Hacking Rutube, phishing via CoinGecko and Etherscan and other cybersecurity events

We’ve compiled the most important news from the world of cybersecurity for the week.

Rutube attacked by hackers and went offline for days

On May 9, the Russian video hosting site Rutube was subjected to a large-scale hacker attack and was unable to restore its work for several days.

Anonymous hackers claimed responsibility for the attack. They claimed to have corrupted more than 75% of the databases and infrastructure of the main version and 90% of the backups and clusters to restore the databases.

The Village, citing a source close to the Rutube team, reported that the attack “completely deleted the site code” and the video service “cannot be restored.” However, Rutube denied this information.

On the day of the hack, screenshots from the service’s internal system with a list of channels appeared online, as well as a letter allegedly sent by Rutube director Alexei Nazarov to the FSB complaining about machinations in the purchase of the cyber protection system from Group IB.

The latter denied that the company’s products “are or have ever been used to protect office or server infrastructures or individual applications of the Rutube video hoster from cyberattacks.”

On May 11, the service team announced that the platform had been restored.

CoinGecko and Etherscan warned of a phishing attack

CoinGecko and Etherscan have reported a phishing attack on their users. Hackers are attempting to gain access to victims’ funds by requesting to connect their MetaMask wallets.

Users are encouraged to connect their wallets to a certain site called nftapes.win.

CoinGecko and Etherscan stressed that this should not be done under any circumstances.

It was later revealed that the phishing attack was carried out using a malicious script from the Coinzilla ad network.

Data from 21 million VPN users in the public domain

A 10GB database from several VPN services, including GeckoVPN, SuperVPN and ChatVPN, has circulated in Telegram feeds. VPNMentor writes about it.

The database includes 21 million records with e-mail addresses, names, payment details and other user information. Last year the data was sold on the darknet, but now it is distributed for free.

Sberbank’s fraudulent app has become one of the most downloaded in the Russian segment of the App Store

The service “Sberbank online site” was in the top ten most downloaded free applications in the App Store in the Russian Federation. However, Sberbank warned that it is not official, and launched by fraudsters, reports RBC.

Recall, due to sanctions, the app “Sberbank Online” became unavailable for download in the App Store, and later disappeared from Google Play.

Russian Android users complained about problems with the Google Chrome update

Android users from the Russian Federation reported the inability to update their Google Chrome browser via Google Play.

Earlier, Google Play said it had blocked downloads of paid apps and updates to them since May 5.

Also on ForkLog:

• The U.S. State Department has offered $15 million for data on the operators of the Conti ransomware virus.
• Chailusis estimated that 97% of cryptocurrencies stolen in 2022 were accounted for by DeFi-protocols.

What to read this weekend?

How to keep your correspondence private and why Telegram won’t help, says an expert.