ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Flashpoint: RAMP opens its doors to Chinese hackers. The Russian-language forum sections are now in Russian, English, and Mandarin
The RAMP cybercrime Russian-language forum has opened its doors to Mandarin and Chinese-speaking threat actors. It has been discovered by the Flashpoint cybersecurity experts. In October the administrators made changes to the forum’s interface that make it more accessible to Chinese-speaking and English-speaking threat actors. Sections are now in Russian, English, and Mandarin; the main administrator is addressing members in English more often than before; and there is noticeably more English content and comments—and even coming from some Russian-speaking actors. Furthermore, the RAMP authorization form (for account verification) now includes a domain for a Chinese forum among the others. Previously, it was a mainly Russian-speaking forum, although English-speaking members were tolerated. Founded this summer year in response to top-tier Russian-speaking forums banning ads by ransomware gangs, and now in its third iteration, RAMP now appears under a new .onion domain and requires former users to re-register.