The Symbiotic X Account Breach
The Symbiotic X account recently suffered a security breach, leading to the spread of phishing links. For two days, users were directed to a fraudulent site where malware was found in image files. The compromised account misled users with a “points” checklist, encouraging them to click a link. The link redirected users to a fake website, network-symbiotic[.]fi, rather than the legitimate symbiotic.fi.
Upon connecting their wallets to this fraudulent site, users were falsely informed they had accumulated thousands of points, prompting them to redeem these points swiftly. Clicking the “Redeem Points” button resulted in error messages if the wallet was empty. However, if the wallet contained Symbiotic tokens, the user was likely prompted to sign a message, allowing the attacker to drain the tokens.
The Symbiotic team has issued a warning on their official site, advising users not to interact with any links associated with the compromised account. This incident highlights the increasing trend of account hacks within the cryptocurrency space, urging users to bookmark trusted URLs and exercise caution when signing coded messages.
Malware Hidden in SVG Files
A new method of spreading malware has emerged, involving the use of SVG (Scalable Vector Graphics) files. According to HP’s Wolf Security team, attackers are exploiting these files to gain control over victims’ computers with remote access trojan (RAT) software. Once infected, attackers can steal sensitive information such as website passwords and cryptocurrency wallet credentials.
The malware is disguised as a ZIP archive, activated when the image is opened in a browser. A distraction in the form of a .pdf file is used to keep the victim occupied while the malware installs in the background. SVG files, typically used for their ability to be resized without losing quality, are written in XML code and can contain executable scripts. This functionality is being abused by malware developers.
HP researchers discovered an image that, when opened, produces a ZIP archive. Clicking on this archive initiates the download of a shortcut file. While a decoy .pdf file loads, the malware copies scripts into the user’s directories, allowing it to persist over time. This leads to the installation of dangerous malware, including VenomRAT and AsyncRAT, which can give attackers full control over the victim’s computer. Crypto users are advised to be cautious with SVG files from untrusted sources and to close browser windows if unexpected files begin to load.
The FIRE Token Exploit
The FIRE token faced a significant exploit on October 1st, showcasing the risks involved with new tokens and unaudited contracts. The token’s Uniswap pool was left almost empty after an attacker manipulated the token’s contract. This allowed the token to be sold repeatedly at increasing prices.
Following the exploit, the token’s team vanished, deleting their social media accounts and suggesting a potential rug pull or exit scam. The token has seen no trade since October 2nd, indicating a lack of liquidity.
FIRE was marketed as an “ultra-hyper-deflationary token,” intended to increase in value as its supply decreased. However, an attacker drained approximately $22,000 worth of Ether from the liquidity pool using a flash loan and a malicious contract. By repeatedly swapping ETH for FIRE and back, the attacker was able to manipulate the token’s price and drain its liquidity.
This exploit was repeated multiple times, resulting in significant financial loss. The incident serves as a cautionary tale, emphasizing the need for careful consideration when engaging with tokens featuring novel attributes that may not be fully understood. Users are advised to be wary of tokens with features that could be exploited to manipulate prices and liquidity.
