Introduction
Fraudsters are increasingly employing artificial intelligence to impersonate users of Binance, a leading cryptocurrency exchange, successfully navigating the platform’s biometric verification measures to access and steal assets. The Binance team has issued a cautionary notice to its clients about this alarming trend.
AI-based Fraud Tactics
These cybercriminals create realistic 3D facial models using either publicly available or stolen images and videos. Their tactics often include hacking passwords and attempting to bypass two-factor authentication (2FA). These sophisticated attacks typically target unprotected mobile phones and computers that have access to Binance, utilizing malware to execute their schemes remotely. In light of the rising threat, Binance is actively monitoring this activity and has advised users to stay alert.
Telegram Vulnerability
Meanwhile, a significant vulnerability has been uncovered in Telegram, as reported by the creator of the “IT Dig” Telegram channel. This loophole allows hackers to access user accounts without needing a password or multi-factor authentication (MFA). The issue particularly affects authorization through the Telegram widget on external sites, mainly within Telegram’s own browser.
Such authorization sessions can unintentionally grant elevated privileges, including the ability to read chats and receive calls without the user entering their cloud password.
The researcher expressed concerns that this flaw might have been responsible for a recent theft of 200 million rubles (approximately $3 million) worth of cryptocurrency from one of his clients. To mitigate this risk, he urged users to clear their Telegram web browser history and deactivate active sessions.
In defense of its security, Telegram has dismissed the notion of a vulnerability, stating that the researcher misunderstood how various authorization methods function. However, the researcher contends that the platform’s official response contradicts his explanation of the issue.
Ransomware Attacks
In another cybersecurity development, the United States Department of Justice has charged a Yemeni national, Rami Khaled Ahmed, in connection with the infamous Black Kingdom ransomware attacks, which have targeted Microsoft Exchange servers over a two-year period from March 2021 to June 2023. Ahmed, 36, along with accomplices, allegedly infected systems and demanded ransoms of $10,000 paid in Bitcoin, affecting organizations including a health clinic in Wisconsin and a school district in Pennsylvania. If convicted, Ahmed could face up to 15 years in prison for conspiracy and willful damage to protected computers.
Spyware Attacks
Separately, tech giant Apple has warned users across over a hundred nations about a new wave of government-sponsored spyware attacks targeting individuals such as Italian journalist Ciro Pellegrino and Dutch activist Eva Vlaardingerbroek. This spyware reportedly compromises personal data, enabling unauthorized access to users’ correspondence, cameras, and microphones. Affected users are urged to update their iOS to version 18.4.1 and activate Lockdown Mode for enhanced security.
Data Transfer Violations by TikTok
In the world of social media, TikTok has been slapped with a hefty fine of €530 million (around $601 million) by the Irish Data Protection Commission for unlawfully transferring users’ private data from the European Economic Area to China, violating EU privacy regulations. The platform has also drawn criticism for a lack of transparency, with the DPC mandating that TikTok achieves compliance with data processing regulations within six months or risk a suspension of all data transfers to China.
RansomHub Ransomware Group
Lastly, cybersecurity experts from Group-IB have noted that the online operations of the RansomHub ransomware group mysteriously ceased on April 1. This shutdown is believed to be linked to a significant exodus of group members following operational downturns since late 2024. Rival ransomware group DragonForce has made claims that RansomHub may have transitioned its activities to their infrastructure, leading to a surge in disclosures on Qilin’s leak site. Over its active year, RansomHub reportedly compromised data from more than 200 victims, replacing the now-defunct LockBit and BlackCat groups and enticing partners like Scattered Spider and Evil Corp with lucrative ransom payouts.
