{"id":207963,"date":"2026-05-02T02:18:00","date_gmt":"2026-05-02T06:18:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/02\/arrests-of-roblox-account-thieves-near-lviv-a-hack-of-a-chinese-task-scheduler-for-mining-and-other-cybersecurity-developments\/"},"modified":"2026-05-02T04:25:11","modified_gmt":"2026-05-02T08:25:11","slug":"arrests-of-roblox-account-thieves-near-lviv-a-hack-of-a-chinese-task-scheduler-for-mining-and-other-cybersecurity-developments","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/02\/arrests-of-roblox-account-thieves-near-lviv-a-hack-of-a-chinese-task-scheduler-for-mining-and-other-cybersecurity-developments\/","title":{"rendered":"Arrests of Roblox account thieves near Lviv, a hack of a Chinese task scheduler for mining, and other cybersecurity developments"},"content":{"rendered":"

Arrests of Roblox account thieves near Lviv, a hack of a Chinese task scheduler for mining, and other cybersecurity developments<\/a><\/p>\n

https:\/\/forklog.com\/en\/arrests-of-roblox-account-thieves-near-lviv-a-hack-of-a-chinese-task-scheduler-for-mining-and-other-cybersecurity-developments\/<\/a><\/p>\n

Publish Date: 2026-05-02 02:18:00<\/a><\/p>\n

Source Domain: forklog.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

This week\u2019s key cybersecurity developments.<\/p>\n

\t\t\t A round-up of the week\u2019s most important cybersecurity news.<\/p>\n

Law enforcement mounted operations against scam centres in Europe, the UAE and Thailand.
\nResearchers found a phishing kit with AI features.
\nHackers from Drohobych sold Roblox players\u2019 credentials for nearly \u20b410m.
\nA critical flaw in ransomware software causes irreversible data loss.<\/p>\n

Law enforcement targeted scam centres in Europe, the UAE and Thailand
\nIn a joint operation, authorities from the US, China, the UAE and Thailand shut down nine cryptocurrency scam centres and arrested 276 suspects. The US Department of Justice published the report.
\nThose detained in the UAE and Thailand used \u201cpig butchering\u201d schemes. Once victims agreed, they lost access to the \u201cinvested\u201d cryptocurrency. The criminals also urged them to borrow from relatives and take out loans.
\nMyanmar national Thet Min Nyi has been charged with conspiracy to commit fraud and money laundering. Investigators allege he served as a manager and recruiter for a criminal outfit known as Ko Thet Company. Members of the Sanduo Group and Giant Company also await trial.\u00a0
\nIn Europe last week, authorities dismantled a scam network that is believed to have caused more than \u20ac50m in losses to victims worldwide.
\nThe joint Europol-Eurojust operation, launched in June 2023, led to the arrest of ten suspects and searches at three call centres and nine private residences in Austria and Albania.
\nScam centre in Tirana. Source: Europol.
\nAccording to investigators, victims were lured to bogus investment platforms via search-engine and social-media ads. In reality, funds were routed into an international money-laundering scheme. In a second wave of fraud, the criminals recontacted \u201cclients\u201d offering help to recover lost assets, demanding a further \u20ac500 in cryptocurrency as an upfront fee.
\nThe scamming network was registered as a legitimate business with 450 employees. Operators worked in language-based teams of six to eight, earning around \u20ac800 per month plus bonuses.
\nResearchers found a phishing kit with AI features
\nCybersecurity specialists at Varonis uncovered the Bluekit phishing toolkit. It offers attackers more than 40 templates imitating popular services and includes a built-in AI assistant to draft malicious campaigns.
\nThe kit provides scripts targeting email (Outlook, Hotmail, Gmail, Yahoo, ProtonMail), iCloud, GitHub and the Ledger crypto wallet.
\nBluekit\u2019s main draw is its AI Assistant panel, which supports multiple models, including Llama, GPT-4.1, Claude, Gemini and DeepSeek. The tool helps cybercriminals compose phishing emails.
\nVaronis believes the feature is experimental. A test attack draft had a useful structure but contained generic link fields, placeholders for QR codes and text requiring polishing before use.
\nSource: Varonis.
\nBeyond AI, Bluekit folds management of the entire attack lifecycle into a single console:<\/p>\n

domain registration. Purchase and configure addresses directly from the interface;
\ncampaign management. Build phishing pages with realistic designs and logos of well-known brands such as Zara, Zoho and Ledger;
\nfine-tuning. Block traffic via VPNs and proxies, cut off automated analysis systems and set filters based on device fingerprints;
\ndata capture. Exfiltrate stolen information via Telegram to hackers\u2019 private channels.<\/p>\n

Source: Varonis.
\nThe platform can track victims\u2019 sessions in real time, including cookies, local storage and the state of the active session post-login. This helps attackers adjust their campaigns for maximum effect.
\nDespite being under active development, the product is evolving quickly and could gain wide adoption, researchers say.
\nHackers from Drohobych sold Roblox players\u2019 credentials for nearly \u20b410m
\nLaw enforcement in Lviv region arrested fraudsters who stole Roblox accounts worth \u20b410m, according to the Office of the Prosecutor General of Ukraine.
\nAccording to investigators, three residents of Drohobych promoted infostealers disguised as tools to enhance gameplay. With the malware, the hackers gained access to victims\u2019 credentials.
\nSource: Office of the Prosecutor General of Ukraine.
\nThe accesses obtained were checked with a special programme (a checker) that revealed account contents. From October 2025 to January 2026, more than 610,000 accounts were sifted to find the most valuable. The data were sold for cryptocurrency on Russian platforms.
\nFollowing ten searches, officers seized equipment, records, more than \u20ac2,500 and about $35,000. The suspects have been notified of suspicion of theft and cybercrime.
\nA critical flaw in ransomware software causes irreversible data loss
\nCheck Point researchers have found a serious defect in the handling of cryptographic nonces in the VECT 2.0 ransomware. Instead of encrypting, the bug destroys data beyond recovery.
\nThe issue lies in how VECT 2.0 handles files larger than 128KB. To speed up processing, the program splits objects into four parts and encrypts them separately. But programming-logic errors lead to catastrophic results:<\/p>\n

All parts of a file use the same memory buffer for nonce output. Each newly generated key overwrites the previous one.
\nAs a result, only a single part remains and is written to disk.
\nOnly the last 25% of a file can be recovered. The first three parts cannot be decrypted because the unique numbers required were irretrievably lost during execution.<\/p>\n

Even if a victim pays, the attackers cannot decrypt the data because the deleted nonces are not sent to their servers.
\nResearchers note the 128KB threshold is tiny, covering virtually all valuable corporate information:<\/p>\n

virtual-machine images;
\ndatabases and backups;
\noffice documents, spreadsheets and mailboxes.<\/p>\n

This turns the malware from ransomware into a straightforward wiper, making ransom payments pointless. The flaw affects all VECT 2.0 variants \u2014 Windows, Linux and ESXi.
\nIncorrect cipher name in the operators\u2019 advert. Source: Check Point.
\nAccording to experts, VECT was actively advertised on the BreachForums hacking platform. Operators invited users to become partners and distributed access keys via private messages.\u00a0
\nLater, the group announced a partnership with TeamPCP \u2014 the team behind recent supply-chain attacks on Trivy, LiteLLM, Telnyx and the European Commission. The aim was to use victims to deploy ransomware.
\nHackers breached the Qinglong task scheduler to mine cryptocurrency
\nAttackers exploited two authentication-bypass vulnerabilities in the Qinglong task scheduler to mine cryptocurrency surreptitiously on developers\u2019 servers, according to cybersecurity firm Snyk.
\nQinglong is an open-source Python\/JS task-management platform popular among Chinese developers.
\nThe remote-code-execution infection chain affected Qinglong version 2.20.1 and earlier.
\nResearchers say the root cause lay in a mismatch between the middleware\u2019s authorisation logic and how the Express.js web framework routed requests. The authentication layer assumed certain URL patterns would always be handled in one way, whereas Express.js behaved differently.
\nAccording to Snyk, the attackers\u2019 campaign began on February 7th 2026. Qinglong users were the first to spot a hidden malicious process, .FULLGC, whose name mimicked a standard resource-intensive task to evade notice.\u00a0
\nThe miner consumed 85\u2013100% of CPU and targeted Linux, ARM64 and macOS systems. Qinglong\u2019s developers fixed the flaw in PR 2941.
\nAlso on ForkLog:<\/p>\n

April set a record for hacks in the crypto industry.
\nA hacker withdrew more than $5m from the Wasabi protocol.
\nZetaChain disclosed details of a $334,000 cross-chain attack.
\nHackers attacked the Scallop DeFi protocol.
\nLitecoin underwent a block reorg due to a zero-day bug.<\/p>\n

What to read this weekend?
\nFor those who missed the month\u2019s highlights, ForkLog has prepared a short recap.\u00a0<\/p>\n

\t\t\t\t\u041f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0439\u0442\u0435\u0441\u044c \u043d\u0430 ForkLog \u0432 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445<\/p>\n

\u041d\u0430\u0448\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0442\u0435\u043a\u0441\u0442\u0435? \u0412\u044b\u0434\u0435\u043b\u0438\u0442\u0435 \u0435\u0435 \u0438 \u043d\u0430\u0436\u043c\u0438\u0442\u0435 CTRL+ENTER<\/p>\n

\t\t\t\t\u0420\u0430\u0441\u0441\u044b\u043b\u043a\u0438 ForkLog: \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0440\u0443\u043a\u0443 \u043d\u0430 \u043f\u0443\u043b\u044c\u0441\u0435 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Arrests of Roblox account thieves near Lviv, a hack of a Chinese task scheduler for…<\/p>\n","protected":false},"author":1,"featured_media":207964,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/forklog.com\/wp-content\/uploads\/img-b5d7b9875a5427f0-4082029324633328.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,35,32,25],"class_list":["post-207963","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-hacker","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207963"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207963"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207963\/revisions"}],"predecessor-version":[{"id":207965,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207963\/revisions\/207965"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207964"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}