The phishing “Y combinator” invites us to drain the crypto, the withdrawal of the largest SIM farm in America and other news from cybersecurity

The main cybersecurity developments of the week.

Blockchain developers have downloaded a cryptocurrency almost 8,500 times

Two malicious packages of the official repository for rust programming language scanned developers’ devices to steal cryptocurrency and sensitive information. Since May 25, 2025, they had been downloaded 8,424 times. Security researchers reported This on September 24.

Malware, faster_log and async_println, distributed via the crate.io register, the equivalent of NPM for JavaScript. They put the identity of the legitimate fast_log, copying its metadata as a reality and a repository. The impostor has even preserved the journalization function of the real project to reduce suspicion.

Malware has scanned the victim’s environment and the source project files for:

• hexadecimal channels resembling Ethereum private keys;
• Basic cides58 suggesting solana keys and addresses;
• Tables of bytes in parentheses that could hide seed sentences.

When a correspondence has been found, the code has exfiltrated the data to a coded URL.

The platform deleted the false packages and blocked the accounts of the authors the day it was informed.

A crypto drainer found in the invitations to the Combiner Y accelerator

A large phishing campaign has targeted GitHub users via cryptocurrency drainters delivered via false invitations to the Y-combinator start support program.

September 24 Bleeping Compompute said the attackers had abused shortage of the notification system to transmit fraudulent messages. They have created problems on several benchmarks and mentioned targeted users.

When a username is mentioned in GitHub problems, the platform automatically sends a notification. Because the message comes from a legitimate source, it landed directly in the reception box.

The attraction was an invitation to request an upcoming Funding Tour, a combinator with a fund of $ 15 million. In some benchmarks, up to 500 problems were opened by a user who had only registered only week earlier.

The recipients were invited to follow a phishing link. The false domain contained a barely noticeable strike fault (“L” instead of “I”). After clicking, JavaScript invited an crypto portfolio verification; The signature sparked malicious transactions that have drained the accounts.

Following complaints with Github, IC3 and Google Safecture, the fraudulent standards were deleted.

A new macos malware targets the cryptocurrency of developers

September 25, Microsoft Threat Intelligence has identified a new variant of XCSSET malware for MacOS, designed to steal notes, cryptocurrency and browser data with infected devices. He spreads by finding and infecting other projects in the XCODE development environment, by performing during the construction process.

“We believe that this method of infection and propagation is based on the sharing of project files between developers creating applications for Apple or MacOS”, “ The expert’s report indicates.

The researchers noted several changes in the new thief:

• A focus on the Firefox browser data and the installation of a modified version of HackbrowSerdata, which deciphers and exports store data;
• A macos updated macos piping hacker who analyzes regular expression models linked to cryptocurrency addresses;
• When a cryptographic wallet is detected, it is exchanged for a fraudulent.

American secret services dismantled the largest SIM farm near the UN headquarters

On September 23, American secret services announcement An operation in which the largest SIM farm in the history of the country has been found and neutralized.

According to The New York TimesThe investigation began after senior officials began to receive anonymous threat calls earlier this year. The victims included two White House employees and a secret service employee.

Over 300 SIM servers and 100,000 SIM cards have been entered. The farm operated 56 km from the UN headquarters, where the General Assembly met world leaders. The agents neutralized the farm a few hours before the session.

The farm capacity has enabled Spam to be sent to almost all American phone numbers in a few minutes, as well as to eliminate the entire national telecommunications network.

Investigators found safe houses rented in Armonk (New York), Greenwich (Connecticut), Queens (New York) and New Jersey. Agents also seized firearms, computers, mobile phones and 80 grams of cocaine.

The first tracks emerge in the attack on European airports

On September 24, a suspect in the distribution of ransomware which caused major disturbances in European airports was arrested.

A man was arrested in the United Kingdom by the NCA as part of an investigation into a cyber-incident with an impact on Collins Aerospace.

Read the full story ➡️ https://t.co/v70ullml4v@Southeastrocu pic.twitter.com/v2dl1st9Sc

– National Crime Agency (NCA) (@NCA_UK) September 24, 2025

The police said that the arrest had followed an investigation into a cyber attack that affected the environment of the multi-user system (MUS) of Collins Aerospace. The suspect was released on bond while waiting for the investigation.

The attack was detected on Friday, September 19, when the first reports of flight delays appeared. The affected hubs included London Heathrow, Brussels Airport, Dublin Airport, Berlin Brandenburg airport and others.

Interpol seizes $ 439 million in cryptocurrency and cash

In an international operation led by Interpol, the police seized Over $ 439 million in cash and cryptocurrency. Authorities believe that confiscated funds are linked to cybercrimes that have harmed thousands of victims worldwide.

The operation, named Haechi VI, took place from April to August with the authorities of 40 countries. Investigators seized 400 Crypto portfolios and blocked more than 68,000 associated bank accounts. About 16 million dollars were confiscated in cryptocurrencies.

As part of the operation, the Portuguese authorities arrested 45 suspects for illegal access to social security accounts. In addition, Royal Thailand police seized $ 6.6 million that an anonymous Japanese company had transferred to accounts controlled by a transnational criminal group of Thai and West African nationals.

Also on Forklog:

• The Defi Hypervault protocol “disappeared” with $ 3.6 million in cryptocurrency.
• Media: SEC and Finra have launched an investigation into DAT companies.
• The Ethereum co-founder has urged the replacement of closed systems in health care and finances with open solutions.
• The pirate who violated Uxlink became the victim of an attack.
• Bloomberg reported an Crypto.com breach previously not disclosed.
• The founder of Solana warned that the quantum threat to Bitcoin is real.

Нашли шибку В тексте? Выtern