2014, Cryptocurrency, Malware and Passwords

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Malware

Malware Cryptocurrency Advertising Accountability

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. Bilogorskiy: Before 2013 a lot of malware was focused on spam, DDoS and monetizing through malicious advertising and ad fraud. Bilogorskiy: Exactly. It was insane.

Cryptocurrency

Cryptocurrency Passwords Ransomware Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Security Affairs

APRIL 5, 2019

Researchers at AT&T Alien Labs have spotted a malware called Xwo that is actively scanning the Internet for exposed web services and default passwords. Experts at AT&T Alien Labs discovered a new piece of malware called Xwo that is actively scanning the Internet for exposed web services and default passwords.

Internet

Internet Internet Passwords Malware

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Cryptocurrency

Cryptocurrency Malware Advertising VPN

Crooks use weaponized coronavirus map to deliver malware

Security Affairs

MARCH 12, 2020

Cybercriminals continue to exploit the fear in the coronavirus outbreak to spread malware and steal sensitive data from victims. Experts from cybersecurity Reason reported cybercrimnals are using new coronavirus -themed attacks to deliver malware. To make sure the malware can persist and keep operating, it uses the “Task Scheduler”.”

Malware

Malware Advertising Passwords Cryptocurrency

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers.

Cryptocurrency

Cryptocurrency Malware Ransomware Cybercrime

Modular Cryptojacking malware uses worm abilities to spread

Security Affairs

MARCH 13, 2019

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. The Monero cryptocurrency miner uses a worm module (Systemctl.exe) dubbed PsMiner written in the Go language which includes exploit modules used to hack into vulnerable servers.

Malware

Malware Cryptocurrency Advertising Passwords

CookieMiner Mac Malware steals browser cookies and sensitive Data

Security Affairs

JANUARY 31, 2019

Palo Alto Networks discovered a piece of Mac malware dubbed CookieMiner that is targeting browser cookies associated with cryptocurrency exchanges and wallet service websites. The malware targets cookies associated with cryptocurrency exchanges such as Binance , Coinbase, Poloniex, Bittrex, Bitstamp, and MyEtherWallet.

Malware

Malware Cryptocurrency Authentication Advertising

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Malware

Malware Cryptocurrency Passwords Internet

Poloniex forces password reset following a data leak

Security Affairs

JANUARY 2, 2020

The Poloniex cryptocurrency exchange is forcing users to reset their passwords following a data leak. . Another bad news for the community of the virtual currencies communities, the Poloniex cryptocurrency exchange has forced its users to reset their passwords following a data leak. . This is a real email!

Passwords

Passwords Cryptocurrency Data breaches Advertising

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Advertising Phishing Passwords

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Masad Stealer Malware exfiltrates data via Telegram

Security Affairs

SEPTEMBER 29, 2019

Experts at Juniper Threat Labs have discovered a new piece of malware dubbed Masad Stealer that exfiltrate s cryptocurrency wallet files via Telegram. Security researchers at the Juniper Threat Labs discovered a strain of malware dubbed Masad Stealer that is actively distributed.

Malware

Malware Cryptocurrency Advertising Marketing

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. According to Martin, other cryptocurrency organizations were hit by similar attacks. CVE-2019-11707 is a type confusion vulnerability in Array.pop.

Cryptocurrency

Cryptocurrency Malware Advertising Passwords

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Security Affairs

NOVEMBER 4, 2020

Yesterday almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet was moved to another wallet. Someone has transferred almost $1 billion worth of cryptocurrency contained in a password-protected BitCoin wallet to another wallet.

Cryptocurrency

Cryptocurrency Passwords Advertising Hacking

Malware campaign uses multiple propagation methods, including EternalBlue

Security Affairs

APRIL 12, 2019

Hackers are using the EternalBlue exploit and leveraging advantage of Living off the Land ( LotL ) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency. “The malware also uses the pass the hash method, wherein it authenticates itself to remote servers using the user’s hashed password.

Malware

Malware Cryptocurrency Passwords Advertising

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

Security Affairs

MARCH 17, 2020

In this campaign, crooks are exploiting the interest in the Coronavirus (COVID-19) outbreak to deliver a couple of malware, the CoronaVirus Ransomware and the Kpot information-stealing Trojan. The website was distributing a file named WSHSetup.exe, it is the downloader for both the CoronaVirus Ransomware and the Kpot password-stealer.

Ransomware

Ransomware Cryptocurrency Advertising Passwords

QSnatch malware already infected thousands of QNAP NAS devices

Security Affairs

NOVEMBER 4, 2019

Security experts warn of a new piece of malware dubbed QSnatch that already infected thousands of QNAP NAS devices worldwide. A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP. Gather all usernames and passwords related to the device and sent them to the C2 server.

Malware

Malware Firmware Advertising Encryption

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. According to a report published by Kaspersky Lab in January 2020, in the two years the North Korea-linked APT group has continued to target cryptocurrency exchanges evolving its TTPs.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

STOP ransomware encrypts files and steals victim’s data

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. SecurityAffairs – STOP ransomare , malware).

Encryption

Encryption Ransomware Cryptocurrency Passwords

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

Security Affairs

MARCH 26, 2020

The number of Coronavirus-themed attacks continues to increase, crooks hijack D-Link and Linksys routers to redirect users to sites spreading COVID19-themed malware. Crooks continue to launch Coronavirus-themed attacks , experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware.

Malware

Malware DNS Advertising Cryptocurrency

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . Researchers at Z s caler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. .

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Security Affairs newsletter Round 260

Security Affairs

APRIL 19, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Scams

Scams Phishing Advertising DDOS

Experts reported the hack of several supercomputers across Europe

Security Affairs

MAY 17, 2020

Organizations managing supercomputers across Europe reported their systems have been compromised to deploy cryptocurrency miners. Crooks have compromised supercomputers across Europe to deploy cryptocurrency miners, incidents have been already reported in the UK, Germany, and Switzerland. Pierluigi Paganini.

Hacking

Hacking Cryptocurrency Advertising Malware

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “This one seems to target enterprise systems.”

IoT

IoT Cryptocurrency Malware System Administration

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017.

IoT

IoT Passwords Malware Advertising

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

Security Affairs

SEPTEMBER 2, 2018

Security experts from Kaspersky Lab have uncovered a new spam campaign leveraging the Loki Bot malware to target corporate mailboxes. The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Pierluigi Paganini.

Social Engineering

Social Engineering Cryptocurrency Advertising Malware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

. “Once the malicious document is opened, the malware is dropped and proceeds to the next stage of the deployment process. The ThreatNeedle malware used in this campaign belongs to a malware family known as Manuscrypt, which belongs to the Lazarus group and has previously been seen attacking cryptocurrency businesses.”

Malware

Malware Cryptocurrency Password Management Encryption

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

Security experts at Symantec have uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit to spread a cryptocurrency malware on enterprise networks in Asia. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Cryptocurrency

Cryptocurrency Malware Advertising Phishing

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

The botnet is used to launch brute-force attacks against MSSQL databases to take over servers and install Monero and Vollar cryptocurrency miners. The botnet was first spotted in May 2018, when it was that targeting Windows machines running MS-SQL servers to deploy a broad range of malware, including RAT and miners. Pierluigi Paganini.

Telecommunications

Telecommunications Advertising Passwords Malware

FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT

Security Affairs

APRIL 11, 2019

The activity of the Lazarus Group (aka BlueNoroff and Hidden Cobra ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising Cryptocurrency Passwords

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

SEPTEMBER 17, 2019

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. This malware outstands similar miners because of the way it loads malicious kernel modules to evade the detection. The malware replaces the system’s pam_unix. Pierluigi Paganini.

Malware

Malware Advertising Authentication Passwords

Security Affairs newsletter Round 195 – News of the week

Security Affairs

JANUARY 6, 2019

Malware-based attack hit delivery chain of the major US newspapers. Experts show that is easy to hack Hardware-based Cryptocurrency Wallets. wget utility potential leaked password via extended filesystem attributes. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Advertising

Advertising Cryptocurrency Hacking Ransomware

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” “An interesting characteristic of the attack is that it uses a cryptocurrency miner that it is being built from scratch instead of an existing one.”

Hacking

Hacking Cryptocurrency Advertising Accountability

The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Security Affairs

OCTOBER 2, 2018

Checkpoint experts discovered in the Dark Web an online builder, dubbed Gazorp, that allows crooks to create customized binaries for the Azorult malware. The Gazorp builder allows generating for free the malicious code to steal passwords, payment information, cryptocurrency wallet data and more. in live attacks.

Malware

Malware Advertising Spyware Passwords

Law enforcement agencies dismantled Infinity Black hacker group

Security Affairs

MAY 6, 2020

The crime gang was formed in 2018, it was involved in distributing stolen user credentials, developing and distributing malware and hacking tools, and fraud. . The agents seized electronic equipment, external hard drives and hardware cryptocurrency wallets, all worth around €100 000. ” concludes the Europol. Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Hacking Cryptocurrency Accountability

Arcane Stealer V, a threat for lower-skilled adversaries that scares experts

Security Affairs

SEPTEMBER 30, 2019

Experts recently analyzed an information-stealing malware tracked as Arcane Stealer V that is very cheap and easy to buy in the Dark Web. In July 2019, researchers at Fidelis Threat Research Team (TRT) analyzed a sample of Arcane Stealer V, a.net information-stealing malware that is easy to acquire in the dark web.

Malware

Malware Advertising Accountability Cryptocurrency

A new sophisticated version of the AZORult Spyware appeared in the wild

Security Affairs

JULY 30, 2018

Malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared in cybercrime forums on the Dark Web. For example: if there are cookies or saved passwords from mysite.com, then download and run the file link[.]com/soft.exe.

Spyware

Spyware Cryptocurrency Passwords Malware

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

The first half of 2019 saw a 10-fold increase in the number of password-protected objects, such as documents and archive files, being used to deliver malware. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Another trend was disguising malware in emails.

Ransomware

Ransomware Antivirus Malware Banking

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

The intention behind hacking your identity might be to attack your connection with malware or to trace your location for some malicious activities in the future. Use Strong Passwords. Most people are comfortable with the default password of their internet connecting device and assume it to be secure. Pierluigi Paganini.

Hacking

Hacking VPN Internet Internet

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs

AUGUST 22, 2019

They can see the passwords you use, your email address, your name and physical address, phone numbers and any other type of personal information that you might happen to enter into a website. For instance there are automated tools that look for passwords and write them into a file whenever they see one. In the name of self defence.

VPN

VPN Encryption Passwords Small Business

Security Affairs newsletter Round 232

Security Affairs

SEPTEMBER 22, 2019

A flaw in LastPass password manager leaks credentials from previous site. France and Germany will block Facebooks Libra cryptocurrency. MobiHok RAT, a new Android malware based on old SpyNote RAT. Commodity Malware Reborn: The AgentTesla Total Oil themed Campaign. Drone attacks hit two Saudi Arabia Aramco oil plants.

Adware

Adware Password Management Advertising Hacking

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

New MrbMiner malware infected thousands of MSSQL DBs

Webinars

Trending Sources

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

Webinars

Xwo Malware scans the Internet for Exposed Services, Default Passwords

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Crooks use weaponized coronavirus map to deliver malware

New XBash malware combines features from ransomware, cryptocurrency miners, botnets, and worms

Modular Cryptojacking malware uses worm abilities to spread

CookieMiner Mac Malware steals browser cookies and sensitive Data

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Poloniex forces password reset following a data leak

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Raccoon Malware, a success case in the cybercrime ecosystem

Masad Stealer Malware exfiltrates data via Telegram

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Someone emptied a $1 billion BitCoin wallet ahead of Presidential Election

Malware campaign uses multiple propagation methods, including EternalBlue

Attackers use a new CoronaVirus Ransomware to cover Kpot Infostealer infections

QSnatch malware already infected thousands of QNAP NAS devices

North Korea-linked Lazarus APT targets the COVID-19 research

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

STOP ransomware encrypts files and steals victim’s data

Hackers hijack D-Link and Linksys routers to point users to coronavirus-themed sites serving malware

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs newsletter Round 260

Experts reported the hack of several supercomputers across Europe

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Evolution of threat landscape for IoT devices – H1 2018

Kaspersky warns of a new Loki Bot campaign target corporate mailboxes

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

FBI/DHS MAR report details HOPLIGHT Trojan used by Hidden Cobra APT

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs newsletter Round 195 – News of the week

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Law enforcement agencies dismantled Infinity Black hacker group

Arcane Stealer V, a threat for lower-skilled adversaries that scares experts

A new sophisticated version of the AZORult Spyware appeared in the wild

Ransomware Revival: Troldesh becomes a leader by the number of attacks

5 Ways to Protect Yourself from IP Address Hacking

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs newsletter Round 232

Stay Connected