, and that the check given to her by Khung Nong Cryptocurrency Trading’s operators subsequently bounced.

Ms. Noopad claimed her recruiter had alleged her investment was being overseen by state officers; another victim, her relative, also alluded to a series of alleged tricks used to deceive investors.

Local heists

In fall 2019, Cointelegraph reported that Bangkok police had arrested a 48-year old man who had styled himself the “cryptocurrency wizard” over his alleged role in a 500 million baht ($16.3 million) crypto exchange fraud. 

The previous year, another illustrious local figure — the Thai soap-opera star Jiratpisit Jaravijit — was arrested for his alleged role in 797 million baht ($24.6 million) Bitcoin (BTC) investment heist, which he purportedly operated together with his siblings.

Source Cointelegraph

More Bitcoin Scam Ads With Martin Lewis on Instagram — Can We Get a Filter for That?

Suspected crypto con artists are once again using the likeness of British financial expert Martin Lewis to defraud unsuspecting victims. In 2019, Lewis settled a defamation suit against Facebook for similar Bitcoin (BTC) scam adverts.

Instagram says deceptive advertisements have no place on its platform and plans to continue improving its detection protocols for such content. Social platforms have been known to censor crypto-related content, instituting blanket bans on crypto ads on several occasions.

However, Facebook has recently relaxed this policy amid the roll-out of its own digital currency project. The social media giant is one of the main backers of the Libra Association, which plans to release the Libra digital currency payment solution.

While many of these fraudulent crypto investments use fake endorsements, there are also cases where well-known crypto figures publicize such cons as legitimate investments. The presence of such backing seemingly provides legitimacy for otherwise obvious scams that end up siphoning millions of dollars from unsuspecting victims.

Suspected crypto con artists using fake endorsement from Lewis

As previously reported by Cointelegraph, Bitcoin scam ads touting false endorsements from Martin Lewis are appearing once again on social media. Retweeting the scam ads now appearing on Instagram, Lewis warned the public to not fall victim to such obvious cons.

The misleading adverts show a fake article from British tabloid Mirror with the title, “Martin Lewis lends a hand to British families with Revolutionary Bitcoin Home Based Opportunity.” No such article exists on Mirror, with the media outlet issuing warnings about similar phony content as far back as August 2018.

The particular scam in question was red-flagged in late 2019. In an email to Cointelegraph, a spokesperson for Facebook, the parent company of Instagram, explained that the platform has a zero-tolerance policy for scam ads. According to the company spokesperson:

“Misleading or deceptive ads of any kind, have no place on Instagram. Our Advertising Policies do not allow scam ads, and when we detect an ad that violates our Advertising Policies, we disapprove it. All ads are subject to our ad review system, which relies primarily on automated, and in some cases manual review to check ads against these policies. This happens before ads begin running.”

The Facebook representative further went on to state that while some misleading content may slip through the cracks, platform users should report such ads: 

“We incorporate signals of negative feedback from people, such as people reporting, hiding, or blocking an ad, into our ongoing review process. When we find ads that try to get around our enforcement, we go beyond simply rejecting the ad. We disable ad accounts and remove their ability to advertise in the future.”

Not Lewis’s first brush with Bitcoin scam ads on social media

Back in 2018, Lewis sued Facebook following the emergence of more than 1,000 scam ads featuring the financial expert. In 2019, the two parties settled the suit, with Facebook pledging to donate $3.9 million to Citizens Advice — a Scams Action service for the United Kingdom.

The social media giant also agreed to create a unique tool for reporting scam ads in the U.K. Commenting at the time, Lewis remarked:

“It shouldn’t have taken the threat of legal action to get here. Yet once we started talking, Facebook quickly realised the scale of the problem, its impact on real people, and agreed to commit to making a difference both on its own platform and across the wider sector.”

Lewis isn’t the only person to sue Facebook because of Bitcoin scam ads. Back in mid-2019, Dutch billionaire John De Mol took legal action against the social media company over fraudulent cryptocurrency adverts using his image without permission.

Related: Dutch Billionaire Yet Another Victim of Deceptive Crypto Ads, Sues Facebook

At the time, De Mol argued that the scam ads were damaging to his reputation and had defrauded victims of close to $2 million. The court sided with the Big Brother reality show creator, ruling that Facebook must make efforts to remove such content or face significant monetary fines.

Scams featuring other public figures such as Tesla CEO Elon Musk, Ethereum Co-Founder Vitalik Buterin, British actress Kate Winslet and Australian business mogul Andrew Forrest have also emerged in the past. Each ad campaign typically attempts to use the images of these well-known people to trick uninformed investors into putting money (or crypto deposits) into an elaborate scam.

Is Facebook liable for damages caused by misleading content?

According to Alex Nguyen, founding partner at XNOVO legal — a firm specializing in contracts and business structuring litigation — holding social media platforms like Facebook liable for content published by users constitutes a slippery slope. In a private correspondence with Cointelegraph, Nguyen opined:

“Subjecting the most ubiquitous social media platforms to secondary liability for their users’ illegal content or conduct is an arduous uphill battle, largely due to the broad application of the Communications Decency Act (‘CDA’) created by the Telecommunications Act of 1996. The CDA allows a social media platform to avoid secondary liability for a user’s illegal content if a third party user originated the illegal content and the social media platform and its services merely served as a ‘neutral tool’ for creating such content.” 

Nguyen argues that a court could include scam ads under the broad umbrella of third-party content. Thus, it is possible to liberally apply the protection afforded by the CDA to fraudulent cryptocurrency advertising.

Apart from crypto scam ads, social media platforms have also come under criticism for allowing or failing to prevent the spread of misleading information, especially in the political scene. Facebook, in particular, continues to face backlash for its policies concerning political ads.

As is the case with crypto ads, it appears the burden of confirmation rests with users and not with the content creators or publishers. Thus, it is of paramount importance for consumers of information to do their own research and not take all information found online as gospel truth.

Can social media networks ensure zero misleading content on their platforms?

Reactions to the court ruling in the De Mol case raised questions about whether social media platforms like Facebook are fighting a losing battle against creators and publishers of misleading content. Facebook’s attorney, Jens van den Brink speaking to Bloomberg following the trial’s close quipped: “De Mol seeks a perfecting filter that doesn’t exist.”

Even with enduring blanket bans on crypto-related advertisements, scammers are still able to publish deceptive investment content on social media platforms. This reality points to the possibility that the filters employed by Facebook and others are ill-suited to completely eradicating all instances of scam ads.

As revealed by Facebook in its email to Cointelegraph, the company employs both automated and manual content review protocols. However, scammers are seemingly able to game these control systems, enabling their misleading content to find its way online. Facebook says it is taking steps to block fraudsters from publishing content on its platform. 

For Vikram Singh, managing director of enterprise blockchain firm Antier Solutions, fraudsters will always find a way to bypass social media filters. In an email to Cointelegraph, Singh remarked:

“It cannot be overlooked that there are always ways around whereby changing some different terminology you can still bypass computerized algorithms. So in my opinion it is more of a case of when people get lured by immediate gains and which can happen in any industry so curtailing cryptos for the same can eventually become a roadblock in adoption and awareness of crypto and blockchain looking at the outreach of Facebook and Insta.”

XNOVO’s Nguyen, however, believes that Facebook and other social media platforms could do more to stop the spread of misleading content. According to Nguyen, the current terms of use on social media platforms leads to termination of the account, which is not enough:

“I think social media platforms are in the best position to implement better policies to identify and curb the continued proliferation of false or fraudulent cryptocurrency-related advertising ex ante, especially given their unfettered access to a tremendous amount of data, technologies (e.g. artificial intelligence and machine learning) to make sense of all that data, and limitless resources.”

Are “crypto celebs” contributing to the investment scam issue?

Concerning fact-checking, endorsements by seemingly “trusted” individuals in an industry can sometimes provide legitimacy for the published piece of information, especially when the end-user does not possess sufficient knowledge about the sector in question. Thus, it becomes an even greater problem when well-known personalities contribute to the spread of misleading content by providing backing.

While there are crypto scam ads with fake celebrity endorsements, there are also fraudulent advertisements promoted by “crypto celebs.” In late December 2019, a suspected Bitcoin scammer dubbed “LÈON” orchestrated an exit scam after defrauding victims of about 53 BTC (currently worth $424,000).

Before the exit scam, some popular crypto personalities endorsed LÈON’s investment program via tweets and retweets. Following LÈON’s alleged abscondment, some earlier backers deleted tweets promoting the scam.

“Fraud has more to do with ignorance and lack of knowledge than any social media channel as a medium. Most of these cases occur to users who lack specialized expertise necessary to distinguish legitimate from an illegitimate offer,” remarked Singh. Given the similarities in the scams adopted by these suspected crypto fraudsters, consumers need to employ more research, critical thinking and due diligence when making investment decisions.

Source Cointelegraph

Analytics Firm Training Students to Detect Cryptocurrency Scams

Cryptocurrency analytics firm CipherTrace has launched “Defenders League,” a program designed to provide students with the training and tools necessary to investigate crypto-related scams. 

On Jan. 13 CipherTrace announced partnerships with the Middlebury Institute of International Studies at Monterey, Middlesex University London, and the Blockchain Acceleration Foundation (BAF). The Defenders League will initially consist of graduate students from Middlebury and Middlesex, along with BAF students at nine universities located across California.

CipherTrace’s chief financial analyst, John Jeffereies, told Cointelegraph that the Defenders League’s objective is to make the crypto economy safer for consumers and investors.

CipherTrace reported that the cost of thefts, scams and fraud has already reached over $4 billion by the end of Q3 2019, emphasizing the urgent need for proper solutions to be brought to market to combat crypto crime and protect individual investors. Jefferies said:

“Together, the collaborating entities will empower students with training and tools to investigate crypto-related scam and fraud cases, helping to make the crypto economy safer for everyone.”

A free training program for students

According to Jefferies, CipherTrace will train and certify students to use its financial investigation software. The software is used to detect money laundering, power law enforcement investigations and enable regulatory supervision. 

CipherTrace is providing a $4.3 million grant to the Defenders League to help students visualize blockchain interactions, allowing them access to the CipherTrace data visualization tool, which is a standard component of the software.

Jefferies explained that students in the Defenders League will have complete access to the professional version of the company’s software – CipherTrace Investigator Plus – that supports over 800 tokens:

“With access to the full suite of CipherTrace tools, certified students will be able to trace funds lost in cryptocurrency fraud and theft.” 

Jefferies mentioned that students in the training program will receive class credit while providing services to help recover “small” losses that are typically too small for law enforcement officials to investigate. CipherTrace’s director of investigations and education, Pam Clegg, said:

“We’ve experienced a significant increase in requests for investigative and analytic support for fraud and theft cases. The CipherTrace Defenders League will be an elite corps of blockchain knowledgeable students who can conduct smaller-scale investigations. Their objective will be to produce actionable intelligence and evidence that can be used to recover stolen funds and ultimately prosecute those criminal actors responsible for the losses.”

Moving forward, Jefferies told Cointelegraph that CipherTrace is working on an initiative to grant software licenses to researchers and instructors at other universities and even to the United Nations. He mentioned that CipherTrace, along with BAF, is actively discussing bringing several more institutions on board to join the Defenders League. BAF’s vice president, Piergiacomo Palmisani, told Cointelegraph:

“This is an incredible opportunity for students, who will have access to the same top notch tools used by CipherTrace employees. The Blockchain Acceleration Foundation will work closely with CipherTrace to ensure the success of this initiative at our partner universities and help expand the Defenders League to other schools in the country.”

In addition, CipherTrace will be offering free “CipherTrace Certified Examiner” (CTCE) one-day training events. Boot camps will take place in Monterey, London, Frankfurt, Singapore, San Francisco, Los Angeles and New York. 

According to Jefferies, these courses aim to provide attendees with the skills required to become expert cryptocurrency financial investigators. He also noted that remote training events will be available each month.

Not a recruiting tool

While CipherTrace’s Defenders League may seem like a useful recruiting tool, Jefferies said that this was not a motivating factor for developing the program. Rather, he explained that training students is a way to give back to the blockchain community: 

“CipherTrace Cryptocurrency Intelligence has the information, but our team doesn’t have the time to investigate each case. This is an opportunity for CipherTrace to give back to the blockchain community by helping to remove the taint of illicit finance, dark markets and scammers from virtual assets.”

While this may be, senior lecturer in digital forensics at Middlesex University London, Sukhvinder Hara, noted that the training CipherTrace provides will enhance their employment opportunities, stating, “Being the only UK university with commercial crypto investigation software enhances our students’ employability, particularly as they can certify as CipherTrace Certified Examiners.”

Source Cointelegraph

North Korean Hacker Group Modifies Crypto-Stealing Malware

The Lazarus hacker group, which is allegedly sponsored by the North Korean government, has deployed new viruses to steal cryptocurrency.

Major cybersecurity firm Kaspersky reported on Jan. 8 that Lazarus has doubled down its efforts to infect both Mac and Windows users’ computers.

The group had been using a modified open-source cryptocurrency trading interface called QtBitcoinTrader to deliver and execute malicious code in what has been called “Operation AppleJeus,” as Kaspersky reported in late August 2018. Now, the firm reports that Lazarus has started making changes to the malware.

Kaspersky identified a new macOS and Windows virus named UnionCryptoTrader, which is based on previously detected versions. Another new malware, targeting Mac users, is named MarkMakingBot. The cybersecurity firm noted that Lazarus has been tweaking MarkMakingBot, and speculates that it is “an intermediate stage in significant changes to their macOS malware.”

Researchers also found Windows machines that were infected through a malicious file called WFCUpdater but were unable to identify the initial installer. Kaspersky said that the infection started from .NET malware that was disguised as a WFC wallet updater and distributed through a fake website. 

The malware infected the PCs in several stages before executing the group’s commands and permanently installing the payload.

Attackers may have used Telegram to spread malware

Windows versions of UnionCryptoTrader were found to be executed from Telegram’s download folder, leading researchers to believe “with high confidence that the actor delivered the manipulated installer using the Telegram messenger.” 

A further reason to believe that Telegram was used to spread malware is the presence of a Telegram group on the fake website. The interface of the program featured a graphical interface showing the price of Bitcoin (BTC) on several cryptocurrency exchanges.

UnionCryptoTrader user interface screenshot

UnionCryptoTrader user interface screenshot. Source: Kaspersky

The windows version of UnionCryptoTrader initiates a tainted Internet Explorer process, which is then employed to carry out the attacker’s commands. Kaspersky detected instances of the malware described above in the United Kingdom, Poland, Russia and China. The report reads:

“We believe the Lazarus group’s continuous attacks for financial gain are unlikely to stop anytime soon. […] We assume this kind of attack on cryptocurrency businesses will continue and become more sophisticated.”

Lazarus has been known to target crypto users for a long time. In October 2018, Cointelegraph reported that the group had stolen a staggering $571 million in cryptocurrencies since early 2017.

In March 2019, reports by Kaspersky suggested that the group’s efforts in targeting cryptocurrency users were still ongoing and its tactics were evolving. Furthermore, the group’s macOS virus was also enhanced in October last year.

Source Cointelegraph

Directors of Alleged Crypto Pyramid Scheme Dunamiscoins Stand Trial

Two directors of Dunamiscoins, an alleged cryptocurrency pyramid scheme in Uganda, appeared before court on Monday to face 65 counts tied to obtaining money by false pretense.

Local news site The Observer reported on Jan. 8 that state prosecutors had logged over 4,000 complaints against Dunamiscoins Resources Ltd., a suspected fraud that ran its course between Feb. 2018 and Dec. 2019, before summarily collapsing. Inquiries are reportedly still ongoing.

The scheme is thought to have defrauded dozens of victims of up to around $37,600 by promising them extraordinary returns on their investments. 

Earlier reports dating to the time of the scheme’s collapse had claimed that as many as 10,000 people had been drawn in, resulting in $2.7 million in ill-gotten funds.

Suspects plead not guilty

According to the Observer, Samson Lwanga, 37, and Mary Nabunya, 53, both directors of the now-defunct Dunamiscoins Resources Ltd., pleaded not guilty to the charges. 

Lead complainant Haruna Asiimwe told reporters that he had been conned into investing money on the promise of a 30% interest earning within 21 days. Asiimwe, as others, was left empty-pocketed when the firm abruptly shuttered in early December of last year.

A statement issued in 2019 by the Uganda Police revealed that Dunamiscoins’ directors had claimed they were willing to refund investors but were unable to as their primary accounts at local banks had been frozen by the Financial Intelligence Authority.

Having been in police custody since their arrest on Dec. 10, both directors have now been remanded in Luzira prison until Jan. 22, when their case will come up for mention once more. 

Employees and investors left in the lurch

Cointelegraph reported on Dunamiscoins’ abrupt closure of its offices in Masaka in Dec. 2019, just one month after their opening. Local interviewees and witness claimed that the firm had not only defrauded investors but fleeced its employees of money paid for registration to the scheme as well.

Following his arrest, Lwanga had revealed that  most of the investors had deposited sums that ranging between $270 to $2,710.

In spring 2019, the deputy governor of the Bank of Uganda, Dr. Louis Kaskende, warned the public of the limited protections offered to them when they invest in unregulated cryptocurrencies.

Source Cointelegraph