{"id":211308,"date":"2026-05-09T02:14:00","date_gmt":"2026-05-09T06:14:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/09\/canadas-first-sms-blaster-a-daemon-tools-trojan-and-other-cybersecurity-news\/"},"modified":"2026-05-09T04:00:13","modified_gmt":"2026-05-09T08:00:13","slug":"canadas-first-sms-blaster-a-daemon-tools-trojan-and-other-cybersecurity-news","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/09\/canadas-first-sms-blaster-a-daemon-tools-trojan-and-other-cybersecurity-news\/","title":{"rendered":"Canada\u2019s first SMS blaster, a DAEMON Tools trojan, and other cybersecurity news"},"content":{"rendered":"

Canada\u2019s first SMS blaster, a DAEMON Tools trojan, and other cybersecurity news<\/a><\/p>\n

https:\/\/forklog.com\/en\/canadas-first-sms-blaster-a-daemon-tools-trojan-and-other-cybersecurity-news\/<\/a><\/p>\n

Publish Date: 2026-05-09 02:14:00<\/a><\/p>\n

Source Domain: forklog.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The week\u2019s key cyber stories: Telegram scams, SMS blaster, TeamPCP, DAEMON Tools trojan.<\/p>\n

\t\t\t We round up the week\u2019s biggest cybersecurity stories.<\/p>\n

Fraudsters used Telegram Mini Apps to steal crypto.
\nToronto uncovered the country\u2019s first SMS blaster.
\nVulture hackers targeted the TeamPCP gang.
\nA tainted DAEMON Tools build was found in a hundred countries.<\/p>\n

Fraudsters used Telegram Mini Apps to steal cryptocurrency
\nCybersecurity researchers at CTM360 uncovered a Telegram-based fraud campaign used to steal crypto and spread malware.
\nThe criminals\u2019 platform, FEMITBOT, uses Telegram bots and embedded Mini Apps to create convincing in-app fakes across themes such as crypto, finance, AI tools and streaming.
\nTo build trust, the scammers impersonate well-known brands (Bitget, OKX, Binance, Apple, Coca-Cola, Disney, eBay, MoonPay, Nvidia) while reusing a single back-end across multiple domains and bots.
\nUpon pressing \u201cStart\u201d, the bot launches a Mini App that renders a phishing page in an in-app WebView. The interface shows dashboards with bogus \u201cearnings\u201d figures, often paired with countdown timers or time-limited offers to stoke FOMO.
\nWhen users try to withdraw funds, they are told to make a test deposit or complete referral tasks\u2014a classic investment-fraud tactic.
\nSome Mini Apps push malware as Android APKs, likewise disguised as household brands.
\nThe FEMITBOT kit. Source: CTM360.
\nResearchers say the infrastructure is designed for easy reuse across campaigns. To analyse user activity and optimise the fraud, the operators employ Meta Pixel and TikTok Pixel tracking.
\nToronto uncovers Canada\u2019s first SMS blaster
\nPolice arrested three suspects for operating an SMS blaster in downtown Toronto.
\nSuch devices transmit a stronger signal than nearby cell towers, coercing handsets in range to connect to a fake base station.
\nOnce connected, they can broadcast texts that often contain links to phishing sites mimicking login pages of well-known companies.
\nSMS blasters exploit weaknesses in legacy 2G networks and, beyond the direct threat, disrupt mobile service, including for emergency services.
\nAccording to police, the goal was to steal usernames and passwords, including banking credentials.
\nThe campaign began in November 2025. Over several months, spam messages reached tens of thousands of devices. It is \u201cthe first known instance\u201d of such equipment operating in Canada.
\nA similar device found in Bangkok. Source: Khaosod English.
\nAuthorities noted the rig\u2019s unusual build. Mounted in a car\u2019s rear compartment, it let the operators relocate quickly.
\nIn 2024, Thai police arrested members of a gang using a similar setup. Hauled around Bangkok in a truck bed, it sent nearly a million messages in three days.
\nVulture hackers go after the TeamPCP gang
\nUnknown attackers are actively hunting for systems already compromised by the notorious TeamPCP group, breaking in and locking them down. The campaign, dubbed PCPJack, was identified by SentinelOne senior researcher Alex Delamotte.
\nThe intruders infiltrate the compromised infrastructure and remove backdoors to shut out the prior hackers, then deploy their own tooling, which propagates through cloud networks like a worm.
\nPCPJack\u2019s tools automatically tally the servers wrested back from rivals.
\nThey steal credentials to resell access to other criminals or to extort victims themselves. Whereas most cloud intruders (including TeamPCP) plant cryptominers, PCPJack deliberately removes them. The group prefers to steal cryptocurrency directly, using dedicated routines to capture wallet passwords.
\nAccording to the researcher, the operators do not limit themselves to systems already hit by TeamPCP. They also scan the internet for exposed services such as cloud virtual-machine platforms like Docker and the MongoDB database.
\nIn comments to TechCrunch, Delamotte suggested the hackers could be disgruntled former TeamPCP members, a rival crew or mere copycats.
\nBackdoored DAEMON Tools spotted in a hundred countries
\nHackers implanted a trojan in the installer of DAEMON Tools Lite, a popular disk-imaging utility. Since April 8th they have used it to deploy backdoors on thousands of systems in more than 100 countries, researchers at \u201cKaspersky Lab\u201d reported.
\nAfter users installed the free version of DAEMON Tools, the malicious code dropped a payload to persist and to activate the backdoor on Windows startup.
\nAt the first stage, the attackers used a basic infostealer to collect system data and ship it to attacker-controlled servers for victim profiling. Based on those results, a second stage was initiated on some machines\u2014a backdoor capable of executing commands, downloading files and running code directly in memory.
\nIn some cases the QUIC RAT malware was used; it can inject code into standard processes and supports multiple communication protocols.
\nVictims included retailers, academic, government and industrial organisations in Russia, Belarus and Thailand, as well as home PCs in Russia, Brazil, Turkey, Spain, Germany, France, Italy and China.
\nDAEMON Tools developer Disc Soft continues to investigate the incident. Users who downloaded DAEMON Tools Lite 12.5.1 after April 8th are advised to uninstall the app, run a full system scan and install the latest 12.6 version from the official site.
\nTaiwan arrests student over high-speed rail hack
\nTaiwanese authorities detained a student suspected of hacking the TETRA communications system used by the country\u2019s high-speed rail network (THSR), Newtalk reported.
\nTHSR is a 350 km double-track line along Taiwan\u2019s west coast, with trains reaching 300 km\/h.
\nOn April 5th, a citizen surnamed Lin halted four trains for 48 minutes using a SDR and handheld radios to transmit a high-priority \u201cGeneral Alarm\u201d signal, triggering emergency braking.
\nTHSR train. Source: Unsplash\/Kaden Taylor.
\nBefore the attack, Lin intercepted and decoded radio parameters using equipment bought on a marketplace. He then programmed the captured data into handheld radios to transmit signals that mimicked official radio beacons.
\nAccording to police, an accomplice helped Lin configure the setup. THSR had been in operation for 19 years and its parameters apparently had not changed, allowing the hacker to bypass seven verification layers.
\nAfter the incident, THSR specialists examined logs and found the signal had been sent from a beacon that was not assigned to duty. The company concluded the signal had been cloned without authorisation.
\nInvestigators reviewed CCTV and TETRA network server records, leading them to the suspect\u2019s residence. A search found and seized 11 handheld radios, one SDR device and a laptop.
\nSource: UDN.
\nLin faces up to ten years in prison. His lawyer claims the alarm transmission was accidental, but authorities find the explanation unconvincing.
\nAlso on ForkLog:<\/p>\n

Aave liquidated the Kelp hacker\u2019s positions.
\nMarket maker TrustedVolumes was hacked for $6 million.
\nBitcoin Core developers fixed a critical vulnerability.
\nLawyers for DPRK victims reclassified the Kelp hack as credit fraud.
\nA hacker stole $1.4 million via a vulnerability in Ekubo\u2019s contract.
\nNorth Korea called allegations of hacking crypto projects \u201cabsurd slander\u201d.<\/p>\n

What to read at the weekend?
\nForkLog unpacks what really happened to the InfoFi segment\u2014and how it might return.<\/p>\n

\t\t\t\t\u041f\u043e\u0434\u043f\u0438\u0441\u044b\u0432\u0430\u0439\u0442\u0435\u0441\u044c \u043d\u0430 ForkLog \u0432 \u0441\u043e\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0435\u0442\u044f\u0445<\/p>\n

\u041d\u0430\u0448\u043b\u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0442\u0435\u043a\u0441\u0442\u0435? \u0412\u044b\u0434\u0435\u043b\u0438\u0442\u0435 \u0435\u0435 \u0438 \u043d\u0430\u0436\u043c\u0438\u0442\u0435 CTRL+ENTER<\/p>\n

\t\t\t\t\u0420\u0430\u0441\u0441\u044b\u043b\u043a\u0438 ForkLog: \u0434\u0435\u0440\u0436\u0438\u0442\u0435 \u0440\u0443\u043a\u0443 \u043d\u0430 \u043f\u0443\u043b\u044c\u0441\u0435 \u0431\u0438\u0442\u043a\u043e\u0438\u043d-\u0438\u043d\u0434\u0443\u0441\u0442\u0440\u0438\u0438!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Canada\u2019s first SMS blaster, a DAEMON Tools trojan, and other cybersecurity news https:\/\/forklog.com\/en\/canadas-first-sms-blaster-a-daemon-tools-trojan-and-other-cybersecurity-news\/ Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":211311,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/forklog.com\/wp-content\/uploads\/img-0d29207317a2556b-4082033270945473.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,35,36,32,25,27],"class_list":["post-211308","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-hacker","tag-infostealer","tag-malware","tag-phishing","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211308"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=211308"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211308\/revisions"}],"predecessor-version":[{"id":211312,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211308\/revisions\/211312"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/211311"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=211308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=211308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=211308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}