Accountability, Cryptocurrency, Information Security and Malware

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. SecurityAffairs – hacking, malware).

Accountability

Accountability Malware Data breaches Passwords

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. environment. The author used Node.js

Accountability

Accountability Cryptocurrency Malware Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

New Bandit Stealer targets web browsers and cryptocurrency wallets

Security Affairs

MAY 28, 2023

Bandit Stealer is a new stealthy information stealer malware that targets numerous web browsers and cryptocurrency wallets. Trend Micro researchers discovered a new info-stealing malware, dubbed Bandit Stealer, which is written in the Go language and targets multiple browsers and cryptocurrency wallets.

Cryptocurrency

Cryptocurrency Malware Advertising Phishing

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. csproj or.vcxproj), it is automatically executed when the project is built.

Malware

Malware Cryptocurrency Encryption Hacking

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Security Affairs

JANUARY 11, 2024

The X account of cybersecurity firm Mandiant was likely hacked through a brute-force password attack, the company revealed. Last week, threat actors hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam. ” the company said on X.

Accountability

Accountability Hacking Cryptocurrency Cybersecurity

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

New PHP Version of Ducktail info-stealer hijacks Facebook Business accounts

Security Affairs

OCTOBER 15, 2022

Experts spotted a PHP version of an information-stealing malware called Ducktail spread as cracked installers for legitimate apps and games. Zscaler researchers discovered a PHP version of an information-stealing malware tracked as Ducktail. The end goal is to hijack Facebook Business accounts managed by the victims.

Accountability

Accountability Malware Cryptocurrency Media

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. ” states the report published by Trend Micro.

Cryptocurrency

Cryptocurrency IoT Software Malware

Hackers stole €1.2m worth of cryptocurrency from 2gether

Security Affairs

AUGUST 3, 2020

2gether has disclosed a security breach, hackers have stolen roughly €1.2 million worth of cryptocurrency from cryptocurrency investment accounts. . Hackers stole roughly €1.183 million worth of cryptocurrency from investment accounts of 2gether, 26.79% of overall funds stored by the accounts.

Cryptocurrency

Cryptocurrency Accountability Hacking Advertising

3CX Supply chain attack allowed targeting cryptocurrency companies

Security Affairs

APRIL 4, 2023

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack. The wirexpro[.]com

Cryptocurrency

Cryptocurrency Malware Software Manufacturing

New Zealand-based cryptocurrency exchange Cryptopia hacked again

Security Affairs

FEBRUARY 28, 2021

The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. According to the local news site Stuff , a creditor, U.S.

Cryptocurrency

Cryptocurrency Hacking Cyber Attacks Accountability

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware

Malware DDOS Cryptocurrency Firewall

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency

Cryptocurrency Hacking InfoSec Data breaches

Attackers are abusing GitHub infrastructure to mine cryptocurrency

Security Affairs

APRIL 3, 2021

Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Perdok told The Record that he has identified at least one account responsible for the creation of hundreds of Pull Requests containing malicious code. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Accountability Software Engineering

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. ” continues the analysis.

Malware

Malware Cryptocurrency Advertising Accountability

German police seized the dark web marketplace Kingdom Market

Security Affairs

DECEMBER 20, 2023

The Kingdom Market was established in March 2021, the offer of the dark web marketplace included drugs, malware, stolen data, and forged documents. Kingdom Market boasted tens of thousands of customer accounts and several hundred registered sellers, featuring a listing that comprised 42,000 items. ” states US court documents.

Marketing

Marketing Cryptocurrency Accountability Banking

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. for helping North Korea-linked hackers in laundering cryptocurrency. The cryptocurrency have been stolen by the APT groups from two cryptocurrency exchanges. and Li Jiadong (???),

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware

Malware Software Technology Accountability

Hacker stole $2 million worth of Dai cryptocurrency from Akropolis

Security Affairs

NOVEMBER 13, 2020

Threat actors have stolen $2 million worth of Dai cryptocurrency from the cryptocurrency borrowing and lending service Akropolis. Cryptocurrency borrowing and lending service Akropolis disclosed a “flash loan” attack, hackers have stolen roughly $2 million worth of Dai cryptocurrency. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Hacking Accountability Information Security

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. ” states the DoJ. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware

Malware Cryptocurrency Architecture Engineering

Law enforcement operation dismantled 911 S5 botnet

Security Affairs

MAY 30, 2024

Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from your devices or machines.

VPN

VPN Cryptocurrency Malware Software

New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users

Security Affairs

JANUARY 5, 2021

Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously undetected RAT named ElectroRAT. ” continues the variant.

Cryptocurrency

Cryptocurrency Media Advertising Marketing

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The malware has been active since 2021 and evolves over time. targets over 200 banking and cryptocurrency exchange apps. SecurityAffairs – hacking, SOVA Android banking malware). Pierluigi Paganini.

Encryption

Encryption Malware Banking Ransomware

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Security Affairs

SEPTEMBER 16, 2022

Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners. The malicious code can also act as first-stage malware. “Cybercriminals actively hunt for gaming accounts and gaming computer resources. ” reads the report published by Kaspersky.

Malware

Malware Cryptocurrency Hacking Passwords

U.S. and Australian police arrested Firebird RAT author and operator

Security Affairs

APRIL 14, 2024

He explained to one buyer that the malware allowed access to another person’s computer without their knowledge. When informed that the target had significant cryptocurrency and project files, Chakhmakhchyan agreed to sell the Hive RAT. ” reported the DoJ. ” continues DoJ.

Computers and Electronics

Computers and Electronics Advertising Cryptocurrency Malware

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 28, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime

Cybercrime Spyware Data breaches Antivirus

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware

Malware Advertising Government Cryptocurrency

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Malware-as-a-Service (MaaS) was advertised on a Dark Web forum by a Russian-speaking threat actor.

Malware

Malware Password Management Authentication Passwords

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. The group created multiple domains to trick recruiters into registering for an account. The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff APT group.

Social Engineering

Social Engineering Cryptocurrency Engineering Malware

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JANUARY 2, 2024

JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader. Researchers from Palo Alto Networks and Symantec warned of a new Go-based malware loader called JinxLoader, which is being used to deliver next-stage payloads such as Formbook and XLoader. net on 2023-04-30.

Malware

Malware Passwords Cryptocurrency Hacking

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Security Affairs

FEBRUARY 19, 2024

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. The malware is now promoted on English-speaking hacking forums, it works on both 32-bit and 64-bit operating systems. in the stolen data.

Identity Theft

Identity Theft Cryptocurrency Cybercrime Hacking

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Advertising Phishing Passwords

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Security Affairs

JANUARY 4, 2024

Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner. The packages have the same author, known as “sastra”, who created a PyPI account shortly before uploading the first of them. The first stage of the malware resides in the processor.py

Cryptocurrency

Cryptocurrency Accountability Malware Hacking

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. “Dragos only tested the DirectLogic-targeting malware.

Passwords

Passwords Software Firmware Malware

Twitter reveals that hackers also downloaded data from eight compromised accounts

Security Affairs

JULY 19, 2020

The social media giant Twitter confirmed that hackers compromised 130 accounts in last week hack and downloaded data from eight of them. The social media platform Twitter suffered one of the biggest cyberattacks in its history, multiple high-profile accounts were hacked. You send $1,000, I send you back $2,000.”.

Accountability

Accountability Social Engineering Media Hacking

YouTube creators’ accounts hijacked with cookie-stealing malware

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Webinars

Trending Sources

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Webinars

New Bandit Stealer targets web browsers and cryptocurrency wallets

Crooks manipulate GitHub’s search results to distribute malware

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

DarkGate malware campaign abuses Skype and Teams

New PHP Version of Ducktail info-stealer hijacks Facebook Business accounts

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Hackers stole €1.2m worth of cryptocurrency from 2gether

3CX Supply chain attack allowed targeting cryptocurrency companies

New Zealand-based cryptocurrency exchange Cryptopia hacked again

New shc Linux Malware used to deploy CoinMiner

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Attackers are abusing GitHub infrastructure to mine cryptocurrency

New MrbMiner malware infected thousands of MSSQL DBs

German police seized the dark web marketplace Kingdom Market

US officials charge two Chinese men for laundering cryptocurrency for North Korea

3CX Breach Was a Double Supply Chain Compromise

Hacker stole $2 million worth of Dai cryptocurrency from Akropolis

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Xenomorph malware is back after months of hiatus and expands the list of targets

Interview With a Crypto Scam Investment Spammer

XCSSET malware now targets macOS 11 and M1-based Macs

Law enforcement operation dismantled 911 S5 botnet

New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users

SOVA Android malware now also encrypts victims’ files

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

U.S. and Australian police arrested Firebird RAT author and operator

New Lobshot hVNC malware spreads via Google ads

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Wannacry, the hybrid malware that brought the world to its knees

Threat actors target crypto and NFT communities with Babadeda crypter

USCYBERCOM shares five new North Korea-linked malware samples

Erbium info-stealing malware, a new option in the threat landscape

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

Experts warn of JinxLoader loader used to spread Formbook and XLoader

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Twitter reveals that hackers also downloaded data from eight compromised accounts

Stay Connected