2018 Cryptocurrency DNS Spyware 
Security Affairs
AUGUST 26, 2018
Paper Copy. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.
SecureList
AUGUST 30, 2023
While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureList
DECEMBER 1, 2023
However, they included an additional module that constantly monitored the messenger and sent data to the spyware creator’s C2 server. Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org org domain. We also published a report on a new version of the Lumma stealer.
SecureList
MAY 27, 2022
In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency. Roaming Mantis reaches Europe.
SecureList
SEPTEMBER 26, 2022
NullMixer is a dropper that includes more than just specific malware families; it drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware and many others. Screen with cryptocurrency addresses from Generic.ClipBanker binary. NullMixer execution chain. ColdStealer.
Expert insights. Personalized for you.
41 
Let's personalize your content