2014, Accountability, Cryptocurrency and Malware

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. ” continues the analysis.

Malware

Malware Cryptocurrency Advertising Accountability

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. for helping North Korea-linked hackers in laundering cryptocurrency. The cryptocurrency have been stolen by the APT groups from two cryptocurrency exchanges. and Li Jiadong (???),

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. ” states the DoJ. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware

Malware Advertising Government Cryptocurrency

CookieMiner Mac Malware steals browser cookies and sensitive Data

Security Affairs

JANUARY 31, 2019

Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites. The malware targets cookies associated with cryptocurrency exchanges such as Binance , Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

Malware

Malware Cryptocurrency Authentication Advertising

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the backdoors are embedded in installers for apparently legitimate applications, such as AnyDesk.

Malware

Malware Cybercrime Banking Software

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Advertising Phishing Passwords

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. The BlackRock malware borrows the code from the Xerxes banking malware, which is a strain of the popular LokiBot Android trojan. Coinbase, BitPay, and Coinbase), and banks (i.e.

Malware

Malware Banking Mobile Spyware

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Security Affairs

MARCH 28, 2019

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported.

Banking

Banking Cryptocurrency Mobile Advertising

Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign

Security Affairs

NOVEMBER 20, 2018

Security experts at F-Secure have recently spotted a small spam campaign aimed at Mac users that use Exodus cryptocurrency wallet. The messages were sent by accounts associated with the domain “update-exodus[.]io”, The messages were sent by accounts associated with the domain “update-exodus[.]io”, update.zip.”

Cryptocurrency

Cryptocurrency Spyware Advertising Surveillance

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

Ukraine police and Binance dismantled a cyber gang behind $42M money laundering

Security Affairs

AUGUST 18, 2020

Ukrainian authorities arrested the members of a cybercrime gang who ran 20 cryptocurrency exchanges involved in money laundering. Police in Ukraine announced the arrest of the members of a cybercrime gang composed of three individuals who ran 20 cryptocurrency exchanges used in money laundering activities. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Computers and Electronics Cybercrime Digital transformation

US DoJ wants the funds stored by North Korea in 280 BTC and ETH

Security Affairs

AUGUST 30, 2020

US DoJ filed a civil forfeiture complaint to seize 280 Bitcoin (BTC) and Ethereum (ETH) accounts containing funds allegedly stolen by North Korea-linked hackers. ” The analysis of the blockchain allowed the US officials to follow the stolen funds from two hacked exchange back to the 280 crypto-currency accounts. .”

Cryptocurrency

Cryptocurrency Hacking Advertising Accountability

REvil Ransomware member win the auction for KPot stealer source code

Security Affairs

NOVEMBER 4, 2020

KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software. The KPOT Stealer was written in C/C++, it was offered in the cybercrime underground as a Malware-as-a-Service (MaaS).

Ransomware

Ransomware Malware Advertising Cybercrime

Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

Security Affairs

JULY 30, 2018

Security experts from Kaspersky Lab have spotted a new cryptocurrency miner dubbed PowerGhost that can spread leveraging a fileless infection technique. “The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.”

Cryptocurrency

Cryptocurrency DDOS Advertising Malware

QSnatch malware already infected thousands of QNAP NAS devices

Security Affairs

NOVEMBER 4, 2019

Security experts warn of a new piece of malware dubbed QSnatch that already infected thousands of QNAP NAS devices worldwide. A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP. At the time of writing, it is still unclear how threat actor will use the malware (i.e.

Malware

Malware Firmware Advertising Encryption

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data.

Malware

Malware Advertising Mobile Hacking

Romanian duo convicted of fraud Scheme infecting 400,000 computers

Security Affairs

APRIL 14, 2019

The malware was developed to steal credentials, financial data, personal information, then the crooks offered them on the dark web marketplaces. The crooks used malicious emails purporting to be legitimate from such entities as Western Union, Norton AntiVirus and the IRS to spread the malware. ” continues the DoJ.

Cryptocurrency

Cryptocurrency Identity Theft Advertising Accountability

XCSSET Mac spyware spreads via Xcode Projects

Security Affairs

AUGUST 15, 2020

A new Mac malware, tracked as XCSSET, spreads through Xcode projects and exploits two zero-day vulnerabilities, experts warn. XCSSET is a new Mac malware that spreads through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware attacks.

Spyware

Spyware Malware Advertising Cryptocurrency

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

MetaMask app on Google Play was a Clipboard Hijacker

Security Affairs

FEBRUARY 11, 2019

Security researcher Lukas Stefanko from ESET discovered the first Android cryptocurrency clipboard hijacker impersonating MetaMask on the official Google Play store. “This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018.

Cryptocurrency

Cryptocurrency Mobile Advertising Malware

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan. The malware is also able to take a screenshot of the active desktop and also target wallets stored on the computer. . Pierluigi Paganini.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. In October a new version of the info-stealer appeared in the wild, it is able to steal more data, including other types of cryptocurrencies. ” concludes BleepingComputer.

Encryption

Encryption Ransomware Cryptocurrency Passwords

Security Affairs newsletter Round 260

Security Affairs

APRIL 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Scams

Scams Phishing Advertising DDOS

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . Pierluigi Paganini.

Passwords

Passwords Cryptocurrency Data breaches Advertising

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “Levashov provided the Kelihos malware to Crypt4U personnel for crypting before distributing it to his victims.

Antivirus

Antivirus Malware Cryptocurrency Software

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

. “Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs

OCTOBER 20, 2020

Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks. Group-IB Secure Portal also managed to identify over 100,000 accounts with three or more logins from the same device. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Social Engineering eCommerce Engineering

Security Affairs newsletter Round 242

Security Affairs

DECEMBER 1, 2019

After 1 Million of malware samples analyzed. Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts. Upbit cryptocurrency exchange hacked, crooks stole $48.5 Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Twitter allows users to use 2FA without a phone number.

Advertising

Advertising Ransomware Cryptocurrency Government

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

Security Affairs

NOVEMBER 24, 2019

The Raccoon stealer was first spotted in April, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. The malware is now promoted on English- speeaking hacking forums, it works on both 32-bit and 64-bit operating systems. ” concludes Cofense.

Malware

Malware Advertising Cryptocurrency Hacking

US DoJ charges three members of the North Korea-linked Lazarus APT group

Security Affairs

FEBRUARY 17, 2021

Department of Justice charged Park over WannaCry and 2014 Sony Pictures Entertainment Hack. billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.” sanctions. .

Cryptocurrency

Cryptocurrency Banking Hacking Ransomware

Law enforcement agencies dismantled Infinity Black hacker group

Security Affairs

MAY 6, 2020

The crime gang was formed in 2018, it was involved in distributing stolen user credentials, developing and distributing malware and hacking tools, and fraud. . The agents seized electronic equipment, external hard drives and hardware cryptocurrency wallets, all worth around €100 000. ” continues the press release.

Computers and Electronics

Computers and Electronics Hacking Cryptocurrency Accountability

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” The same threat actors used also another Docker Hub repository, associated with the ‘ marumira ‘ account, in previous attacks. We can shut it down.

Hacking

Hacking Cryptocurrency Advertising Accountability

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Security Affairs

SEPTEMBER 2, 2018

Security experts from Kaspersky Lab have uncovered a new spam campaign leveraging the Loki Bot malware to target corporate mailboxes. The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Securi ty Affairs – Loki Bot, malware).

Social Engineering

Social Engineering Cryptocurrency Advertising Malware

Hackers Steal $41 Million worth of Bitcoin from Binance Exchange

Security Affairs

MAY 8, 2019

Hackers steal $41 Million worth of Bitcoin from Binance, one of the world’s largest cryptocurrency exchange. The hack of another cryptocurrency exchange made the headlines, hackers steal $41 Million worth of Bitcoin (over 7,000 bitcoins ) from Binance. There may also be additional affected accounts that have not been identified yet.”

Cryptocurrency

Cryptocurrency Data breaches Advertising Phishing

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. and lower) to compromise them and install the malicious code the exploit the CVE-2014-3120 and CVE-2015-1427 vulnerabilities. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Advertising DDOS Malware

Arcane Stealer V, a threat for lower-skilled adversaries that scares experts

Security Affairs

SEPTEMBER 30, 2019

Experts recently analyzed an information-stealing malware tracked as Arcane Stealer V that is very cheap and easy to buy in the Dark Web. In July 2019, researchers at Fidelis Threat Research Team (TRT) analyzed a sample of Arcane Stealer V, a.net information-stealing malware that is easy to acquire in the dark web.

Malware

Malware Advertising Accountability Cryptocurrency

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

Security Affairs

OCTOBER 19, 2020

In 2017, Greek Police arrested the Russian national Alexander Vinnik and they accused the man of running the BTC-e Bitcoin exchange to launder more than US$4bn worth of the cryptocurrency. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. million withdrawn. ” reported the AFP news. Pierluigi Paganini.

Advertising

Advertising Cybercrime Hacking Cryptocurrency

APT41 actors charged for attacks on more than 100 victims globally

Security Affairs

SEPTEMBER 17, 2020

The attacks also aimed at carrying out other criminal activities, such as the deployment of ransomware and cryptocurrency malware. District Court for the District of Columbia seized hundreds of accounts, domain names, servers, and command and control (C&C) dead drop web pages that the defendants employed in their operations.

Identity Theft

Identity Theft Advertising Government Technology

Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

Security Affairs

JANUARY 9, 2020

An operation coordinated by Interpol, dubbed Goldfish Alpha, dismantled an illegal cryptocurrency network operating in Southeast Asia. Interpol announced that it has coordinated a successful international operation aimed at removing cryptocurrency miners that infected routers located in Southeast Asia. ” reported Trend Micro.

Cryptocurrency

Cryptocurrency Cybercrime Internet Internet

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

SEPTEMBER 17, 2019

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. This malware outstands similar miners because of the way it loads malicious kernel modules to evade the detection. The malware replaces the system’s pam_unix. Pierluigi Paganini.

Malware

Malware Advertising Authentication Passwords

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

New MrbMiner malware infected thousands of MSSQL DBs

Trending Sources

US officials charge two Chinese men for laundering cryptocurrency for North Korea

QQAAZZ crime gang charged for laundering money stolen by malware gangs

USCYBERCOM shares five new North Korea-linked malware samples

CookieMiner Mac Malware steals browser cookies and sensitive Data

New Lobshot hVNC malware spreads via Google ads

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Interview With a Crypto Scam Investment Spammer

New Android BlackRock malware targets hundreds of apps

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Mac users using Exodus cryptocurrency wallet targeted by a small spam campaign

Actions Target Russian Govt. Botnet, Hydra Dark Market

Ukraine police and Binance dismantled a cyber gang behind $42M money laundering

US DoJ wants the funds stored by North Korea in 280 BTC and ETH

REvil Ransomware member win the auction for KPot stealer source code

Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

QSnatch malware already infected thousands of QNAP NAS devices

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Romanian duo convicted of fraud Scheme infecting 400,000 computers

XCSSET Mac spyware spreads via Xcode Projects

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

MetaMask app on Google Play was a Clipboard Hijacker

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

STOP ransomware encrypts files and steals victim’s data

Security Affairs newsletter Round 260

Poloniex forces password reset following a data leak

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs newsletter Round 242

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

US DoJ charges three members of the North Korea-linked Lazarus APT group

Law enforcement agencies dismantled Infinity Black hacker group

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Hackers Steal $41 Million worth of Bitcoin from Binance Exchange

Multiple threat actors are targeting Elasticsearch Clusters

Arcane Stealer V, a threat for lower-skilled adversaries that scares experts

Alexander Vinnik, the popular cyber criminal goes on trial in Paris

APT41 actors charged for attacks on more than 100 victims globally

Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Stay Connected