{"id":202115,"date":"2026-04-04T02:37:00","date_gmt":"2026-04-04T06:37:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/04\/prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news\/"},"modified":"2026-04-04T04:05:12","modified_gmt":"2026-04-04T08:05:12","slug":"prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/04\/prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news\/","title":{"rendered":"Prank trojan in Russia, European Commission data leak, and other cybersecurity news"},"content":{"rendered":"<p><a href=\"https:\/\/forklog.com\/en\/prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news\/\">Prank trojan in Russia, European Commission data leak, and other cybersecurity news<\/a><\/p>\n<p><a href=\"https:\/\/forklog.com\/en\/prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news\/\">https:\/\/forklog.com\/en\/prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-04 02:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"forklog.com\">forklog.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>             This week in cybersecurity: a prankish trojan, C2 via Spotify, a $53m DEX hack, and an EU data breach.<\/p>\n<p>\t\t\t                        Here are the week\u2019s key cybersecurity developments.<\/p>\n<p>Spied, swapped crypto addresses and taunted victims: a prankish trojan found in Russia.<br \/>\nC2 addresses for crypto-stealing malware found on Spotify and Chess.com.<br \/>\nHacker charged over $53m theft from the Uranium exchange.<br \/>\nResearchers found an updated seed-phrase stealer for Apple and Android.<\/p>\n<p>Spied, swapped crypto addresses and taunted victims: prank trojan uncovered in Russia<br \/>\nResearchers at Kaspersky Lab identified an active campaign in Russia spreading a new trojan. CrystalX is marketed under a CaaS model via ads on the social platforms Telegram and YouTube.<br \/>\nThe software acts as both a spy and a stealer, enabling the following:<\/p>\n<p>steal browser credentials as well as Steam, Discord and Telegram accounts;<br \/>\nsilently replace crypto-wallet addresses in the clipboard;<br \/>\ncovertly record audio and video from the screen and webcam.<\/p>\n<p>Its distinguishing feature is real-time mockery of the user. The panel includes a dedicated Rofl section with commands to:<\/p>\n<p>download an image from a specified URL and set it as the desktop background;<br \/>\nrotate the display by 90\u00b0, 180\u00b0 or 270\u00b0;<br \/>\nshut down the OS via shutdown.exe;<br \/>\nswap left- and right-mouse-button functions;<br \/>\nturn off the monitor and lock input;<br \/>\nmake the cursor jitter at short intervals;<br \/>\nhide all desktop icons and disable the taskbar, Task Manager and cmd.exe.<\/p>\n<p>The attacker can also send a message to the victim, opening a dialog box for two-way chat.<br \/>\nSource: Kaspersky Lab.<br \/>\nAs Leonid Bezvershenko, a senior Kaspersky GReAT expert, said in a comment to \u201cKod Durova\u201d, the malware is under active development and support by its creators. He expects victim numbers to rise as the campaign\u2019s geography widens.<br \/>\nExperts advise downloading apps only from official stores, installing a reputable antivirus, and enabling file-extension display in Windows to avoid accidentally launching .EXE, .VBS or .SCR files.<br \/>\nC2 addresses for crypto-stealing malware found on Spotify and Chess.com<br \/>\nResearchers at Solar 4RAYS found that hackers hide the controlling servers for the MaskGram stealer in Spotify and Chess.com profiles.\u00a0<br \/>\nMaskGram targets the theft of accounts and cryptocurrencies and can fetch additional modules.<br \/>\nThe malware collects data about the system, running processes and installed applications, and takes screenshots. It harvests information from Chromium-based browsers, crypto wallets, email clients, messengers and VPN apps.<br \/>\nAttackers distribute the software via social engineering, posing as cracked versions of paid tools for mass checking of logins and passwords against leaked databases, such as Netflix Hunter Combo Tool, Steam Combo Extractor and Deezer Checker.<br \/>\nAccording to experts, the malware uses the \u201cdead drop\u201d technique, or Dead Drop Resolver (DDR), which allows operators to store C2 information on public services and rotate it quickly.<br \/>\nAn infected machine reaches out not to a suspicious IP but to Spotify or Chess.com, mimicking ordinary user activity.<br \/>\nThe \u201cabout\u201d field in a Chess.com user profile. Source: Solar 4RAYS.<br \/>\nEach platform uses its own markers. For Chess.com, for example, it is the user profile\u2019s about field. The extracted string is decoded into the server domain.<br \/>\nIn March, Aikido specialists documented the use of the dead-drop technique by the GlassWorm stealer in crypto transactions on the Solana blockchain.<br \/>\nHacker charged over $53m theft from Uranium crypto exchange\u00a0<br \/>\nUS prosecutors charged Jonathan Spalletta with stealing more than $53m from the Uranium Finance crypto exchange and laundering the proceeds.<br \/>\nIn April 2021, Spalletta (also known as Cthulhon) hacked the BNB Chain-based Uranium decentralized exchange (DEX). The shortfall forced the company to shut down.<br \/>\nIn February 2025, during a search, law enforcement seized valuables from the suspect\u2019s home and restored access to cryptocurrency worth around $31m.<br \/>\nAccording to authorities, Spalletta laundered the stolen assets through DEXs and the mixer Tornado Cash. He spent the proceeds on collectibles:<\/p>\n<p>a Magic: The Gathering \u201cBlack Lotus\u201d card \u2014 ~$500,000;<br \/>\n18 sealed Alpha Edition Magic: The Gathering boosters \u2014 ~$1.5m;<br \/>\na complete first-edition Pok\u00e9mon base set \u2014 ~$750,000;<br \/>\nan ancient Roman coin minted to commemorate the assassination of Julius Caesar \u2014 over $601,000.<\/p>\n<p>He faces up to ten years in prison on computer-fraud charges and up to 20 years if convicted of money laundering.<br \/>\nResearchers find updated seed-phrase stealer targeting Apple and Android<br \/>\nKaspersky Lab researchers found a new variant of the SparkCat cryptocurrency-stealing malware in the Apple App Store and Google Play Store, The Hacker News reports.<br \/>\nThe stealer masquerades as innocuous apps such as corporate messengers and food-delivery services. In the background it scans victims\u2019 photo galleries for crypto-wallet seed phrases.<br \/>\nExperts analyzed two tainted apps in the App Store and one in Google Play. They are aimed mainly at crypto users in Asia:<\/p>\n<p>iOS variant. Scans crypto-wallet mnemonic phrases in English. This approach makes the iOS version potentially more dangerous globally, as it can affect users regardless of region;<br \/>\nAndroid variant. The updated version adds several layers of code obfuscation compared with earlier builds. It uses code virtualization and cross-platform programming languages to evade analysis. It also looks for keywords in Japanese, Korean and Chinese, underscoring a focus on Asia.<\/p>\n<p>Experts believe a Chinese- or Russian-speaking operator is involved. The threat is actively evolving, and those behind it have strong technical skills.<br \/>\nEuropean Commission confirms data breach after ShinyHunters attack<br \/>\nThe European Commission (EC) confirmed a data leak following a cyberattack on the Europa.eu web platform, for which the ShinyHunters extortionists claimed responsibility.<br \/>\nThe EC said the incident did not disrupt the portal\u2019s operations and was contained.<br \/>\nAlthough the Commission provided no details, the attackers told BleepingComputer they had stolen more than 350GB of data, including several databases. They did not reveal how they compromised AWS accounts but shared screenshots indicating access to some EC staff accounts.<br \/>\nThe group also posted on its dark-web leak site, claiming more than 90GB of files were taken:<\/p>\n<p>mail-server dumps;<br \/>\ndatabases;<br \/>\nconfidential documents and contracts;<br \/>\nother sensitive materials.<\/p>\n<p>Source: BleepingComputer.\u00a0<br \/>\nAlso on ForkLog:<\/p>\n<p>Solana project Drift Protocol lost $280m.<br \/>\nCertiK warned of cryptocurrency-theft risks via OpenClaw.<\/p>\n<p>What to read this weekend?<br \/>\nDrawing on research teams\u2019 data, corporate reports and the state of play, ForkLog examines how brain\u2013computer interface technologies are evolving.<\/p>\n<p>\t\t\t\t\u041f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0439\u0442\u0435\u0441\u044c \u043d\u0430 ForkLog \u0432 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445<\/p>\n<p>            Found a mistake? Select it and press CTRL+ENTER<\/p>\n<p>\t\t\t\t\u0420\u0430\u0441\u0441\u044b\u043b\u043a\u0438 ForkLog: \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0440\u0443\u043a\u0443 \u043d\u0430 \u043f\u0443\u043b\u044c\u0441\u0435 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438!<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Prank trojan in Russia, European Commission data leak, and other cybersecurity news https:\/\/forklog.com\/en\/prank-trojan-in-russia-european-commission-data-leak-and-other-cybersecurity-news\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":202116,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/u1f987.com\/wp-content\/uploads\/img-b5d7b9875a5427f0-4082029324633328.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,35,32],"class_list":["post-202115","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-hacker","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202115"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=202115"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202115\/revisions"}],"predecessor-version":[{"id":202117,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/202115\/revisions\/202117"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/202116"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=202115"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=202115"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=202115"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}