Fake Tokens Exploit BRICS Investment Hype

A rising trend in cryptocurrency counterfeiting has been identified by security researchers, particularly targeting Fortune 100 companies.
According to a report published by Resecurity researchers today, these efforts involve the creation of tokens that impersonate major brands, government bodies and even national fiat currencies.
In decentralized finance and crypto, where rapid growth is prevalent, scammers are exploiting investor interest through fraudulent schemes like rug pulls and escaping with investments.
Established in 2006, the BRICS forum aims to enhance cooperation and collaboration among its member states on various economic, political and social issues.
Bad actors exploited geopolitical narratives, spreading misinformation about new countries joining the alliance and even suggesting a gold-backed currency initiative.
Leveraging the organization's global image, scammers conducted an initial coin offering to promote the fake token with various incentives.
Co, facilitating token creation on the Stellar network, have reportedly become hotspots for such fraudulent activities due to their flexibility, Resecurity said.
Similar counterfeit tokens impersonating significant entities, including oil corporations and national regulators, have also been identified and reported by the security company.
These scams often reference reputable organizations like the Monetary Authority of Singapore and Middle Eastern central banks.
Confirming Resecurity's findings, Solidus Labs recently reported that such scams had defrauded over 2 million investors, surpassing victims of major crypto failures like FTX, Celsius and Voyager.
These scams manifest primarily as DeFi scams, altering token smart contracts to defraud investors or as exit scams, betraying investors after extensive promotion.
The ease of accessibility for executing these scams, coupled with the low barrier to entry, poses significant challenges to the cryptocurrency landscape.
Resecurity called for heightened vigilance and robust regulatory frameworks to combat fraudulent activities.


This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 19 Feb 2024 16:30:19 +0000


Cyber News related to Fake Tokens Exploit BRICS Investment Hype

Investment Scams Grow, 13,000 Domains Detected in January 2024 - Internet security experts have detected and blocked nearly 13,000 fake investment platform domains across more than 7000 IPs in January 2024, a 25% increase from December 2023. The figure comes amid growing concerns over the escalating threat of ...
9 months ago Infosecurity-magazine.com
Why Tokens Are Like Gold for Opportunistic Threat Actors - COMMENTARY. Authentication tokens aren't actual physical tokens, of course. Authentication tokens are an important part of cybersecurity. Which means that anyone with a token has a gold key to corporate systems - without requiring a multifactor ...
7 months ago Darkreading.com
Fake Tokens Exploit BRICS Investment Hype - A rising trend in cryptocurrency counterfeiting has been identified by security researchers, particularly targeting Fortune 100 companies. According to a report published by Resecurity researchers today, these efforts involve the creation of tokens ...
10 months ago Infosecurity-magazine.com
Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
1 year ago Darkreading.com
Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
1 year ago Techtarget.com
Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
2 months ago Bleepingcomputer.com
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
2 months ago Hackread.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
Investors Put on High Alert After Zack Investment Research Data Breach - Investors faced a serious online security scare when Zack Investment Research, a private investment research firm, reported a data breach in June 2020. The breach resulted in the loss of personal and financial data belonging to thousands of ...
1 year ago Securityaffairs.com
Major Organizations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - AI cybersecurity startup Lasso has discovered more than 1,600 valid Hugging Face API tokens exposed in code repositories, providing access to hundreds of organizations' accounts. Leaked secrets, such as tokens, have long been the focus of ...
1 year ago Securityweek.com
What Is OAuth 2.0? - Scope of Access: Before OAuth, the meal planning app might have access to data that the user did not actually wish to share. No Way to Revoke Access: Before OAuth, the user could not easily restrict or revoke the meal planning app's access to their ...
11 months ago Feeds.dzone.com
US moves to recover $2.3 million from "pig butchers" on Binance - Pig butchering is a social engineering scam where fraudsters contact people on social media and messaging platforms to build trust. They eventually trick the person depositing cryptocurrency into fake investment sites, where the victim is deceived ...
9 months ago Bleepingcomputer.com
‘Pig butchering’ trading apps found on Google Play, App Store - Group-IB also warns that the UniShadow Trade apps can mimick a variety of legitimate cryptocurrency and trading platforms, providing the following extensive list with potential names that could be used in impersonation attempts. Fake trading ...
2 months ago Bleepingcomputer.com
From Implicit to Authorization Code With PKCE, BFF - Lack of Refresh Token Support occurs when there are no refresh tokens, and frequent requests for new tokens are necessary, increasing the chances of token leakage and misuse. The Implicit Flow had several security vulnerabilities, such as token ...
5 months ago Feeds.dzone.com
Hugging Face API tokens exposed, major projects vulnerable The Register - The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. Researchers at Lasso Security found more than 1,500 exposed API tokens on the open ...
1 year ago Go.theregister.com
Microsoft Invests €4.3 Billion In Italy For AI, Cloud | Silicon UK - Microsoft said that it’s data centre expansion in Northern Italy coupled with its commitment to provide extensive AI skills training, supports the rising demand for AI compute and cloud services across Italy as organisations look to boost ...
2 months ago Silicon.co.uk
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
10 months ago Bleepingcomputer.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
10 months ago Go.theregister.com
Google password resets not enough to stop this malware The Register - Security researchers say info-stealing malware can still access victims' compromised Google accounts even after passwords have been changed. Developers of infostealer malware - mainly targeting Windows, it seems - have steadily implemented the ...
11 months ago Go.theregister.com
820000 People Affected by Zack's Investment Research Breach: What Precautions You Should Take - On November 2021 nearly 820000 people have been affected by a data breach caused by Zack's Investment Research. Zack's Investment Research provides data on stocks, heavy traders, institutional investors and a countless number of financial documents. ...
1 year ago Therecord.media
Investment advisers pay $400K to settle 'AI washing' charges - The U.S. Securities and Exchange Commission announced today that two investment advisers, Delphia and Global Predictions, have settled charges of making misleading statements regarding the use of artificial intelligence technology in their products. ...
9 months ago Bleepingcomputer.com
Convincing LinkedIn 'Profiles' Target Saudi Workers for Information Leakage - Attackers have used hundreds of fake profiles on LinkedIn - many very convincing - to target professionals at companies in Saudi Arabia, not only for financial fraud, but to convince employees in specific roles to provide sensitive corporate ...
1 year ago Darkreading.com
Fake Browser Updates Used in Malware Distribution - Cybersecurity researchers from Proofpoint have identified a rising trend in threat activity that employs fake browser updates to disseminate malware. At least four distinct threat clusters have been tracked utilizing this deceptive tactic. Fake ...
1 year ago Infosecurity-magazine.com
Fake IT support sites push malicious PowerShell scripts as Windows fixes - First discovered by eSentire's Threat Response Unit, the fake support sites are promoted through YouTube channels that have been compromised and hijacked to add legitimacy to the content creator. In particular, the threat actors are creating fake ...
6 months ago Bleepingcomputer.com
Hugging Face dodged a cyber-bullet with Lasso Security's help - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens ...
1 year ago Venturebeat.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)