Liquidation of Cryptomixer, new blockings in Russia, and other cybersecurity events - ForkLog: cryptocurrencies, AI, singularity, future

# Cryptomixer Liquidation, New Bans in Russia, and Other Cybersecurity Events

We have collected the most important cybersecurity news from the past week.

• Law enforcement destroyed a crypto scam network.
• 25 million euros in bitcoin seized from Cryptomixer.
• Two zero-day vulnerabilities patched in Android.
• Researchers exposed fake YouTube and TikTok apps stealing data.

Law Enforcement Destroyed a Crypto Scam Network

As part of a large-scale international operation, law enforcement uncovered a major network of fraudsters suspected of laundering over 700 million euros, according to Europol.

On October 27, police conducted the first phase of coordinated raids in Cyprus, Germany, and Spain at the request of French and Belgian authorities. Nine people were arrested on charges of laundering funds obtained from fraudulent platforms. Authorities seized:

• 800,000 euros in bank accounts;
• 415,000 euros in cryptocurrency;
• 300,000 euros in cash.

Source: Europol. The second phase took place on November 25-26 and targeted affiliated marketing operations that lured victims using deepfake videos. The scammers impersonated well-known media, celebrities, and politicians. Investigative actions were carried out by authorities in Belgium, Bulgaria, Germany, and Israel.

25 Million Euros in Bitcoin Seized from Cryptomixer

Europol, together with Swiss and German authorities, took down the Cryptomixer service and seized more than 25 million euros in bitcoin, according to a press release.

During the operation in Zurich, Switzerland, over 12 TB of data, three servers, and the domain cryptomixer.io were confiscated.

Source: Europol. According to Europol, Cryptomixer was a hybrid mixer with public access. User funds were pooled together for a long and random period before being distributed to final addresses.

Law enforcement believes that since its creation in 2016, more than 1.3 billion euros in bitcoin have passed through the service. They claim Cryptomixer enabled the concealment of criminal proceeds for ransomware groups, dark web forums, and darknet marketplaces.

Two Zero-Day Vulnerabilities Patched in Android

A new Android update fixed 107 vulnerabilities in versions 13 through 16, according to the monthly security report.

Most of them were rated high severity, with several posing particular threats.

Four critical vulnerabilities affect the Android kernel. An attacker exploiting any of these could gain elevated privileges or access to a compromised device.

Another critical issue is tied to the Android Framework—a component that enables apps to interact with key system services. In this case, an attacker could execute a remote “denial of service” attack, temporarily disabling the device.

According to the US Cybersecurity and Infrastructure Security Agency, two high-level vulnerabilities may have already been used in targeted attacks.

Researchers Exposed Fake YouTube and TikTok Apps Stealing Data

Attackers are disguising an Android banking trojan as premium and “18+” versions of popular apps, including YouTube and TikTok, according to F6 experts.

A network of malicious sites masquerades as popular foreign video hosting brands, access to which is restricted in Russia. Fake apps with names like TikTok 18+, YouTube Max, and YouTube Boost promise “working with poor internet and ad-free content viewing.”

Source: F6. Hackers disguise malware as navigation apps, online police patrol post maps, and a fine payment app.

Source: F6. According to experts, to access pirated content, the scammers’ software prompts users to download and install a malicious APK file. The trojan can read and send SMS, make calls, collect contact and installed app information, obtain network data, and auto-launch when the device is turned on.

As a result, attackers gain full control over the device: they can monitor victim activity, secretly transmit data, and act on the user’s behalf. The ultimate goal of these attacks is financial data theft.

All domains involved in the malicious campaign are currently blocked, but experts warn that attackers may create new ones and continue their activities.

Hackers Arrested in Korea on Suspicion of Selling Content From Hacked Cameras to Adult Site

The South Korean National Police arrested four people suspected of hacking over 120,000 IP cameras nationwide and selling stolen video recordings to a foreign adult website.

Police are cracking down on consumers of illegally obtained content—three people have been arrested and face up to three years in prison. Authorities stated they are working with foreign agencies to identify the site’s operators and shut down the platform.

According to the report:

• Suspect B (unemployed)—hacked 63,000 IP cameras and produced and sold 545 illegal videos with intimate content worth $23 800 in virtual assets;
• Suspect C (office worker)—hacked 70,000 IP cameras with 648 videos ($12 300);
• Suspect D (self-employed)—hacked 15,000 IP cameras and created illegal content, including material involving minors;
• Suspect E (office worker)—hacked 136 IP cameras.

According to investigators, just suspects B and C accounted for 62% of all content uploads to the site last year.

Another Wave of Popular App Blocks in Russia

In early December, Roskomnadzor (RKN) blocked several popular apps. The gaming platform Roblox was the first to be restricted, reports Interfax.

The reason cited was alleged materials promoting extremism and terrorism. On December 4, it was reported that FaceTime (audio and video call app) and Snapchat (photo and video sharing service) were also blocked. In every case, the agency referred to their use for illegal purposes.

Also on ForkLog:

• ZachXBT reported the arrest of a suspect in the theft of 4,100 BTC from Genesis lender.
• Mining equipment worth $8.6 million was seized in Thailand.
• ViaBTC explained the reasons for restricting account access.
• AI models managed to “hack” smart contracts for $550.1 million.
• Darknet platform Huione Pay suspended operations.
• DeFi project Yearn Finance was hacked for $9 million.

What to Read This Weekend?

In a new ForkLog article, Anatoly Kaplan speculates on the potential for numerous Bitcoin hard forks as a result of hybrid wars between superpowers.