{"id":189305,"date":"2026-02-20T23:09:00","date_gmt":"2026-02-21T04:09:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/20\/stealth-bitcoin-address-swaps-a-sex-toy-makers-data-leak-and-other-cybersecurity-news\/"},"modified":"2026-02-21T00:40:10","modified_gmt":"2026-02-21T05:40:10","slug":"stealth-bitcoin-address-swaps-a-sex-toy-makers-data-leak-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/20\/stealth-bitcoin-address-swaps-a-sex-toy-makers-data-leak-and-other-cybersecurity-news\/","title":{"rendered":"Stealth bitcoin address swaps, a sex-toy maker\u2019s data leak, and other cybersecurity news"},"content":{"rendered":"

Stealth bitcoin address swaps, a sex-toy maker\u2019s data leak, and other cybersecurity news<\/a><\/p>\n

https:\/\/forklog.com\/en\/stealth-bitcoin-address-swaps-a-sex-toy-makers-data-leak-and-other-cybersecurity-news\/<\/a><\/p>\n

Publish Date: 2026-02-20 23:09:00<\/a><\/p>\n

Source Domain: forklog.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Crypto scams, Android malware, Chrome tracking and a sex-toy maker\u2019s data leak.<\/p>\n

\t\t\t A roundup of the week\u2019s key cybersecurity developments.<\/p>\n

Hackers devised a stealthy scheme to swap bitcoin addresses.
\nA new Android trojan was disguised as IPTV apps.
\nTrezor and Ledger users received phishing letters by post.
\nA researcher exposed major firms for tracking Chrome users via extensions.<\/p>\n

Hackers devise a stealthy bitcoin address swap
\nCriminals have begun quietly substituting bitcoin addresses under the guise of a lucrative crypto-arbitrage deal. The scheme was spotted by BleepingComputer.
\nThe campaign hinges on promises of huge profits from a supposed \u201carbitrage vulnerability\u201d on the Swapzone crypto-exchange platform. In reality, the attackers run malicious code that modifies the swap process directly in the victim\u2019s browser.
\nClickFix-style attacks usually target operating systems: users are tricked into running PowerShell commands to \u201cfix Windows errors\u201d, leading to the installation of stealers or ransomware. Here, the target is a specific browser session.
\nAccording to media reports, this is among the first recorded cases of ClickFix mechanics being used to manipulate web pages for the direct theft of cryptocurrency.
\nTo push the scam, the attackers leave comments under various posts on Pastebin, the popular text (code snippet) hosting service.
\nSource: BleepingComputer.
\nThey advertise a \u201cleaked hacking manual\u201d that supposedly lets users earn $13,000 in two days, and attach a link. The \u201cguide\u201d in Google Docs describes a way to obtain inflated swap amounts in certain BTC pairs.
\nBleepingComputer observed that between one and five people were viewing the document concurrently at any given time, suggesting the scheme is active.
\nSource: BleepingComputer.
\nThe bogus guide tells users to:<\/p>\n

Go to the Swapzone website.
\nCopy JavaScript code from an external resource.
\nReturn to the Swapzone tab, type javascript: into the address bar, paste the copied code and press Enter.<\/p>\n

This method uses the browser\u2019s javascript: URI scheme to execute code in the context of the open site. Analysis showed the initial script loads a second, heavily obfuscated payload. It injects itself into the Swapzone page, replacing legitimate Next.js scripts responsible for processing transactions:<\/p>\n

address substitution. The malicious script contains a list of the attackers\u2019 bitcoin addresses. It inserts one of them instead of the legitimate deposit address generated by the exchange;
\nvisual deception. The code changes the displayed exchange rates and payout amounts on screen, creating the impression that the \u201carbitrage scheme\u201d is working;
\nresult. The victim sees the familiar interface of a legitimate service but sends money to the hacker\u2019s bitcoin wallet.<\/p>\n

New Android trojan disguised as IPTV apps
\nA new piece of Android malware poses as an IPTV app to steal digital identities and access victims\u2019 bank accounts, reported ThreatFabric researchers.
\nThe Massiv virus uses screen overlays and keylogging to collect sensitive data. It can also establish full remote control of an infected device.
\nDuring the campaign, Massiv targeted a Portuguese government app tied to Chave M\u00f3vel Digital, the national digital authentication and signature system. Data held in these services can be used to bypass KYC checks, access bank accounts and other public and private online services.
\nThreatFabric says there have been cases of bank accounts and services being opened in a victim\u2019s name without their knowledge.
\nMassiv gives operators two modes of remote control:<\/p>\n

screen streaming \u2014 uses the Android MediaProjection API to broadcast the screen in real time;
\nUI-tree mode \u2014 extraction of structured data via the Accessibility Service.<\/p>\n

Source: ThreatFabric.
\nThe second mode lets attackers see text, UI element names and their coordinates. That allows them to press buttons and edit text fields on the user\u2019s behalf. More importantly, the method can bypass screenshot protections often built into banking and finance apps.
\nResearchers noted a striking trend: over the past eight months the use of IPTV apps as lures for infecting Android devices has surged.
\nSource: ThreatFabric.
\nSuch apps often infringe copyright, so they are not available on Google Play. Users are accustomed to downloading APKs from unofficial sources and installing them manually.
\nThe campaign is aimed at residents of Spain, Portugal, France and Turkey.
\nTrezor and Ledger users received phishing letters by post
\nUsers of Trezor and Ledger have begun receiving physical letters sent by scammers purporting to be the makers of the hardware wallets.
\nAccording to cybersecurity specialist Dmitry Smilyanets, the letter he received looked like an official notice from Trezor\u2019s security department.
\nOn company letterhead, the client was instructed to complete a mandatory step: scan a QR code and finish verification on a special website by a set date. Failure to do so would result in the loss of wallet functionality, the letter warned.
\nIn comments under the post, other earlier phishing cases allegedly from Ledger representatives also surfaced. Both letters created urgency, pushing victims to act immediately.<\/p>\n

at least they could have worked on a better phishing page \ud83d\ude2d\ud83d\ude2d
\neven plaintext seed words sent to telegram api\u2026
\ntrezor.authentication-check[.]io\/black\/ pic.twitter.com\/fa85203awR
\n\u2014 Who said what? (@g0njxa) February 12, 2026<\/p>\n

The QR codes in the letters led to malicious sites mimicking the official setup pages for Trezor and Ledger. At the final step, users were forced to enter their seed phrase to \u201cconfirm ownership of the device\u201d.
\nResearcher accuses big firms of tracking Chrome users via extensions
\nA researcher going by Q Continuum found 287 Chrome extensions that transmit all browsing-history data to third-party companies. Their combined installs exceed 37.4 million.
\nUsing an automated testing system, the specialist checked 32,000 plugins from the Chrome Web Store and identified more than 30 companies collecting data.
\nThe analyst argues that extensions offering handy tools are unjustifiably requesting access to browser history. Some additionally encrypt the data, hindering detection.
\nAccording to the researcher, some of the data collection is formally spelled out in privacy policies. Not all users, however, pay due attention to them.
\nThe researcher called out Similarweb, Semrush, Alibaba Group, ByteDance and Big Star Labs, an entity affiliated with Similarweb.
\nUnder suspicion are the Stylish theme customiser and ad blockers (Stands AdBlocker and Poper Blocker, CrxMouse), as well as Similarweb\u2019s own extension (SimilarWeb: Website Traffic & SEO Checker).
\nSource: Q Continuum\u2019s GitHub.
\nRoughly 20 million of the 37.4 million installs could not be tied to specific data recipients.
\nSimilarweb\u2019s privacy policy documents its data collection. The company says it anonymises information on the client side, though it also notes that \u201csome of this data may include personal and confidential information depending on search queries and viewed content\u201d.
\nData of customers of a popular adult-toy maker leaked
\nJapanese company Tenga sent customers notices of a data-security incident, reports TechCrunch.
\nAccording to the notice, \u201can unauthorised party accessed the professional email account of one of our employees\u201d, giving the hacker access to the inbox. This potentially allowed them to view and steal customer names, email addresses and message histories that \u201cmight have included order details or support enquiries\u201d.
\nThe hacker also sent spam to the contact list of the compromised employee, including company clients.
\nAfter publication, a Tenga representative told TechCrunch that a technical examination indicated the leak affected \u201capproximately 600 individuals\u201d in the United States.
\nTenga is a global supplier of adult goods. Given the nature of the products, order and support details are likely to contain personal information many customers prefer not to disclose.
\nThe company has taken several protective measures:<\/p>\n

resetting credentials for the compromised employee;
\nrolling out multi-factor authentication across all systems \u2014 a basic security feature that prevents account access even with a stolen password.<\/p>\n

The representative declined to say whether two-factor authentication was enabled on the email account before the breach.
\nIn Africa, 651 suspects arrested in cybercrime operation
\nLaw enforcement in African countries arrested 651 suspects and seized more than $4.3 million in a joint operation against investment fraud, Interpol reports.
\nRed Card 2.0 targeted cybercriminal groups linked to financial losses exceeding $45 million. Authorities in 16 countries seized 2,341 devices and blocked 1,442 malicious websites, domains and servers.
\nKey results by country:<\/p>\n

Nigeria. Police dismantled an investment-fraud network that recruited young people to conduct phishing attacks, steal identities and run fake investment schemes. More than 1,000 fraudulent social-media accounts were removed. Six gang members who used stolen employee credentials to breach a major telecom provider were also arrested;
\nKenya. Twenty-seven suspects were detained during probes into groups that lured victims into bogus investment projects via social networks and messengers;
\nC\u00f4te d\u2019Ivoire. Fifty-eight people were arrested as part of a crackdown on microloan apps that used hidden fees and illegal debt-collection methods.<\/p>\n

Also on ForkLog:<\/p>\n

OpenAI released a benchmark to assess AI agents\u2019 ability to hack smart contracts.
\nVibe coding via Claude Opus led to the hack of the Moonwell DeFi project.
\nFigure acknowledged a leak of customers\u2019 personal data.
\nFrom a cold wallet held by South Korea\u2019s police, 22 BTC went missing.<\/p>\n

What to read this weekend?
\nIn his novel \u201cBlindsight\u201d, Canadian biologist and writer Peter Watts proposed a radical hypothesis: intelligence can function effectively without consciousness. Nearly 20 years on, the thesis neatly describes generative AI.
\nIn a new piece, ForkLog examines the mistakes we make when anthropomorphising algorithms.<\/p>\n

\t\t\t\t\u041f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0439\u0442\u0435\u0441\u044c \u043d\u0430 ForkLog \u0432 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445<\/p>\n

Found a mistake? Select it and press CTRL+ENTER<\/p>\n

\t\t\t\t\u0420\u0430\u0441\u0441\u044b\u043b\u043a\u0438 ForkLog: \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0440\u0443\u043a\u0443 \u043d\u0430 \u043f\u0443\u043b\u044c\u0441\u0435 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Stealth bitcoin address swaps, a sex-toy maker\u2019s data leak, and other cybersecurity news https:\/\/forklog.com\/en\/stealth-bitcoin-address-swaps-a-sex-toy-makers-data-leak-and-other-cybersecurity-news\/ Publish…<\/p>\n","protected":false},"author":1,"featured_media":189306,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/forklog.com\/wp-content\/uploads\/img-162813c4779cb0c2-4082025297322405.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,35,32,25,27],"class_list":["post-189305","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-hacker","tag-malware","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189305"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=189305"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189305\/revisions"}],"predecessor-version":[{"id":189307,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/189305\/revisions\/189307"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/189306"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=189305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=189305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=189305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}