It seems that even elite state-backed operatives aren’t immune to clicking the wrong link.

The discovery comes from cybercrime intelligence firm Hudson Rock (as reported by HackRead), who stumbled upon a LummaC2 log that looked… different. Instead of the usual stolen Netflix passwords and crypto wallets from random victims, this log contained the digital footprint of a professional malware development rig.

The infected machine wasn’t your average laptop. It was a powerhouse running a 12th Gen Intel Core i7 with 16GB of RAM, loaded with tools of the trade: Visual Studio Professional 2019, Enigma Protector (for packing malware), and a suite of communication apps like Slack, Telegram, and BeeBEEP.

The most explosive find in the stolen logs was a direct connection to the Bybit crypto heist from February 2025, where attackers drained $1.4 billion. The infected machine contained credentials for an email address that had been flagged by threat intelligence firm Silent Push. This reminds us of the recent Cryptomixer takedown, where law enforcement seized infrastructure used to launder such stolen funds.

This specific email was used to register bybit-assessment.com just hours before the heist began. This domain played a crucial role in the attack infrastructure, impersonating the exchange to facilitate the theft.

While the owner of this machine might not have pressed the “steal” button themselves, they were clearly part of the supply chain—building tools, setting up phishing domains, or managing infrastructure for the operation.

The logs offer a rare glimpse into the daily operations of North Korean cyber units (likely Lazarus Group or a sub-group):

• VPN Usage: The operator used Astrill VPN to route traffic through the US, a common tactic to mask their location.
• Language Slip-ups: Despite browser settings defaulting to Simplified Chinese (a common disguise), the translation history revealed direct queries in Korean.
• Phishing Prep: The machine showed evidence of setting up other campaigns, including domains like zoom.callapp.us, likely used to distribute fake Zoom installers infected with malware.

LummaC2: The Equal Opportunity Infostealer

It’s almost poetic that a sophisticated state actor was compromised by LummaC2, a “malware-as-a-service” infostealer available to anyone with a few hundred dollars. LummaC2 doesn’t care if you’re a grandmother in Ohio or a hacker in Pyongyang; if you run the file, it steals your data.

This incident highlights a critical reality: OpSec is hard, even for the pros. One mistake, one infected download, and a secret state operation is laid bare for security researchers to dissect.

For the rest of us, it’s a reminder that no one is invulnerable. If a North Korean malware developer can get infected by an infostealer, so can you. But unlike them, you probably don’t have a $1.4 billion heist to hide.

The post The Hunter Becomes the Hunted: North Korean Hacker Infected by LummaC2, Exposing Bybit Heist Secrets appeared first on Gridinsoft Blog.

Europol clearly hired someone who knows Adobe After Effects, and they’re not afraid to use it.

Cryptomixer wasn’t subtle. Since 2016, the service processed €1.3 billion in Bitcoin for anyone who needed to obscure where their money came from. Ransomware crews? Welcome. Dark web dealers? Come right in. Underground forums full of scammers? The door’s always open.

The business model was beautifully simple: take dirty crypto, mix it with other people’s dirty crypto, wait a random amount of time, and send back clean crypto. Blockchain analysis goes from “we know exactly where this came from” to “good luck proving anything.”

Except now those 12 terabytes of transaction data are sitting in an evidence room somewhere, and every criminal who ever used the service is probably having an unpleasant day.

Can we talk about the Operation Olympia presentation? Tech noir aesthetics, moody lighting, slick animations, and—this is genuinely delightful—Cyrillic Easter eggs scattered throughout for flavor.

Law enforcement has discovered that psychological warfare works better when it looks good. A dry press release gets ignored. A cinematic takedown video with dramatic music gets shared, discussed, and remembered. It’s less “we stopped some criminals” and more “we’re coming for you, and we’ve got a marketing budget.”

Respect to whoever convinced Europol that cybercrime needs a proper villain origin story in reverse.

How to Launder Cryptocurrency (Before You Get Caught)

Cryptocurrency mixers exist because blockchain is paradoxically both anonymous and completely transparent. Every Bitcoin transaction is public, traceable, and permanent. Great for accountability, terrible if you’re a ransomware operator trying to spend your ill-gotten gains.

Enter the mixer:

Your dirty Bitcoin → Giant pool with everyone else’s dirt → Random wait time → Clean Bitcoin to new address → Blockchain trail goes cold

It’s digital money laundering compressed into an automated service. Submit coins connected to crime, receive coins with no obvious connection to anything, pay a service fee. Cryptomixer operated on both the clear web and dark web, servicing criminals of all technical skill levels.

The fee structure probably looked like any other SaaS business, except instead of “Enterprise Plan” it was more like “Ransomware Platinum.”

That’s nine years of transaction records now available to investigators. Somewhere, a forensic analyst just got assigned the world’s most depressing dataset to comb through.

Switzerland, Germany, and the Joy of International Cooperation

Operation Olympia ran November 24-28 with players from:

• Switzerland: Zurich police (city and canton) plus prosecutors
• Germany: Federal Criminal Police and Frankfurt prosecutors
• Europol: Coordination via J-CAT (Joint Cybercrime Action Taskforce)
• Eurojust: Because international law is complicated

The fact that multi-jurisdiction cryptocurrency crime operations now run smoothly is remarkable. Five years ago, this would have been a bureaucratic nightmare. Now it’s a routine action week with promotional materials.

Progress looks like Swiss and German police coordinating server seizures while someone edits the takedown video.

This isn’t Europol’s first crypto mixer rodeo. In March 2023, they took down ChipMixer, which was even larger than Cryptomixer at the time.

The pattern emerging: law enforcement has figured out that dismantling criminal infrastructure matters more than catching individual operators. You can arrest one hacker, but if the laundering services remain intact, someone else just takes their place. Remove the laundering infrastructure, and everyone’s business model breaks.

It’s strategic thinking applied to cybercrime. Attack the supply chain, not just the end users.

That seized data represents something more valuable than the €25 million in Bitcoin: evidence connecting thousands of criminal operations to their money laundering activities.

Every ransomware payment that went through Cryptomixer? Recorded. Every dark web purchase laundered through the service? Logged. Every scammer who thought they were safely anonymous? Their transaction patterns are now evidence.

This is the gift that keeps giving. One takedown spawning hundreds of investigations, each following the money trail preserved in those supposedly anonymous transactions.

The blockchain never forgets. It just needed law enforcement to seize the mixer that connected the dots.

The Whac-A-Mole Reality

Here’s the uncomfortable truth: another mixer will emerge to replace Cryptomixer. The economics are too compelling, and the technical barrier isn’t that high. Within months, new services will advertise better security, stronger anonymity, and lessons learned from Cryptomixer’s mistakes.

But that’s actually the point. Each takedown:

• Seizes funds criminals can’t recover
• Creates paranoia about which services are safe
• Generates intelligence for future operations
• Forces criminals to rebuild trust networks and infrastructure
• Makes crime more expensive and risky

It’s not about winning decisively. It’s about making cybercrime progressively more difficult, costly, and paranoia-inducing. Death by a thousand cuts, with excellent production values.

Cryptocurrency crime contains a fundamental irony: criminals use Bitcoin for anonymity, but blockchain creates a permanent, public record of every transaction forever.

Traditional money laundering leaves scattered, incomplete records across multiple jurisdictions with varying cooperation levels. Cryptocurrency leaves perfect evidence, immutably stored, publicly accessible, forever.

Mixers exist specifically because crypto is too transparent. But when the mixer gets seized, all that mixing activity becomes evidence. The anonymous trails lead straight to the service, and suddenly every transaction pattern is visible to investigators.

It’s like committing crimes while wearing an ankle monitor that publishes your location data publicly, then being surprised when police use that data against you.

Somewhere, a government accountant is having a very weird day.

The Week That Started With a Bang

As the original commentary noted: “We need more psyops against the cybercrime ecosystem, good and varied ones. At least the week starts with a spark.”

And they’re absolutely right. These coordinated takedowns with cinematic presentations serve multiple functions beyond just shutting down one service:

• Demonstrate law enforcement capability (and production budgets)
• Create fear, uncertainty, and doubt among criminals
• Generate media coverage that deters future criminals
• Reassure the public that authorities aren’t helpless
• Look really, really cool doing it

The tech noir aesthetic isn’t just style—it’s strategic communication. It says “we’re sophisticated, coordinated, and we’re coming for you” more effectively than any press release ever could.

Cryptomixer: nine years of operation, €1.3 billion laundered, now offline with operators potentially identifiable from 12 terabytes of data.

Will another mixer replace it? Yes. Will criminals find new ways to launder crypto? Obviously. Does this operation still matter? Absolutely.

Every takedown makes the game harder, more expensive, and riskier. The infrastructure gets disrupted. The trust networks get shattered. The paranoia increases. And somewhere, a video editor at Europol is already working on the next operation’s promotional materials.

Bottom line: In the eternal battle between cybercriminals and law enforcement, the cats just scored another point while looking stylish doing it. The mice will adapt, but they’ll do it wondering which service is next to get the cinematic takedown treatment.

And honestly? That’s progress with production values.

Two major mixer takedowns in three years. If you’re running a cryptocurrency mixing service, maybe update your contingency plans. Or invest in better lawyers. Or—radical thought—consider legitimate employment. The weekly salary is less exciting, but the seizure risk drops to zero.

The post Cryptomixer’s €1.3 Billion Laundromat Just Got Washed Out (With Cinematic Flair) appeared first on Gridinsoft Blog.

The arrest took place on July 22, 2025, with assistance from Europol and French cybercrime investigators, marking the end of a four-year investigation that began in July 2021. The operation targeted one of the oldest and most influential Russian-speaking cybercrime forums on the dark web.

A Criminal Empire Worth Millions

XSS.IS served as a thriving marketplace for cybercriminals worldwide, hosting over 50,000 registered users who traded in malware, stolen credentials, hijacked system access, and ransomware kits. The platform generated millions of dollars through advertising and facilitation fees, while also operating an encrypted Jabber messaging server that allowed cybercriminals to communicate anonymously.

According to French prosecutors, court-ordered surveillance of the forum’s Jabber server revealed extensive criminal activity, including ransomware attacks that brought in at least €7 million ($8.2 million) in illegal profits. The intercepted communications exposed the scale and sophistication of operations coordinated through the platform.

More Than Just a Marketplace

Europol revealed that the arrested suspect wasn’t merely a technical operator but played an active role in facilitating criminal activity. The administrator helped cybercriminals settle disputes, ensured illegal deals proceeded smoothly, and was suspected of directly participating in cyberattacks, organized extortion, and broader criminal conspiracies.

From DaMaGeLaB to XSS.IS: A Criminal Evolution

The forum’s history dates back to 2004 when it was originally launched as DaMaGeLaB, a well-regarded Russian-language hacking community. The platform faced a temporary shutdown in December 2017 after one of its administrators, Belarusian national Sergey Yarets (known as “Ar3s”), was arrested.

In late 2018, a prominent forum administrator acquired a backup of the site and relaunched it under the new name XSS—a reference to the cross-site scripting web vulnerability. This rebranding served dual purposes: distancing the forum from its previous law enforcement associations and giving it a more technical, modern image.

The transformation proved successful, with XSS.IS becoming one of the most prominent and exclusive cybercrime forums on the dark web. Membership was granted only after thorough vetting, and in some cases, users were required to pay fees to create accounts, preventing spam and maintaining the forum’s elite status.

International Law Enforcement Collaboration

The seizure notice on XSS.IS now displays a message stating the domain has been seized by “la Brigade de Lutte Contre la Cybercriminalité with assistance from the SBU Cyber Department.” The Brigade de Lutte Contre la Cybercriminalité (BL2C) is a specialized branch of the French judicial police focused on combating cybercrime, while the SBU Cyber Department refers to the Cyber Security Department of Ukraine’s Security Service.

This international cooperation demonstrates the growing effectiveness of cross-border law enforcement efforts against cybercrime. The operation involved multiple European agencies working together to dismantle one of the internet’s most dangerous criminal platforms. This approach echoes previous successful operations, such as when Netherlands police posted warnings directly on hacker forums to disrupt criminal activities.

Ukrainian Context: Cybercrime in Wartime

The arrest in Ukraine carries particular significance given the country’s ongoing war with Russia. While authorities have long suspected that XSS.IS was operated or supported by Russian intelligence agencies—including the Foreign Intelligence Service (SVR), Federal Security Service (FSB), and Main Intelligence Directorate (GRU)—the administrator was found to be located in Ukraine.

This development highlights the complex nature of cybercrime operations, which often transcend national boundaries and political conflicts. It remains unclear whether the suspect is Ukrainian or Russian national, demonstrating how cybercriminal networks can operate across geopolitical divides.

The successful operation also showcases Ukraine’s commitment to international cybersecurity cooperation despite the ongoing conflict, with Ukrainian authorities working alongside French and European partners to combat global cybercrime.

Current Status and Ongoing Investigation

As of the seizure, visitors to the main XSS.IS domain now see an official law enforcement seizure notice. However, the forum’s dark web (.onion) domain and clearnet mirror (XSS.AS) currently display “504 Gateway Timeout” errors, suggesting these infrastructure components may still be under investigation or in the process of being dismantled.

Notably, the Telegram channel associated with the XSS.IS administrator remains active and shows no signs of seizure, with the account marked as “recently seen.” It remains unclear whether authorities have gained access to these communication channels or control over the forum’s associated social media accounts.

According to Europol, authorities have seized significant amounts of user data, which is now being analyzed to identify and track cybercriminals worldwide. This information will likely support ongoing operations against cybercrime networks both in Europe and globally.

Part of a Broader Enforcement Trend

The XSS.IS takedown represents the latest in a series of successful operations against major cybercrime platforms. Recent law enforcement actions have targeted numerous dark web marketplaces and criminal forums, including BreachForums and other major platforms:

• BreachForums – Several suspected operators arrested by French authorities in June
• Cracked and Nulled – Takedown operation targeting software piracy forums
• PopeyeTools – Criminal marketplace shutdown
• Incognito Market – Dark web marketplace seizure
• Nemesis Market – Underground trading platform dismantled
• Bohemia and Kingdom Market – Additional dark web marketplace closures
• Pygmalion – German police seized this dark web shop, accessing customer data from over 7,000 orders

These coordinated efforts demonstrate law enforcement’s increasing sophistication in combating online criminal networks and their willingness to pursue long-term investigations to achieve meaningful results.

Impact on the Cybercrime Ecosystem

While cybercrime forums frequently appear and disappear, the seizure of XSS.IS represents a particularly significant blow to the global cybercrime community. The forum’s reputation, extensive user base, and role in facilitating high-value criminal transactions made it a cornerstone of the Russian-speaking cybercrime ecosystem.

The loss of such an established platform will likely force cybercriminals to seek alternative venues for their operations, potentially disrupting established relationships and communication channels. However, the cybersecurity community expects that new platforms will eventually emerge to fill the void, as criminal networks adapt to law enforcement pressure.

What This Means for Cybersecurity

For organizations and security professionals, the XSS.IS seizure provides several important insights:

• Long-term investigations work – The four-year investigation demonstrates that patience and international cooperation can yield significant results
• Communication monitoring is crucial – Court-ordered surveillance of the Jabber server provided key evidence of criminal activity
• User data provides ongoing value – The seized information will support future investigations and help identify additional threats
• International cooperation is essential – The success required coordination between Ukrainian, French, and European authorities

Organizations should remain vigilant as displaced cybercriminals may attempt to accelerate operations or seek new platforms, potentially leading to increased attack activity in the short term.

The Road Ahead

French authorities have not disclosed the identity of the arrested suspect or specified whether extradition proceedings will follow. Ukrainian authorities have also not publicly commented on the arrest beyond their participation in the operation.

The investigation continues as authorities analyze the substantial amount of seized data, which will likely lead to additional arrests and help map the broader cybercrime network that utilized XSS.IS. This information could prove invaluable in understanding and disrupting other criminal operations worldwide.

As Europol noted in their statement, the message to cybercriminals is clear: regardless of how sophisticated or well-established criminal platforms may be, law enforcement will eventually catch up. The XSS.IS takedown serves as a reminder that even the most notorious cybercrime forums are not beyond the reach of determined international law enforcement efforts.

For users and organizations, this development underscores the importance of maintaining robust cybersecurity measures, as the criminal networks that relied on XSS.IS may attempt to accelerate their operations or establish new platforms in response to this disruption.

The post Major Cybercrime Forum XSS.IS Seized After Admin Arrested in Ukraine appeared first on Gridinsoft Blog.

USDoD Hacker Arrested in Brazil

On October 16, Brazilian Policia Federal published a post about performing a successful arrest of an individual that is (allegedly) known online as USDoD. Hacker forum users and regular readers of cybersecurity newsletters can remember this nickname for a whole series of high-end cyberattacks, against government organizations and corporations. The hacker rarely hesitated with boasting of his success and regularly posted on the Darknet regarding new hacks and data leaks.

Among some of his most notable victims are French commercial aircraft manufacturing company Airbus, CrowdStrike, InfraGard and National Public Data, the US data broker. The latter was eventually forced to file for Chapter 11 bankruptcy, as the leakage of almost 3 billion records led to massive class action lawsuits that the company won’t be able to handle. And nonetheless, the leak was available on the Darknet, allowing any con actor with enough money to buy the whole database to put their hands on it.

The aforementioned InfraGard, a joint venture of the FBI and a selection of private clinics, got their personnel’s private information leaked in one of the USDoD’s hacks. This could have been one of the key reasons why he has become a prime target for law enforcement: standing in the way of the US main law enforcement never ends well.

As I’ve mentioned, the personality of USDoD was leaked soon before the arrest, in early September 2024. CrowdStrike published a comprehensive article showing that the person in question is Luan Goncalves, a 33 years old Brazilian citizen from the Minas Gerais state. What is not typical of threat actors is that he accepted his “defeat” in the game of anonymity, and was probably prepared for the further arrest.

Seeing an actual hacker getting arrested is not a common sight these days. From the noteworthy law enforcement actions against cybercrime groups lately we have mostly seen detainments of some intermediary members, not key figures. And overall, the counteraction strategy over the last 2 years mostly revolves around disrupting infrastructure, not capturing the top hackers. QakBot network disruption and LockBit ransomware takeover are a few examples of this tactic being widespread and fairly effective.

Brazilian Federal Police Seizes USDoD Hacker’s PC

Aside from the arrest and among other things that were obtained during the arrest, law enforcement managed to confiscate the computer that the hacker had at his living place. This can potentially carry a lot of useful information, but there is one caveat to consider: knowing that he is about to be detained, the malicious actor has likely removed anything that can potentially be used against him as evidence. Hence, although the detail itself is better to keep in mind, it is unlikely to have any reasonable impact.

It is also possible that the USDoD a.k.a Luan Goncalves was so ready and claimed defeat being ready to prove he is not guilty. Pulling such a trick may be tough, especially considering the extensive identity reveal that specified all the ties between the online and real-life personality of the hacker, but it is still possible.

Overall, throughout the extensive timeline of its activity, USDoD was known for being daredevil, with no regard or sympathy to the country and government. This is especially easy to understand from his interview to Cybernews (see the quote below). Thus, such a sudden obedience is unlikely to be a sincere change.

The post USDoD Hacker Arrested by Federal Police of Brazil appeared first on Gridinsoft Blog.

Threat Summary

The Art of Digital Deception: How Game Cracking Really Works

Picture this: every legitimate game is like a nightclub with a bouncer checking IDs at the door. The bouncer (license verification) makes sure only paying customers get in. Now imagine a skilled locksmith who can create a fake ID so convincing that the bouncer waves you right through. That’s essentially what game crackers do.

They locate the “bouncer code” in the software and create a digital bypass that makes the game think, “Oh, this person definitely paid for me!” The technical term is software cracking, but the street name is “digital counterfeiting.”

Here’s where it gets interesting: crackers aren’t digital Robin Hoods. They’re businesspeople with bills to pay and profits to make. The “free” game is just the bait in a much larger trap.

The 5 Digital Nightmares Hiding in Your “Free” Games

1. Your Computer Becomes a Malware Buffet

Remember that friend who invited you over for dinner but served you food poisoning? Cracked games work the same way. You think you’re getting Cyberpunk 2077, but you’re actually downloading a digital disease cocktail.

Take the infamous case where HackTool infections spread through popular game cracks. Users thought they were downloading the latest AAA title, but instead got front-row seats to watching their bank accounts get drained. The malware didn’t just steal gaming credentials – it went after everything: banking passwords, social media accounts, even those embarrassing photos you thought were safely hidden.

Modern cracked games are like Russian nesting dolls, but instead of cute wooden figures, each layer reveals a new digital nightmare. First comes the trojan that steals your passwords, then the ransomware that locks your files, followed by the cryptocurrency miner that turns your gaming rig into a profit machine for criminals. It’s a full-service criminal operation disguised as entertainment.

Security researchers have documented how cybercriminals use pirated software to deliver backdoors and ransomware, turning what should be fun gaming sessions into expensive lessons in cybersecurity.

2. The Silent Bitcoin Thief Living in Your CPU

Imagine coming home to find someone has been secretly using your electricity to run their business, leaving you with a massive power bill. That’s exactly what happens with crypto miners hidden in cracks and keygens.

One gamer shared his story online: “I downloaded a cracked version of a racing game and suddenly my computer sounded like a jet engine. My electricity bill doubled, and my graphics card died within three months. Turns out, I was mining Bitcoin for some criminal in Eastern Europe while I slept.”

The cruel irony? While you’re struggling with lag and overheating during your gaming sessions, thinking your hardware is just getting old, someone halfway across the world is literally making money off your suffering. Your expensive gaming setup becomes their personal money-printing machine, and you get to pay the electricity bills.

These mining programs are sneaky. They’ll throttle down when you’re actively using your computer to avoid detection, then ramp up to full power when you step away. It’s like having a polite burglar who waits for you to leave before robbing you blind.

3. The Digital Pickpocket in Your Hard Drive

Here’s a scary bedtime story: Sarah downloaded a cracked version of The Sims because she didn’t want to pay for expansion packs. Three weeks later, she got a call from her bank about suspicious charges in three different countries. The information stealing malware had been quietly photographing her screen every time she logged into anything important.

These digital pickpockets don’t just grab your wallet – they photocopy your entire life. Banking credentials, social media passwords, those private messages you’d rather forget, family photos, work documents, and even your saved game progress (because apparently criminals have no shame).

The stolen data doesn’t just disappear into the void. It gets sold on dark web marketplaces like items at a garage sale. Your Netflix password might go for $2, but your banking credentials could fetch $200 or more. Meanwhile, you’re wondering why your Instagram account is suddenly posting ads for questionable pharmaceutical products.

4. The Invisible Puppet Master

Backdoor trojans are like giving a stranger the keys to your house, your car, and your office – except they’re invisible and you don’t even know they exist. Once installed, these programs turn your computer into a remote-controlled zombie in a criminal botnet.

One security researcher described it perfectly: “It’s like having a criminal living in your attic who can see everything you do, use your internet connection for illegal activities, and invite their friends over whenever they want. Except the attic is your computer, and the criminal is halfway around the world.”

The truly disturbing part? Your computer might be participating in cyberattacks against hospitals, schools, or government agencies while you’re innocently playing games. You become an unwitting accomplice in digital crimes you never knew were happening.

5. The Annoying Roommates Who Won’t Leave

Even when cracked games don’t contain “serious” malware, they’re often packed with digital freeloaders that make your computing experience miserable. Think of them as that annoying roommate who eats your food, doesn’t pay rent, and brings over friends who trash the place.

These potentially unwanted programs include fake antivirus software that screams about imaginary threats (classic scareware applications), browser hijackers that redirect your searches to sketchy websites, and “system optimizers” that somehow make your computer run worse than before they “helped.”

The frustrating part is that these programs are designed to be harder to remove than they were to install. They hide in system folders, create multiple registry entries, and sometimes reinstall themselves when you think you’ve finally gotten rid of them.

When the Law Comes Knocking

Let’s talk about the elephant in the room: using cracked games is illegal. Not “technically illegal” or “sort of illegal” – it’s straight-up copyright infringement that can land you in serious legal trouble.

For individual users, the risk varies by location, but don’t assume you’re safe just because you’re not selling pirated games. Some countries take copyright violation seriously enough to pursue individual users, especially if they’re sharing files through torrents.

But here’s where it gets really expensive: businesses that get caught using pirated software face financial penalties that make buying legitimate licenses look like pocket change. The Business Software Alliance loves making examples of companies, with settlements often reaching hundreds of thousands or even millions of dollars.

One small design firm got hit with a $180,000 settlement for using cracked copies of Adobe software worth about $2,000. The legal fees alone exceeded what they would have spent on legitimate licenses for the next decade.

The Hidden Performance Tax

Even if you ignore the security and legal risks, cracked games often perform worse than their legitimate counterparts. It’s like buying a sports car that’s been “modified” by someone who learned mechanics from YouTube videos.

The performance problems aren’t accidental. When your computer is secretly mining cryptocurrency, running multiple malware processes, and sending your data to criminal servers, it doesn’t have much processing power left for actually running games smoothly.

Users often blame their hardware or the game developers for poor performance, never realizing that the “free” game they downloaded is essentially running a criminal enterprise in the background.

The Criminal Business Model

Understanding why cracked games are so dangerous requires understanding the economics behind them. Crackers aren’t digital altruists – they’re entrepreneurs in the malware business.

The typical revenue model works like this: malware developers pay crackers a few dollars for every successful infection. A popular game crack that gets downloaded 100,000 times could generate $50,000 or more in pay-per-install revenue. Add cryptocurrency mining profits, stolen data sales, and botnet recruitment, and you’re looking at a very lucrative business model.

The “free” game is just the delivery mechanism. You’re not the customer – you’re the product being sold to cybercriminals.

The Smart Gamer’s Guide to Safe Gaming

The good news? You don’t need to choose between gaming and security. The modern gaming landscape offers incredible value for legitimate players.

Steam’s seasonal sales routinely offer 75-90% discounts on games. Epic Games Store gives away a free game every week – not cracked games, but legitimate titles from major publishers. Xbox Game Pass provides access to hundreds of games for the price of a fast-food meal.

Even if you’re on a tight budget, free-to-play games like Fortnite, League of Legends, and Counter-Strike offer hundreds of hours of entertainment without spending a dime. Many of these “free” games have better graphics and gameplay than expensive AAA titles from a few years ago.

For security-conscious gamers, the best practices are straightforward: download only from official stores, enable two-factor authentication on gaming accounts, keep your antivirus software updated, and resist the temptation of “too good to be true” deals from sketchy websites.

When Your Gaming Rig Becomes a Crime Scene

If you’ve previously downloaded cracked games, your computer might already be compromised. The signs aren’t always obvious – modern malware is designed to be stealthy.

Watch for subtle indicators: your computer running hot when you’re not gaming, unusual network activity, browser settings that keep changing back after you fix them, or new programs appearing that you didn’t install.

The cleanup process requires more than just deleting the cracked games. Malware often installs itself in multiple locations and can survive basic removal attempts. Professional security tools like GridinSoft Anti-Malware are specifically designed to detect and remove HackTool infections and other gaming-related malware.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Your Burning Questions About Cracked Games

But seriously, are ALL cracked games infected?

Not technically, but asking this question is like asking if all loaded guns are dangerous. Even if a cracked game appears clean initially, there’s no way to verify its safety, and crackers have strong financial incentives to bundle malware. Plus, “clean” games can receive malicious updates later. The only winning move is not to play this particular game.

Can’t my antivirus protect me?

Your antivirus is like a bouncer at a club who’s been given a photo of known troublemakers. But what happens when the troublemaker gets plastic surgery or sends their identical twin? Crackers use advanced evasion techniques, and many users disable antivirus software when installing cracked games because security tools (correctly) flag them as threats.

I already installed some cracked games. Am I doomed?

Not doomed, but you need to act fast. Disconnect from the internet, uninstall all pirated software, run comprehensive malware scans, and change all your important passwords. Think of it as digital damage control – the sooner you act, the less damage the malware can do.

How do crackers actually make money from “free” games?

It’s a sophisticated criminal business model. They get paid per infection by malware developers, earn money from cryptocurrency mining using your computer, sell your stolen data on dark web markets, and recruit your machine for botnet operations. The “free” game is just the bait in a much larger criminal enterprise.

What about just downloading for “testing” purposes?

That’s like saying you’re only going to do drugs to see what they’re like. The malware doesn’t care about your intentions – it infects your system regardless. Most legitimate games offer demos, free weekends, or generous refund policies that make “testing” through piracy unnecessary and foolish.

Are there actually affordable legal alternatives?

Absolutely! Steam sales, Epic’s free weekly games, Xbox Game Pass, PlayStation Plus, Humble Bundle charity packages, and free-to-play titles offer incredible gaming value. Many gamers spend more on coffee in a month than they would on legitimate gaming through these services.

Can gaming malware really steal my Steam account?

Gaming accounts are prime targets because they’re valuable on black markets. Information stealing malware specifically hunts for gaming credentials, payment information, and valuable in-game items. A high-level account with rare items can sell for hundreds of dollars to other players.

How do I know if my computer is secretly mining cryptocurrency?

Your computer will act like it’s constantly running demanding software even when you’re just browsing the web. High CPU usage, overheating, loud fans, poor performance, and increased electricity bills are all red flags. Check Task Manager for suspicious processes consuming resources, and run security scans if anything looks fishy.

The Real Cost of “Free” Gaming

When you factor in the hidden costs of cracked games – system repairs, data recovery, identity theft remediation, increased electricity bills, hardware replacement, and potential legal fees – that “free” game becomes incredibly expensive.

Meanwhile, legitimate gaming has never offered better value. Modern gaming platforms provide security guarantees, automatic updates, cloud saves, customer support, and community features that enhance the gaming experience far beyond what any cracked game can offer.

The Future of Gaming Security

As gaming moves toward cloud-based platforms and streaming services, the traditional model of downloading and cracking games is becoming obsolete. Services like Google Stadia, Xbox Cloud Gaming, and NVIDIA GeForce Now run games on remote servers, making local piracy impossible.

This shift toward legitimate, service-based gaming is good news for players who want security, convenience, and fair prices without the risks associated with pirated software.

The Bottom Line

Cracked games represent one of the most dangerous cybersecurity threats facing modern computer users, disguised as harmless entertainment. The cybercriminal ecosystem behind game piracy has evolved into a sophisticated operation that exploits users’ desire for free software to build profitable criminal enterprises.

Every cracked game download is a potential entry point for dangerous malware trends that can compromise your personal data, financial information, and system security. The risks extend far beyond the individual user, potentially making your computer an unwitting participant in attacks against other victims.

The choice is ultimately yours, but the math is pretty simple: legitimate gaming offers better security, performance, and value than pirated alternatives. The temporary savings from cracked games pale in comparison to the long-term costs of malware infections, data theft, and legal consequences.

Your computer, your data, and your peace of mind are worth more than the price of a game. Choose wisely.

The post 5 Dangers of Cracked Games: Why Pirated Software Puts Your System at Risk appeared first on Gridinsoft Blog.

MIT Hacked, Data Leaked in the Darknet

The post on infamous BreachForums discloses the recent data leak that happened in the #2 universities in the world. As the leak is exquisitely fresh, posted only 2 hours prior to this blog post being written, there is no reaction from MIT yet. Though it should be, as the fact of such a leak raises a lot of questions.

As I’ve mentioned in the introduction, the fact that it is posted “as is”, accessible to everyone without any pay, means that there are no really valuable things inside. But if so, maybe the hackers have got something valuable enough to just publish a lean dataset? Massachusetts university is one involved in different government-backed programs, including ones related to aerospace and defense. Hence, there is definitely enough valuable stuff to put the eye on.

Each row in the leaked database consists of 4 parts: faculty (or department), surname, name of a student, and email address. Occasionally, a “No Student” value is added, potentially meaning a graduate. Not much, sure, but already enough to arrange a phishing campaign – the typical way such data is used by frauds. As the total number of entries – 27,961 – exceeds the number of students currently studying in MIT, there could be either duplicates or data about the students from previous years.

Should Students be Worried?

If I were in the students’ hat, I would have my worries. Even though there are a lot of other ways to retrieve one’s personal information, especially things like email and name, the source is what matters here. Being a student of a certain university is a perfect identifier for further scam campaigns targeting. And be sure they will come: a free database like this pushes the margin for frauds even higher.

In the near future, I’d recommend the students present in the database to be exceptionally careful with any email messages. Even if this leak will not be used for spamming, precautions will not be excessive. Email phishing is too widespread nowadays to ignore such a threat.

The post MIT Hacked, Students’ Data Sold on the Darknet appeared first on Gridinsoft Blog.

Water Curupira’s Email Spam Campaigns

Water Curupira, one of the known operators behind Pikabot, have been instrumental in various campaigns. It primarily aims at deploying backdoors such as Cobalt Strike, that end up with Black Basta ransomware. Initially involved in DarkGate and IcedID spam campaigns, the group has since shifted its focus exclusively to Pikabot.

Pikabot’s Mechanism

Pikabot operates through two main components, a distinguishing feature that enhances its malicious capabilities. The loader and core module enable unauthorized remote access and execution of arbitrary commands through a connection with a command-and-control (C&C) server.

Pikabot’s primary method of system infiltration involves spam emails containing archives or PDF attachments. These emails are skillfully designed to imitate legitimate communication threads. They utilize thread-hijacking techniques to increase the likelihood of recipients interacting with malicious links or attachments. The attachments, designed either as password-protected archives with an IMG file or as PDFs, are crafted to deploy the Pikabot payload.

System Impact

Once inside the target system, Pikabot demonstrates a complex and multi-layered infection process. It employs obfuscated JavaScript and a series of conditional execution commands, coupled with repeated attempts to download the payload from external sources. The core module of Pikabot is tasked with collecting detailed information about the system, encrypting this data, and transmitting it to a C&C server for potential use in further malicious activities.

Another layer of Pikabot mischievous actions is the ability to serve as a loader/dropper. Malware uses several classic techniques, such as DLL hookup and shellcode injection. Also, it is capable of straightforward executable file launching, which is suitable for certain attack cases. Among other threats, Pikabot is particularly known for spreading Cobalt Strike backdoor.

Recommendations

To protect yourself against threats like Pikabot, which is spread by Water Curupira through email spam, here are some key recommendations:

• Always hover over links to see where they lead before clicking.
• Be cautious of unfamiliar email addresses, mismatches in email and sender names, and spoofed company emails.
• For emails claiming to be from legitimate companies, verify both the sender’s identity and the email content before interacting with any links or downloading attachments.
• Keep your operating system and all software updated with the latest security patches.
• Consistently backup important data to an external and secure location, ensuring that you can restore information in case of a cyber attack.
• Educate yourself and your company. Keep up to date with the latest cyber news to stay ahead of the curve.

The post Water Curupira Hackers Spread PikaBot in Email Spam appeared first on Gridinsoft Blog.

Integris Health Patient Data Extortion

By December 24, Integris Health patients reported receiving extortion emails. The attackers, claiming to have exfiltrated the personal data of over 2 million individuals, demanded payment to prevent the sale of this information. The extortion emails included links to a dark website where around 4,674,000 records were purportedly available.

The website provided choices to either delete or view the data upon payment. However, it is unclear whether there are duplicate records among all of them. The compromised data comprised Social Security Numbers, birthdates, addresses, insurance, and employment details. This fact was confirmed by patients who identified their personal information in those emails.

Incident Background

In November 2023, Integris Health detected unauthorized activities within its network. An investigation revealed that an unidentified party accessed confidential patient files on November 28. It is unknown at this time exactly what information was compromised.

Integris Health reports that the investigation is still ongoing. However, given the attack’s scale, cybercriminals likely gained access to a wide range of data, including names, addresses, insurance policy numbers, dates of birth, medical records, and other personal information.

Integris Responds to Ransom Emails

Integris Health has updated its security advisory, warning patients against interacting with the extortion emails. Nevertheless, this incident follows a similar pattern to that observed in the Fred Hutchinson Cancer Center attack. It suggests a potential link between the threat actors.

The dilemma faced by victims is whether to pay the ransom to protect their identity. However, legends say that paying the ransom does not assure data security or deletion. It also potentially marks the payer as a target for future extortion attempts.

Is It A New Cybercrime Meta?

The tactic of contacting users whose data was leaked directly is rather new, but looks organic in the modern threat landscape. While ransomware gangs like BlackCat practice forcing the companies to pay by reporting the hacks to SEC, the hackers who stand behind the Integris hack opted for this peculiar approach. But overall, such unusual steps appear to be if not a new extortion method, then at least a way to enforce paying off the ransom.

The intimidation factor is what makes us blush most. When it comes to multi-billion dollar companies that are listed on stock exchanges – it is much more than just a feeling of embarrassment. It is unlikely for hackers to start texting all their victims, as such practice is simply counter-productive. With large companies, however, it is essential to expect and be ready for some unique new tricks hackers come up with.

The post Integris Health Hacked, Patients Receive Ransom Emails appeared first on Gridinsoft Blog.

KraftHeinz Hacked by Snatch Ransomware

On December 13th, the Snatch ransomware gang listed KraftHeinz on their Darknet site. Although the entry for KraftHeinz on the site dates back to August 16th, it was only updated on the announcement day. Notably, the entry lacked detailed information or file samples, typical for such breaches. However, the absence of data could imply that the attackers are waiting for negotiations or have other strategic reasons for withholding information.

But what info can be found in KraftHeinz network? The company barely had any business with retail customers, with all the deals going to wholesale chains. Nothing critical or sensitive about folks, sure, but enough important information about corporations.

What can be a better gift to a stock trader than a pack of info regarding the co’s financial results days before its earnings report? What can be more valuable for other hackers than an info about weak spots in a company’s security from someone who has already breached it earlier? Frauds will make their money, this way or another – that is for sure.

Food Industry Under Ransomware Attacks

This attack on KraftHeinz is not an isolated incident. In fact, it represents the second major attack on a food producer by Snatch in just two months. As for KraftHeinz scale, the company employs around 40,000 people in over 40 countries and reported net sales of $26 billion in 2022. As a result, the breach threatens corporate security. It poses a risk to a vast array of popular brands under the Kraft Heinz umbrella, including Oscar Meyer, Velveeta, and Jell-O, among others.

Before KraftHeinz, Tyson Foods, another giant in the food sector, fell victim to Snatch in November. The attack pattern mirrored that of KraftHeinz, with limited information disclosed by the ransom operators. Such attacks have something in common and underline a worrying trend in the food industry following previous high-profile cyber attacks on companies like JBS USA, New Cooperative Inc., and Dole Foods.

Who is Behind the Attack?

Seemingly, Snatch, a ransomware group active since 2018, might not be as well-known as other cybercriminal groups. Nonetheless, its impact is increasingly being felt. The US Cybersecurity and Infrastructure Security Agency has warned about Snatch’s tactics, which include exploiting Remote Desktop Protocol vulnerabilities and spending extended periods on a victim’s network before launching an attack.

Snatch utilizes a Ransomware-as-a-Service model and is known for its double extortion tactics. The group’s approach to ransomware attacks is meticulous, often involving prolonged observation of the victim’s network. Over the last year, at least 95 organizations have fallen prey to Snatch, per monitoring tool. The group’s position is noble, and their manifesto promises victim notification and prioritizes negotiations, pledging not to disclose the exploited vulnerabilities beyond the victim.

The post KraftHeinz Hacked by Snatch Ransomware Gang appeared first on Gridinsoft Blog.

Google Fixes CVE-2023-6345 0-day Vulnerability

Limited public information is available about CVE-2023-6345, but it is identified as an integer overflow issue affecting the Skia component within Chrome’s graphics engine. The National Vulnerability Database (NVD) describes it as a high-severity bug that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file.

Actually, soon after the official announcement of the vulnerability fix, the real-world exploit appeared. Due to this, Google has rated the CVE-2023-6345 fix as a high-priority update due. The company has refrained from disclosing technical details until the majority of users and vendors employing the Chromium browser engine implement the fixes.

Security analysts note that Google TAG researchers reported CVE-2023-6345, highlighting its connection to spyware and APT activity. Comparisons are drawn with a previous similar flaw (CVE-2023-2136), suggesting the latest patch aims to prevent attackers from bypassing the earlier update.

More Security Patches

Alongside the zero-day fix, Google has released a total of seven security updates addressing various vulnerabilities:

• CVE-2023-6348: Type Confusion in Spellcheck
• CVE-2023-6347: Use after free in Mojo
• CVE-2023-6346: Use after free in WebAudio
• CVE-2023-6350: Out of bounds memory access in libavif
• CVE-2023-6351: Use after free in libavif

This latest announcement marks the fourth zero-day vulnerability Google has disclosed and patched in its Chrome browser this year.

Update Google Chrome

As we said earlier, patches and updates are the best way to fix vulnerabilities. So if you’re using Mac or Linux, the update will take your browser to version 119.0.6045.199, while Windows users will be upgraded to version 119.0.6045.199/.200. To check if the update is available, go to “Help” in your Google Chrome menu, and then click on “About”. If the update is ready, it will automatically start downloading.

It may take a few days for the update to be available to everyone. Once you have installed the update, make sure to restart your browser for the changes to take effect. Otherwise, your browser will remain vulnerable to attacks.

The post Google Addresses Zero-Day Vulnerability in Chrome appeared first on Gridinsoft Blog.

Tipalti Hacked, Roblox and Twitch are Collateral

On Saturday, December 3, 2023, ALPHV came out with quite an unusual claim. Hacker group talked about hacking into the network of Tipalti, a payment automation and accounting software provider, back in early September 2023. The text below is the quote taken from their Darknet leak site:

Thing is – the company itself did not receive any ransom note yet. The typical practice in cyberattacks is notifying the victim via ransom notes, and only then publishing info about the hack. Though not this time – as hackers say, they doubt the co will contact them back due to some specific details they discovered while being active in the network.

Another detail the hackers uncover is the involvement of an insider. Well, this is not a rare occurrence, but threat actors rarely speak openly about this. And in the context of several companies taken as collateral, this sounds more like an attempt to ruin the company’s image. That especially contrasts with the official response of the company, given to the Israeli media Calcalist.

Roblox and Twitch Fall Victim to Tipalti Hack

The worst part about this hack is that hackers managed to compromise two client companies, namely Roblox and Twitch. Actually, Roblox is not the first time a victim of a ransom hack – the same ALPHV gang hacked them in 2022. Twitch though is mentioned only in the listing title, without any further references in the text. This may be the sign of less than significant amount of data the hackers managed to leak.

At the same time, some serious threats faced towards Roblox appear in the text. Hackers say they will publish the data of more victims (supposedly other Tipalti clients) in the months to come. To avoid this from happening, both mentioned companies should pay the ransom. They either do not specify any sums and, what is more important, types of data leaked from the game developer.

Is it that dangerous?

Despite how threatening all the situation looks, I’d take it with a grain of salt. Hackers often exaggerate the total damage, especially when it comes to collateral damage. Claims about Tipalti’s clients being hacked are most likely just the attempts to scare all the involved parties and make them pay.

What is out of doubt though is hackers’ access to some of the data. In particular, they are not likely to lie about their access to the major amount of Tipalti’s data. For other companies though it is most likely some data about financial transactions – things they actually delegated to Tipalti. However, this is still not great, as such info leakage may be the reason for companies to switch to a different service.

To sum up, despite touching a whole array of companies, the hack brings the most harm to Tipalti. And mostly reputational: even if not a lot of clients’ info ended up in hackers’ hands, the fact of the leak persists. The obvious conclusion is to avoid deep integrations with such unreliable companies, just to minimize the possible damage in the case of another cyberattack.

UPD 12/05/2023

The original listing you could have seen above was changed for a more classic one, that claims Tipalti hack. However, threat actors still use the text note as a place for a post-scriptum note. Criminals disprove Roblox’ claims regarding absence of any signs of network compromise saying that they will contact them later.

At the moment, ALPHV hackers claim to be contacting the first group of Tipalti clients who got their info leaked during the hack. Though they do not contact the company itself, saying they are going to reach out to the clients first. Another interesting detail unveiled after the re-listing is the fact that no ransomware was used – they just leaked 265 gigabytes of data.

The post Tipalti, Roblox and Twitch Hacked by ALPHV/BlackCat appeared first on Gridinsoft Blog.

What is Sextortion?

The term “Sextortion” is rather self-explanatory, aside from the fact that this practice has been in use for a pretty long time. That is a type of email scams that aim at money extortion through the threats of publishing explicit visual content with the victim. To look more authoritative, the scammer may claim to have access to the target’s social media accounts.

Contrary to more classic email phishing scams, the attacker will never ask the victim about an action other than sending a sum of money. The reason for such a generous act is, as the villain assures, its possession over some compromising materials about you. Email text often discloses the way these photos and videos were obtained – from a webcam while you were browsing through adult sites, leaked from the hacked phone, or the like.

All this boils down to a simple demand: send the money or I will leak all these nude videos and pics to the public. Some definitely not exaggerating mates say they will post it from your profile, as they have access to it as well. Though ones who try to look more realistic simply promise to tag your entire friends list on a specific social media.

Are Sextortion Threats Real?

99.5% of the time, they are not. Even though some people can have someone’s nude photos on hand, the number of scam emails exceeds the number of these people by orders of magnitude. And since such graphic materials rarely end up in the hands of a stranger, it will be particularly easy to identify the extortionist. This adds up to the generic message text and absence of any proof – some definite signs of a scam. By the way, let’s have a more detailed look at them.

How to detect a Sextortion Scam Email?

Same as any email scam, sextortion bears on 3 psychological tricks: calling for a shock, forcing the feel of vulnerability and feeling of urgency. This leaves its footprint in the text, and eventually makes it somewhat templated in all the scam cases. Let’s review the most popular of them.

Typical Sextortion Email Patterns in Text

With time, there were dozens and hundreds of different text patterns for extortion emails. Most of them, however, are created with the intention of being suitable to any victim. It would be rather uncomfortable for a scammer to adjust the text whenever they target a new group of people. Thus, utterly generic and abstract text with absolutely no personalization is what you would expect from sextortion scams.

The sense of shock appears as the stranger says it has your nude photos. Moreover, this guy tries to pose as a “professional hacker”. They boasts of having access to all the browsing history, webcams, online wallets and the like. Why would they do nothing about this info – hijacking accounts, stealing all the money from online wallets? The question is rhetorical.

Urgency to the situation appears due to the “deadline” you should pay the ransom before. As the hacker says, any negotiations and stuff are not possible, and failing the payment date will end up with publishing all the materials. Some crooks also say things like “this is not my email so I will stop using it shortly after”. This creates even bigger concerns about the inability to avoid public shame.

Sure enough, the same methods may be used by someone whose threats are real. But they never follow the pattern, at least not that straightforward. This distinguishes a letter written by a real human from a tool of scammers, designed to fit any circumstances.

Check For A Re-Used Crypto Wallet

As sextortion scams are running in “waves”, you are most likely not the only person who got such an email. Frauds often stick to the exact same text, changing only the crypto wallet they ask to send the ransom to. A simple Google search of the wallet may reveal not just one, but several text patterns used in the same scam wave.

Two sextortion emails from 2019 and 2023 using the same text

Two sextortion emails from 2019 and 2023 using the same text

Obviously, when the con actor is real in its threats and is not running this as a business, it will never use someone else’s crypto wallet or the one used in a scam before. Even when a real hacker does something like this (such an occasion happens once in a while) it will never use the same wallet twice. Moreover, “real hackers” rarely opt for Bitcoin as a payment method, preferring cryptos like Monero or DarkCoin. The latter have the anonymizing infrastructure that is so heavily demanded when you are going outlaw.

AI-fueled Sextortion Scams Incoming

All in all, sextortion is a rather old scam that was not really effective over the last few years. People are aware about it, and there is almost no way this is real after all. This is true, but over the last few years, there is a huge risk of sextortion scams being resurfaced with a force yet unseen. Let me explain.

The current AI development is exciting. But what is more mind-boggling is the number of malignant implementations for this potential. In particular, we are talking about their photo editing capabilities. There are quite a few AI services even these days that will edit the clothing out of the picture of a person you’ve uploaded. Combine this ability with sextortion scams and the fact that most people share their normal photos without any doubt – and you receive fuel for a new, unpredictably powerful scam wave.

Scammers who stand behind sextortion emails will finally stop extorting money for nothing. This time, they may get not only a manipulative text, but things to prove their claims with. And, if you ignore the demand, they will post them somewhere. There’s still no reason to believe in their tails about access to all your accounts, but dumping the photos while tagging all your friends list may still be effective.

Sure, it is rather easy to prove the AI origin of images and videos. But the very fact of these images’ existence may throw people into panic. This will eventually force them to pay the ransom – which still does not guarantee that the scammer will not publish these fake photos. And even when you remain calm and ignore all the threats, it may be bothersome to prove that these nude photos of yours are just a hallucination of a vicious neural network.

How to protect yourself from email scams?

Well, that is not an easy question to answer. As I’ve just explained, things are getting complicated, and there is no well-rounded advice for the most modern cases. However, I took my time to think through the possible mitigation options for the majority of situations.

Control sharing your personal email address. While benign services try to keep their customers’ info private, there are enough services that do not care. Some shady forums, torrent tracking sites, websites with cracked software – they will gladly sell databases of their users’ emails to someone. Then, these databases are used to spam people and spread scams, including sextortion. Avoid leaving any personal info in such places, or at least do not use your personal email for authorization purposes.

Keep your head cold. A thing all extortionists rely on is your panic actions upon realization that someone may publish inappropriate graphic content with you online. You, in turn, should not do any emotional acts – that will save you both money and gray hair.

Change all your passwords. This is mostly for good measure, as only a few cases out of thousands of sextortion scams could really boast having your passwords leaked. Though, the very habit of updating your login credentials is a great enhancement to your personal cybersecurity.

Warn your friends, colleagues and relatives about a fake video. By announcing preventively that a provocative video can appear, you minimize the initial shock it may create. After that, all the fake video will do is call friendly laughs, avoiding shame or arguments. Even if the scammer is kidding and there is no graphic material in its possession, even a fake one, this will uplift the awareness of such cases.

The post What is Sextortion? Explanation, Signs & Ways to Avoid appeared first on Gridinsoft Blog.