SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Instead, they can rely on regular macro-enabled documents or older exploits.

Cryptocurrency 131

Cryptocurrency Malware Accountability Banking 131

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.

Malware 114

Malware DNS Encryption Cryptocurrency 114

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. Since the 1970s, Public Key Infrastructure (PKI) has offered encryption , authentication, bootstrapping, and digital signatures to secure digital communications. More robust security for Domain Name Systems (DNS).

Cybersecurity 135

Cybersecurity Cryptocurrency Technology Energy and Utilities 135

Security Boulevard

JUNE 15, 2023

Oftentimes this is credential data, but it can be any data that may have financial value to an adversary; this includes paid online service accounts, cryptocurrency wallets, instant messenger, or email contacts lists, etc. Key Mystic Stealer functions include its ability to extract data from web browsers and cryptocurrency wallets.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 98

Malware Ransomware Encryption Energy and Utilities 98

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). We named this botnet “Black” due to the RC4 key value, “black”, that is used for traffic encryption in this botnet.” The second STAGE-1 C&C server is used for controlling malware via an encrypted connection. Bot-B connects to Bot-A.

Malware 45

Malware DNS Encryption Banking 45

SecureList

MAY 26, 2021

In addition, the year gone by demonstrated that everything in the Windows operating system is cyclical, and that most of the detected vulnerabilities exist in the same services, for example, in the drivers of the SMB (SMBGhost, SMBBleed), DNS (SigRed) and ICMPv6 (BadNeighbor) network protocols. Exploit.MSOffice.CVE-2017-11882.gen.

Phishing 131

Phishing Malware Ransomware Adware 131