cybersecurity

На 13 000+ устройствах обнаружили вредонос Keenadu, который был встроен прямо в системную прошивку. Не APK из левого Telegram-канала, а код внутри системы.
Что он может:
▪️ Полный контроль над устройством
▪️ Заражение приложений, включая криптокошельки
▪️ Установка APK с автоматической выдачей всех разрешений
▪️ Отслеживание действий даже в режиме инкогнито
🦠 И самое неприятное — эксперты нашли его следы в системных модулях, связанных с разблокировкой по лицу. Это уже не просто кража крипты, а риск утечки биометрии.
🏭 Как это происходит?
Проблема — в «цепочке поставок». Вредонос внедряют на этапе разработки или сборки:
▪️ заражаются библиотеки кода
▪️ ломаются серверы обновлений на заводах
▪️ аутсорс-сборщики заливают «модифицированный» Android
📦 Отдельный риск — перекупы, которые вскрывают коробки для «русификации» или установки обязательного софта. Вместе с локализацией можно получить и бонусный троян.
🇨🇳 Любопытная деталь: вирус отключается, если обнаруживает китайский язык в системе. Система «свой-чужой» работает безошибочно.
Вывод простой:
холодный кошелёк бессмысленен, если само устройство уже заражено.
Проверяйте прошивку, избегайте «серых» поставок и не ставьте APK из непонятных источников.
#Android #CyberSecurity #CryptoSecurity #malware #MISTERROBOT
Подписывайтесь — цифровая гигиена важнее хайпа.

There’s a silent war happening behind the screens we stare at every day. It doesn’t make noise like the old crimes did. It moves through cables, hides inside code, spreads across borders in seconds. And for years, the biggest challenge wasn’t catching criminals. It was connecting the dots.

Now something is changing.

Binance has stepped into a different kind of spotlight — not one about trading volumes or market cycles — but about responsibility. About structure. About action. The idea is simple but powerful: when private intelligence and public enforcement move together with precision, cybercrime stops being invisible.

This is not just about research. It’s not about writing reports that gather digital dust. It’s about mapping criminal infrastructure so clearly that when the time comes, action is inevitable.

Imagine a global map, not of countries, but of connections. Fraud networks linked to payment routes. Malicious domains tied to wallet clusters. Communication channels traced back to operational hubs. Individually, these fragments look ordinary. Together, they reveal architecture. A system. A machine.

That machine is what structured cooperation is designed to dismantle.

Instead of working in isolation, security experts, analysts, and investigators collaborate with defined frameworks. Intelligence is reviewed, verified, refined. Patterns are studied. Infrastructure is identified. Weak points are exposed. When those weak points are struck, the ripple effect travels far beyond a single arrest.

The power of this approach lies in coordination. Timing matters. Accuracy matters more. Acting too early means tipping off criminals. Acting too late means victims multiply. Structured intelligence turns guesswork into strategy.

Binance’s role in this effort shows how a private company can contribute far beyond its platform. By sharing expertise in blockchain analysis, transaction tracing, and digital asset movement, it helps transform scattered data into actionable insight. Crypto is often misunderstood as anonymous chaos. In reality, it leaves trails. Clear ones. When analyzed correctly, those trails tell stories — and stories lead to accountability.

What makes this model different is that it doesn’t treat cybercrime as isolated incidents. It sees ecosystems. Criminal networks rely on infrastructure just like legitimate businesses do. Servers. Payment channels. Communication tools. Recruitment funnels. Disrupt the infrastructure and you disrupt the operation.

And disruption is not theoretical. Coordinated actions supported by structured intelligence have already led to large-scale takedowns, financial recoveries, and the identification of victims across multiple regions. That matters. Because behind every data point is a real person who lost something — money, trust, security.

This is where the narrative shifts.

For years, the conversation around crypto security focused on risk. Hacks. Exploits. Scams. But this cooperation model flips the script. It shows that the same transparency that criminals attempt to exploit can be used to expose them. The same speed that moves digital assets can accelerate investigations.

It is not about perfection. Cybercrime evolves. Tactics change. Technology adapts. But structure creates resilience. When intelligence sharing becomes organized rather than reactive, enforcement becomes proactive rather than defensive.

There is something powerful about seeing private expertise and public authority aligned with a shared goal. It sends a message beyond arrests and statistics. It signals maturity. It signals accountability. It signals that the digital economy is not a lawless frontier but a space capable of defending itself.

And perhaps the most important impact is invisible.

When criminals realize that their infrastructure can be mapped, that their networks can be visualized, that their transactions can be traced across layers, the illusion of safety cracks. Deterrence begins long before handcuffs.

The future of digital security will not be built by one entity alone. It will be built by frameworks that connect intelligence to action. Binance’s involvement in this evolving model shows that the private sector is no longer just reacting to threats. It is helping design the response.

In a world where crime moves at the speed of light, cooperation must move faster.

This is not just about technology. It is about trust.

And trust, once defended with structure and courage, becomes stronger than any hidden network operating in the dark.

#Binance
#CyberSecurity
#BlockchainSecurity
#DigitalTrust
#CryptoSafety

Google’s cybersecurity division Mandiant has issued a warning that threat actors linked to North Korea are increasingly incorporating AI-generated deepfake technology into sophisticated social engineering campaigns targeting cryptocurrency and fintech companies.
In a report released Monday, Mandiant detailed a recent investigation into a breach at a fintech firm attributed to UNC1069 — also known as “CryptoCore” — a threat cluster assessed to have strong ties to North Korea. The operation combined compromised Telegram accounts, fraudulent Zoom meetings, and a technique known as “ClickFix” to trick victims into executing malicious commands. Investigators also identified evidence that AI-generated video was used during the fake meeting to enhance the credibility of the impersonation.
Highly Targeted Social Engineering Campaigns
According to Mandiant, UNC1069 has expanded its focus beyond broad phishing campaigns to conduct highly personalized attacks aimed at organizations and individuals in the crypto ecosystem. Targets reportedly include software companies, blockchain developers, venture capital firms, and executive leadership teams.
The attack chain described in the report began when a victim was contacted via Telegram by what appeared to be a well-known crypto industry executive. However, the account had allegedly been compromised and was under attacker control. After establishing rapport, the attacker sent a Calendly scheduling link for a 30-minute meeting, redirecting the victim to a fraudulent Zoom session hosted on infrastructure controlled by the threat group.
During the call, the victim reportedly observed what appeared to be a recognizable crypto CEO on video — later assessed to be AI-generated deepfake content.
Shortly after the meeting began, the attackers claimed there were audio issues and instructed the victim to execute specific “troubleshooting” commands — a variation of the ClickFix technique. This action triggered the deployment of malware. Subsequent forensic analysis identified seven distinct malware families on the victim’s system, designed to steal login credentials, browser data, and session tokens for financial theft and further impersonation.
Escalation of Crypto Theft Linked to North Korea
The warning comes amid continued growth in crypto-related theft attributed to North Korean-linked actors. In mid-December, blockchain analytics firm Chainalysis reported that hackers associated with Pyongyang stole approximately $2.02 billion in digital assets in 2025 — a 51% increase compared to the previous year. The cumulative value of digital assets allegedly stolen by such groups is now estimated at around $6.75 billion, even though the total number of incidents has declined.
These figures suggest a shift toward fewer but more financially impactful operations.
Security analysts note that rather than relying on mass phishing emails, groups like CryptoCore are increasingly leveraging trusted communication channels — including messaging apps and video conferencing platforms — to exploit familiarity and professional trust. By embedding malicious activity within routine business interactions, attackers reduce visible red flags and increase the likelihood of success.
Deepfake and AI Amplify Impersonation Tactics
Fraser Edwards, Co-founder and CEO of decentralized identity company cheqd, stated that the incident reflects a broader evolution in cybercrime tactics, particularly as remote collaboration and virtual meetings become standard across the digital asset sector.
He emphasized that the effectiveness of such operations lies in their subtlety: familiar senders, recognizable meeting formats, and no obvious malicious attachments. Trust is established before technical safeguards have the opportunity to intervene.
According to Edwards, deepfake video is often introduced during escalation stages — such as live calls — where the visual presence of a familiar face can override suspicion triggered by unusual requests or technical disruptions. The objective is not prolonged interaction, but sufficient realism to prompt the target to take a critical action.
AI is also reportedly being used beyond video impersonation. Tools capable of drafting context-aware messages, mimicking tone, and replicating communication styles make fraudulent outreach significantly harder to detect. As AI agents become more integrated into daily workflows — sending messages, scheduling meetings, and acting on behalf of users — the potential scale of automated impersonation increases.
The Need for Default Security Infrastructure
Edwards argues that expecting individuals to reliably detect deepfakes is unrealistic. Instead, organizations should focus on strengthening default security systems, improving authentication layers, and clearly signaling content authenticity.
Rather than relying solely on user vigilance, experts recommend implementing multi-factor authentication, hardware security keys, session monitoring, and zero-trust frameworks — particularly for companies handling digital assets.
As AI capabilities advance, the line between authentic and synthetic communication continues to blur, creating new operational risks for crypto-native firms that rely heavily on digital trust.
This article is provided for informational purposes only and does not constitute investment advice. Readers should conduct their own research and assess risk before making any financial decisions.
Follow for more verified crypto security updates and institutional market insights.
#CryptoNews #CyberSecurity #Aİ