2017, Cryptocurrency and Malware - Cyber Security Informer

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

A sophisticated cybercrime campaign, dubbed Elusive Comet , has been uncovered, in which North Korean threat actors are exploiting Zoom's remote control feature to infiltrate the systems of cryptocurrency professionals. The research behind the discovery was released by Security Alliance , which tracked and analyzed the campaign.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

The Link Between Ransomware and Cryptocurrency

eSecurity Planet

DECEMBER 21, 2021

The dangers from ransomware have risen sharply since WannaCry and NotPetya hit the scene in 2017, and this year has been no different. Cryptocurrency Fuels Ransomware. One constant in all this will be cryptocurrency, the coin of the realm when it comes to ransomware. Cryptocurrency really is fueling this in a sense.

Cryptocurrency

Cryptocurrency Ransomware Cybercrime Social Engineering

The BlueNoroff cryptocurrency hunt is still on

SecureList

JANUARY 13, 2022

The group seems to work more like a unit within a larger formation of Lazarus attackers, with the ability to tap into its vast resources: be it malware implants, exploits, or infrastructure. Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. Malware infection.

Cryptocurrency

Cryptocurrency Malware Accountability Banking

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. for helping North Korea-linked hackers in laundering cryptocurrency. The cryptocurrency have been stolen by the APT groups from two cryptocurrency exchanges. and Li Jiadong (???),

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Actions Target Russian Govt. Botnet, Hydra Dark Market

Krebs on Security

APRIL 7, 2022

The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet. energy facilities. ” HYDRA. . ” HYDRA. .

Marketing

Marketing Energy and Utilities Malware Ransomware

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

A sophisticated malware tracked as StripedFly remained undetected for five years and infected approximately one million devices. Researchers from Kaspersky discovered a sophisticated malware, dubbed StripedFly, that remained under the radar for five years masquerading as a cryptocurrency miner.

Malware

Malware Cryptocurrency Ransomware Hacking

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. The new piece of malware leverages many exploits to compromise target systems and implements evasion techniques to avoid detection. ” states Trend Micro.

Cryptocurrency

Cryptocurrency Malware Advertising Hacking

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. According to Martin, other cryptocurrency organizations were hit by similar attacks. CVE-2019-11707 is a type confusion vulnerability in Array.pop.

Cryptocurrency

Cryptocurrency Malware Advertising Hacking

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

The CryptoCore hacker group that is believed to be operating out of Eastern Europe has stolen around $200 million from online cryptocurrency exchanges. Experts from ClearSky states that a hacker group tracked as CryptoCore, which is believed to be operating out of Eastern Europe, has stolen around $200 million from cryptocurrency exchanges.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware

Malware Advertising Government Cryptocurrency

8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency

The Hacker News

MAY 18, 2023

The notorious cryptojacking group tracked as 8220 Gang has been spotted weaponizing a six-year-old security flaw in Oracle WebLogic servers to ensnare vulnerable instances into a botnet and distribute cryptocurrency mining malware.

Cryptocurrency

Cryptocurrency Malware

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Computer Emergency Response Team in Ukraine (CERT-UA) reported that a PurpleFox malware campaign had already infected at least 2,000 computers in the country. Experts defined DirtyMoe as a complex malware that has been designed as a modular system. ” reads the alert published by CERT-UA.

Malware

Malware Internet Internet DDOS

Racoon stealer malware suspends its operations due to war on Ukraine

CyberSecurity Insiders

MARCH 29, 2022

Details are in that Racoon Stealing malware aka password stealing malicious software was being distributed in a MAAS (malware as a service) service for a price range of $75 to $200 on monthly note. It was being used to steal vital info such as cryptocurrency, wallet details, browser credentials, credit card details and email data.

Malware

Malware Passwords Cryptocurrency Software

Modular Cryptojacking malware uses worm abilities to spread

Security Affairs

MARCH 13, 2019

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. The Monero cryptocurrency miner uses a worm module (Systemctl.exe) dubbed PsMiner written in the Go language which includes exploit modules used to hack into vulnerable servers.

Malware

Malware Cryptocurrency Advertising Passwords

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

A new variant of the infamous Lemon_Duck cryptomining malware has been updated to targets Linux devices. Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. ” reads the post published by Sophos.

Malware

Malware Authentication Passwords Internet

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Security Affairs

MARCH 28, 2019

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported.

Banking

Banking Cryptocurrency Mobile Advertising

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

Mobile malware evolution 2020

SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile

Mobile Malware Adware Banking

MetaMask app on Google Play was a Clipboard Hijacker

Security Affairs

FEBRUARY 11, 2019

Security researcher Lukas Stefanko from ESET discovered the first Android cryptocurrency clipboard hijacker impersonating MetaMask on the official Google Play store. “This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018.

Cryptocurrency

Cryptocurrency Advertising Mobile Malware

Malware campaign uses multiple propagation methods, including EternalBlue

Security Affairs

APRIL 12, 2019

Hackers are using the EternalBlue exploit and leveraging advantage of Living off the Land ( LotL ) obfuscated PowerShell-based scripts to deliver malware and a Monero cryptocurrency. “The malware also uses the pass the hash method, wherein it authenticates itself to remote servers using the user’s hashed password.

Malware

Malware Cryptocurrency Passwords Advertising

Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance

Security Boulevard

AUGUST 2, 2022

Current threat actor activity is incentivized by a broad attack surface represented through high volumes of users and systems, and high potential profits represented through the variety of cryptocurrency offerings. It is easy to detect and block things like malicious cryptocurrency apps or crypto-phishing websites.

Cryptocurrency

Cryptocurrency Ransomware Government Risk

Canada Charges Its “Most Prolific Cybercriminal”

Krebs on Security

DECEMBER 8, 2021

Also known as “ Mariposa ,” ButterFly was a plug-and-play malware strain that allowed even the most novice of would-be cybercriminals to set up a global operation capable of harvesting data from thousands of infected PCs, and using the enslaved systems for crippling attacks on Web sites. ” The U.S.

Cybercrime

Cybercrime Ransomware Accountability Advertising

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls.

Malware

Malware Cryptocurrency Firewall Cybercrime

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain. Twitter @Slvlombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. Subsequent analysis revealed earlier instances of suspicious code dating back to 2017.

Malware

Malware DNS Encryption Cryptocurrency

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

billion worth of cryptocurrency and other virtual assets in the past five years. billion) in cryptocurrency and other virtual assets in the past five years. economic sanctions were toughened in 2017 in response to its nuclear and missile tests.” million in cryptocurrency through this program. trillion won ($1.2

Cryptocurrency

Cryptocurrency Cybercrime Media Government

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS

DNS Malware Cryptocurrency Internet

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Security Affairs

OCTOBER 18, 2018

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018. In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement.

Cyber Attacks

Cyber Attacks Cryptocurrency Phishing Social Engineering

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

Underminer Exploit Kit spreading Bootkits and cryptocurrency miners

Security Affairs

JULY 29, 2018

New Underminer exploit kit delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency miner dubbed Hidden Mellifera. “Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera.” Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Advertising Malware Encryption

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Security Affairs

APRIL 5, 2019

A few days ago, the researchers of ZLab Yoroi-Cybaze dissected another attack wave of the infamous Ursnif malware, also known as Gozi ISFB , an offspring of the original Gozi which source code was leaked in 2014. Ursnif/Gozi is active from over a decade and was one of the most active malware listed in 2017 and 2018.

Banking

Banking Malware Cryptocurrency Advertising

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “Levashov provided the Kelihos malware to Crypt4U personnel for crypting before distributing it to his victims.

Antivirus

Antivirus Malware Software Cryptocurrency

Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

Security Affairs

JULY 30, 2018

Security experts from Kaspersky Lab have spotted a new cryptocurrency miner dubbed PowerGhost that can spread leveraging a fileless infection technique. “The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.”

Cryptocurrency

Cryptocurrency DDOS Advertising Malware

Experts warn of fake Adobe Flash update hiding a miner that works as a legitimate update

Security Affairs

OCTOBER 13, 2018

A fake Adobe Flash update actually was used as a vector for a malicious cryptocurrency miner, the novelty in this last campaign is represented by the tricks used by attackers to stealthily drop the malware. The domain is associated with other updaters or installers pushing cryptocurrency miners and other unwanted software.

Cryptocurrency

Cryptocurrency Malware Advertising Software

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

Security experts at Symantec have uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit to spread a cryptocurrency malware on enterprise networks in Asia. ” reads the analysis published Symantec. “ Beapy ( W32.Beapy

Cryptocurrency

Cryptocurrency Malware Advertising Phishing

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

This post examines the activities of Khoroshev’s many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years. This user said they specialize in developing malware, creating computer worms, and crafting new ways to hijack Web browsers.

Ransomware

Ransomware Cybercrime Accountability Malware

Malware Leveraging PowerShell Grew 432% in 2017

Dark Reading

MARCH 12, 2018

Cryptocurrency mining and ransomware were other major threats.

Cryptocurrency

Cryptocurrency Malware Ransomware

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

Researchers noticed that malware authors have added multiple exploits for over 10 different web applications and the SMB protocol. Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload.

Malware

Malware DDOS Passwords IoT

US DoJ wants the funds stored by North Korea in 280 BTC and ETH

Security Affairs

AUGUST 30, 2020

The US DoJ has filed a civil forfeiture complaint with the intent to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds which are the proceeds of hacking campaigns conducted by North Korea-linked APT groups against two cryptocurrency exchanges. In the second attack, threat actors stole $2.5

Cryptocurrency

Cryptocurrency Hacking Advertising Accountability

Who’s Behind the GandCrab Ransomware?

Krebs on Security

JULY 8, 2019

But GandCrab far eclipsed the success of competing ransomware affiliate programs largely because its authors worked assiduously to update the malware so that it could evade antivirus and other security defenses. It remains unclear how many individuals were active in the core GandCrab malware development team. of GandCrab. HEAVY METALL.

Ransomware

Ransomware Accountability Cybercrime Passwords

Three North Korean hackers charged for financial and revenge-motivated hacks

SC Magazine

FEBRUARY 17, 2021

billion in currency and cryptocurrency and further other strategic interests for the North Korean government. The charges captures years-worth of North Korean hacking, including the widely publicized 2014 Sony hack, the 2016 hack of the Central Bank of Bangladesh, the 2017 WannaCry ransomware attack and others.

Hacking

Hacking Cryptocurrency Banking Malware

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

U.S. Indicts North Korean Hackers in Theft of $200 Million

Trending Sources

New Triada Trojan comes preinstalled on Android devices

The Link Between Ransomware and Cryptocurrency

The BlueNoroff cryptocurrency hunt is still on

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Actions Target Russian Govt. Botnet, Hydra Dark Market

StripedFly, a complex malware that infected one million devices without being noticed

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

DarkGate malware campaign abuses Skype and Teams

USCYBERCOM shares five new North Korea-linked malware samples

8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency

PurpleFox malware infected at least 2,000 computers in Ukraine

Racoon stealer malware suspends its operations due to war on Ukraine

Modular Cryptojacking malware uses worm abilities to spread

Lemon_Duck cryptomining malware evolves to target Linux devices

Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

When Low-Tech Hacks Cause High-Impact Breaches

Mobile malware evolution 2020

MetaMask app on Google Play was a Clipboard Hijacker

Malware campaign uses multiple propagation methods, including EternalBlue

Threat Actors Merging Malicious Activity With Cryptocurrency Show How the Attack Landscape is Developing in Decentralized Finance

Canada Charges Its “Most Prolific Cybercriminal”

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Wannacry, the hybrid malware that brought the world to its knees

StripedFly: Perennially flying under the radar

North Korea-linked hackers stole $626 million in virtual assets in 2022

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Underminer Exploit Kit spreading Bootkits and cryptocurrency miners

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Fileless PowerGhost cryptocurrency miner leverages EternalBlue exploit to spread

Experts warn of fake Adobe Flash update hiding a miner that works as a legitimate update

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

How Did Authorities Identify the Alleged Lockbit Boss?

Malware Leveraging PowerShell Grew 432% in 2017

Necro Python bot now enhanced with new VMWare, server exploits

US DoJ wants the funds stored by North Korea in 280 BTC and ETH

Who’s Behind the GandCrab Ransomware?

Three North Korean hackers charged for financial and revenge-motivated hacks

Stay Connected