A child and a monkey with weird technology

The weirdest security stories of 2022

There’s been a lot of weird and frankly bizarre attacks over the course of 2022, nestled in amongst the usual ransomware outbreaks and data breaches.

Whether we’re talking social media, email, or even malware, there’s been a mind bending tale of tall behaviour in almost every corner. It’s time to forget about nation state attacks and the nagging sensation that every single piece of data ever created has ended up on a TOR site somewhere.

For one brief moment in time, we’re going to wallow in weirdness.

419 scams…in spaaaaaaaaaace

There’s not many individual scams which can put “18 years and counting” on their resume. However, what we have here is something very odd and very special. Way back in 2004, a spam email claimed that assistance was needed for a lost astronaut. Supposedly trapped on a top secret Soviet space station, the astronaut’s cousin implored recipients to help bring the missing astronaut home. Of course, this was tied into a nonsensical scam about recovering lots of lost money should he be brought safely back.

So yes, it’s weird…but it’s just a one off. Right?

Well, no. Turns out this baffling attempt at parting people from their money would come back around every so often. To be more precise, 2010, 2016, and now 2022 with a whole new astronaut to recover. This feels like less of a final frontier and more of a never ending, he’ll be back again in a few years frontier. See you in 2026?

A dance off of destruction

If you’ve ever pondered how certain people give off bad vibes, you’ll be one step closer to understanding how other types of bad vibes stand a chance of destroying your hard drive. If you happened to be one of the few people running a certain type of OEM hard drive on a Windows XP desktop, Janet Jackson was someone to avoid.

How so? Because the video for Rhythm Nation matched a resonant frequency identical to those hard drives. When the two clashed, there would be only one winner and it wasn’t the hard drive.

Amazingly, it was possible to crash a second device in the same room while playing the video on the first. Even Michael wasn’t able to pull something like that off.

Monkeying around with digital artists

Apes! NFTs! Cyberpunk! Wait, what?

In May, artists offering their wares on several platforms were approached by individuals claiming to represent the “Cyberpunk Ape Executives”, because of course they were. The “executives” claimed to have wonderful ape-related NFT projects waiting in the wings. $200 to $350 per day is not an untidy sum for artists, many of who may not pull in anything close to that from commissions.

Sadly, it was all a large ape-shaped lie. The supposed promo zip for the project contained a number of ape pictures and an infostealer. While there was no direct evidence of account theft from the malware file, numerous accounts caught out by this attack were indeed compromised. Whether those compromises specifically were via some additional form of social engineering, we’ll likely never know.

Invisible ads for thee but not for me

You might think that adverts designed not to be seen sounds like some sort of wonderful utopia. Finally, you can set down your ad blockers and your beacon trackers and presumably wander into the woods a free person.

However, you might miss the ads in the woods, but the people watching you walk around will see ads galore. Amazon decided to trial ad technology which displays ads in Twitch streams, but the ads are only visible to certain people. If you’re the player, you won’t see them. If you’re watching the stream, you will.

Given how hard game developers work to ensure players are often funnelled into locations where they see ads, this all sounds somewhat counterintuitive. You’re not only trying to drag a player to a place where an ad exists, but also draw them towards the nice shiny ad in the first place. If you have a darkly lit area and the one beacon of light is a giant billboard containing an ad, you’re achieving both of your goals in one fell swoop. If there’s no cool looking ad further pulling the player where you want them to go, they might simply not go there.

This may well turn out to be a case of Amazon seeing how well we’ve trained players to follow the trail of digital breadcrumbs. Will they gravitate towards ads while not being able to see them? Or wander off in all the wrong places, much to the frustration of the ad teams? Only time will tell.

Mark Ruffalo deepfake smashes life savings

“Mark Ruffalo deepfake romance scam”. What a sentence. What a world. One of the biggest questions about this whole endeavour is “Why Mark Ruffalo”? He seems nice enough, but why did a scammer sit down and decide to use the Hulk actor specifically as bait for this romance scam? Was deepfake Chris Evans not available?

What we do know is that a well known Manga artist was tricked into handing over large amounts of money at the behest of a deepfake Mark Ruffalo. A video call lasting just half a minute was enough to convince Chikae Ide to part with roughly half a million dollars in return for deepfake Mark Ruffalo’s undying love. While all of the other deepfake scammers in 2018 were making dubious pornography or supposedly figuring out how to cause trouble during elections, this scammer decided to ignore all of that and smash and grab someone’s savings.

A carnival of fake cricket

In what may perhaps be the oddest story of this year, a small village became the stage for a fake cricket gambling operation, complete with live streams of the fake cricket games, a commentator used who sounds like an actual syndicated cricket commentator, and even fake crowd cheers piped in through speakers as the games went on.

The bogus operation hit 47 videos and 49k views on its YouTube channel before law enforcement broke up the operation.

There really is no limit to how far some people will go to turn a quick bit of profit.

We can only hope that 2023 is slightly more sensible, with significantly fewer scams and technical oddities. No more fake movie stars, an end to lost astronauts, and most definitely an End of Line for hard drives vibrating themselves into the digital afterlife.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.