Security Affairs

NOVEMBER 26, 2024

In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Malware 143

Malware Cryptocurrency Encryption Hacking 143

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 99

Energy and Utilities Ransomware Malware Government 99

Security Affairs

JULY 18, 2025

NoMoreRansom warns users to remove the malware first with a reliable antivirus before using the decryptor, or files may be re-encrypted repeatedly. In 2023, 8Base emerged from Phobos affiliates, using a modified encryptor and double extortion—encrypting and stealing data to force ransom payments. In February 2025, the U.S.

Ransomware 125

Ransomware Encryption Malware Antivirus 125

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware 120

Malware Antivirus Advertising Cybercrime 120

Security Affairs

MARCH 10, 2025

pic.twitter.com/rLnVxwKfPK — ZachXBT (@zachxbt) February 1, 2024 Law enforcement traced $23,604,815.09 of stolen crypto between June 2024 and February 2025 to multiple exchanges, including OKX, Kraken, WhiteBIT, AscendEX, FixedFloat, SwapSpace, and CoinRabbit. According to the complaint for forfeiture unsealed by the U.S.

Password Management 86

Password Management Cryptocurrency Passwords Data breaches 86

Centraleyes

DECEMBER 16, 2024

In 2024, human-centric security strategies will become increasingly important. Talent Shortage The cybersecurity talent shortage shows no signs of abating in 2024. Ransomware Still Reigns Supreme Ransomware attacks continue to plague organizations globally, and 2024 will be no different.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 111

Cryptocurrency Hacking Malware Telecommunications 111

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption.

Risk 173

Risk Threat Detection Technology Phishing 173

Security Affairs

NOVEMBER 19, 2024

Ptitsyn reportedly sold the ransomware on darknet forums under aliases like “derxan” and “zimmermanx,” enabling other criminals to encrypt data and demand ransom. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024.

Cybercrime 114

Cybercrime Ransomware Healthcare Hacking 114

Security Affairs

OCTOBER 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog Three new Ivanti CSA zero-day actively exploited in attacks Ukrainian national pleads guilty in U.S.

Data breaches 116

Data breaches Cryptocurrency Cybercrime Hacking 116

SecureList

JUNE 23, 2025

We believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims. The campaign has been active since at least February 2024. Tapping these opened WebView, revealing an online store named TikToki Mall that accepted cryptocurrency as payment for consumer goods.

Spyware 128

Spyware Malware Cryptocurrency Scams 128

SecureList

FEBRUARY 5, 2025

In late 2024, we discovered a new malware campaign we dubbed “SparkCat”, whose operators used similar tactics while attacking Android and iOS users through both official and unofficial app stores. It encrypts data with AES-256 in CBC mode before sending and decrypts server responses with AES-128 in CBC mode.

Malware 140

Malware Encryption Mobile Cryptocurrency 140

SecureList

OCTOBER 29, 2024

In the screenshot below, the stealer file is named 0Setup.exe: Contents of the malicious archive After launching, 0Setup.exe runs the legitimate BitLockerToGo.exe utility, normally responsible for encrypting and viewing the contents of removable drives using BitLocker.

Adware 124

Adware Malware Cryptocurrency Data collection 124

Security Boulevard

DECEMBER 16, 2024

IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. RiseLoaders emergence is interesting, as the threat actor selling RisePro announced in June 2024 on Telegram that its development was discontinued. mi: Minor version.mj: Major version.

Malware 97

Malware Cryptocurrency Encryption Software 97

Security Affairs

JUNE 6, 2025

de email addresses and pay the ransom in cryptocurrency. Recently, actors linked to Play have also exploited a new SimpleHelp vulnerability ( CVE-2024-57727 ) to remotely execute malicious code, expanding their attack methods and reach in 2025. .” The Play ransomware group follows a double extortion model. de or @web[.]de

Ransomware 97

Ransomware Encryption Antivirus Cryptocurrency 97

Security Affairs

MARCH 18, 2025

In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. Once deployed, StilachiRAT scans configuration data from tens of cryptocurrency wallet extensions to steal digital assets. Analysis of its WWStartupCtrl64.dll

Malware 111

Malware Cryptocurrency Encryption Hacking 111

Security Affairs

FEBRUARY 5, 2025

In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In late 2024, Kaspersky discovered a new malicious campaign, called SparkCat, where the attackers used similar tactics, but that targeted both Android and iOS users. .”

Malware 69

Malware Cryptocurrency Mobile Encryption 69

Security Affairs

MARCH 13, 2025

Notably, they target CVE-2024-1709 (ScreenConnect authentication bypass) and CVE-2023-48788 (Fortinet EMS SQL injection) to infiltrate systems. Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption.

Ransomware 69

Ransomware Encryption Cryptocurrency Insurance 69

SecureList

OCTOBER 23, 2024

On May 13, 2024, our consumer-grade product Kaspersky Total Security detected a new Manuscrypt infection on the personal computer of a person living in Russia. According to the blog, Microsoft had also been tracking the campaign and associated websites since February 2024.

Engineering 145

Engineering Accountability Social Engineering Cryptocurrency 145

Security Affairs

DECEMBER 8, 2024

officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) Now He Wants to Help You Escape, Too Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S.

Artificial Intelligence 102

Artificial Intelligence Spyware Hacking Ransomware 102

SecureList

APRIL 25, 2025

Specifically, they can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps. Neither payload is encrypted. Package name check Based on the package name, binder. services class.

Cryptocurrency 76

Cryptocurrency Malware Firmware Accountability 76

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. Communication with the C2 API was encrypted with RC4 using a hardcoded key and Base64-encoded.

Banking 101

Banking Malware Encryption Energy and Utilities 101

SecureList

OCTOBER 21, 2024

Also, they both use the same key for string encryption. In terms of functionality, the stealer is particularly interested in cryptocurrency wallets and browser data. In June 2024, we discovered a new domain delivering this malware. Last but not least, the Kral name is used in the PDB paths to both binaries.

Passwords 123

Passwords Malware Encryption Cryptocurrency 123

Security Affairs

MARCH 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer PlaybookThen a Second Hacker Strikes ClearFakes (..)

Malware 64

Malware Threat Detection Cryptocurrency Ransomware 64

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. TerraLogger, by contrast, is a standalone keylogger. exe and mshta.exe.

Passwords 67

Passwords Malware Cryptocurrency Cybercrime 67

Malwarebytes

MAY 1, 2025

In 2024, Malwarebytes found more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report.Disguised as apps such as TikTok, Spotify, and WhatsApp, these Android apps can trick victims into handing over their associated usernames and passwords when asking them to login.

Small Business 83

Small Business Cybersecurity Scams Passwords 83

SecureList

APRIL 23, 2025

The incidents that saw the Synchost process abused to inject malware were concentrated within a short period of time: between November 2024 and February 2025. The malware receives an RSA public key from the C2 and encrypts a randomly generated AES key using the public key. All traffic is encrypted with the generated AES key.

Malware 140

Malware Software Encryption Internet 140

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 69

Spyware DNS Data breaches Firewall 69

SecureList

MARCH 5, 2025

Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency. This is a covert miner able to mine multiple cryptocurrencies (ETH, ETC, XMR, RTM and others) using various algorithms.

Malware 109

Malware Cryptocurrency Antivirus Technology 109

Penetration Testing

JUNE 9, 2025

The most notable discovery in SentinelLABS’ investigation was that threat actors carried out reconnaissance against SentinelOne’s Internet-facing servers in October 2024, and even compromised a third-party IT logistics firm responsible for handling employee hardware. vip—demonstrating synchronized infrastructure activity. ”

Penetration Testing 93

Penetration Testing Advertising DNS Cybersecurity 93

Digital Shadows

JANUARY 27, 2025

Key Findings 2024 was the year cyber threats got quicker. Our research reveals 2024 saw a 22% increase in attack speed compared to 2023, with the fastest incident achieving lateral movement in just 27 minutes. Among the 2024 hands-on-keyboard incidents we analyzed, 50% of them used valid or exposed credentials for initial access.

Scams 76

Scams Ransomware Accountability Social Engineering 76

SecureList

FEBRUARY 21, 2025

At the beginning of 2024, several cybersecurity vendors published reports on Angry Likho. All these emails (and others like them in our collection) date back to April 2024. Previously unknown Angry Likho implant In June 2024, we discovered a very interesting implant associated with this APT. averageorganicfallfaw[.]shop

Phishing 83

Phishing Encryption Banking Malware 83

Thales Cloud Protection & Licensing

JULY 2, 2025

Multiple partitions allow organizations to have wallets with different cryptocurrencies in one HSM with a logically separated design. They support both cold and hot wallet environments for cryptocurrency and digital asset management. They support both cold and hot wallet environments for cryptocurrency and digital asset management.

Backups 62

Backups Cryptocurrency Banking Encryption 62

Security Affairs

FEBRUARY 23, 2025

from Bybit, it is the largest cryptocurrency heist ever Apple removes iCloud encryption in UK following backdoor demand B1acks Stash released 1 Million credit cards U.S. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole $1.5B

Scams 66

Scams Malware Encryption Phishing 66

Penetration Testing

JULY 9, 2025

The malware’s infection chains and system persistence methods echo those used in DPRK’s cryptocurrency-stealing operations—albeit now adapted and deployed globally by Russia-affiliated threat actors. If this article helped you, please share it with others who might benefit.

Malware 77

Malware Surveillance InfoSec Penetration Testing 77

Security Affairs

DECEMBER 12, 2024

Microsoft also assesses that in January 2024, Secret Blizzard used the backdoor of Storm-1837, a Russia-based threat actor, to download the Tavdig and KazuarV2 backdoors on a target device in Ukraine. Storm-1919 often deploys XMRIG cryptocurrency miners via Amadey bots, used globally in 2024.

Cybercrime 49

Cybercrime Malware Hacking Cryptocurrency 49