SecureList

MAY 6, 2024

With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.

Phishing 97

Phishing Banking Mobile Scams 97

Malwarebytes

JULY 19, 2021

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. Folks already involved in cryptocurrency would likely have suspicions raised after reading the below. It’s all about that personal touch in the land of cryptocurrency scams.

Accountability 102

Accountability Scams Cryptocurrency Banking 102

Malwarebytes

SEPTEMBER 11, 2023

The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing. exe and a bundled script.

Malware 110

Malware Social Engineering Cryptocurrency Cybercrime 110

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 282

Malware Software Technology Accountability 282

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 84

Cryptocurrency Social Engineering Accountability Media 84

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. A threat actor gained access to a tool used by the company’s customer support and account administration teams. Trezor WARNING: Elaborate Phishing attack.

Phishing 116

Phishing Data breaches Cryptocurrency Social Engineering 116

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 97

Scams Phishing Cryptocurrency Social Engineering 97

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 96

Cryptocurrency Malware Authentication Banking 96

Security Boulevard

MAY 19, 2022

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. Key points.

Media 64

Media Social Engineering Backups Passwords 64

Malwarebytes

OCTOBER 20, 2022

A phishing campaign known to specifically target employees with access to their company's Facebook Business and Ads accounts has significantly widened its net and begun using a first-of-its-kind information-stealing malware to go after crypto wallets. Social engineering attacks and malware form the core of Ducktail's modus operandi.

Social Engineering 73

Social Engineering Malware Accountability Engineering 73

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. was not accidental, because agent-base is the name of a legitimate npm package with tens of million downloads.

Encryption 79

Encryption Social Engineering Malware Cryptocurrency 79

Malwarebytes

APRIL 7, 2021

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. According to the Washington Post , the fake Trezor app, which was on the App Store for at least two weeks (from 22 January to 3 February), was downloaded 1,000 times before it was taken down.

Cryptocurrency 102

Cryptocurrency Scams Engineering Accountability 102

Malwarebytes

AUGUST 13, 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. One of the sneakiest ways to grab a code is to jump into customer support discussions on social media. Scammers set up fake customer support style accounts, then direct potential victims to phishing pages hosted elsewhere. Recovery code theft.

Scams 102

Scams Cryptocurrency Social Engineering Media 102

Krebs on Security

AUGUST 30, 2022

In a blog post earlier this month, Cloudflare said it detected the account takeovers and that no Cloudflare systems were compromised. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials.

Mobile 292

Mobile Phishing Authentication Accountability 292

Security Affairs

JANUARY 23, 2022

” Malicious websites could also deliver malware on the victims’ devices or hijack their payments to accounts under their control. Never download an app from a QR code, avoid making any payment requested through unsolicited email that uses social engineering techniques to trick recipients into scanning the embedded QR code.

Cryptocurrency 98

Cryptocurrency Social Engineering Malware Scams 98

eSecurity Planet

SEPTEMBER 15, 2022

The Shikitega attack consists of a “multistage infection chain where each module responds to a part of the payload and downloads and executes the next one,” the AT&T researchers wrote. Two of them regard the current user and the rest are for the root account. See the Top Patch Management Solutions. Multistage Infection Chain.

Malware 116

Malware Social Engineering System Administration Antivirus 116

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm. How to spot phishing emails.

Phishing 90

Phishing Social Engineering Scams Identity Theft 90

SC Magazine

MAY 12, 2021

Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app. If targets later tried to withdraw funds or close the account, the attackers would block access. Photo by Justin Sullivan/Getty Images).

Scams 62

Scams Cryptocurrency Social Engineering Banking 62

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 87

Spyware Hacking Malware Social Engineering 87

eSecurity Planet

SEPTEMBER 14, 2022

To this end, some impressive technology has been created to combat the technological side of the issue, to keep hackers and similar bad actors from accessing data and account privileges they shouldn’t. Then, we’ll go over the basic, foundational techniques most scammers find themselves using, such as social engineering and phishing.

Social Engineering 119

Social Engineering Energy and Utilities Phishing Scams 119

Security Affairs

AUGUST 16, 2023

The content of the message attempt to trick the recipient into scanning the code to verify their account. “Email lures came in the form of updating account security surrounding 2FA, MFA, and general account security. The emails urge the recipient to complete the procedure in 2-3 days. ” continues the report.

Phishing 86

Phishing Energy and Utilities Insurance Manufacturing 86

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In fact, from January through the end of October, Kaspersky detected more than 2,300 fraudulent global resources aimed at 85,000 potential crypto investors or users who are interested in cryptocurrency mining. Extortion on the rise.

Cryptocurrency 108

Cryptocurrency Banking Cybercrime Ransomware 108

SecureWorld News

AUGUST 2, 2022

New research from security firm CloudSEK shows that more than 3,200 mobile applications were leaking Twitter API (Application Program Interface) keys, which can be used to gain access and take over user accounts. Of those, 230 were leaking all four authorization credentials and could be used to fully take over Twitter accounts.

Mobile 85

Mobile Accountability Identity Theft Cryptocurrency 85

SecureList

NOVEMBER 22, 2022

Unlike common stealers, this malware gathered data that can be used to identify the victims, such as browsing histories, social networking account IDs and Wi-Fi networks. Cryptocurrency targeted attacks. More cryptocurrency-related threats: fake hardware wallets, smart contract attacks, DeFi hacks, and more.

Cryptocurrency 90

Cryptocurrency Mobile Ransomware Banking 90

SecureList

SEPTEMBER 6, 2022

One of the most outstanding examples involves $2 million ‘s worth of CS:GO skins stolen from a user’s account , which means that losses can get truly grave. The share of various Trojans that use popular games as a lure remains solid, with Trojan-SMS, Trojan-Downloader, and Trojan-Spy among the TOP 10 threats. Trojan-SMS.

Mobile 99

Mobile Passwords Software Accountability 99

Security Boulevard

AUGUST 3, 2022

230 apps were leaking all four 0Auth authentication credentials and could be used to fully take over Twitter accounts to perform critical/sensitive actions. Some of those sensitive actions include reading Direct Messages, retweeting, deleting messages, liking messages, and getting account settings. Twitter API.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

SecureWorld News

OCTOBER 12, 2021

SecureWorld News just analyzed dozens of pages of court documents to understand this story of the Naval Engineer—an insider—who is accused of going rogue in a high-tech and high-stakes operation. Tools involved digital media, encrypted communication, cryptocurrency, and secret data handoffs. The email stated, “We received your letter.

Social Engineering 89

Social Engineering Engineering Encryption Cryptocurrency 89

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. For example, one website offered users to obtain a COVID vaccination certificate by entering their British National Health Service (NHS) account credentials.

Phishing 94

Phishing Scams Accountability Energy and Utilities 94

SecureList

JULY 11, 2022

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. The latter are usually downloaded from open sources. Attackers can also create fake profiles in social networks and instant messengers to make the scheme more persuasive. Statistics.

Scams 101

Scams Accountability Banking Phishing 101

Security Affairs

JANUARY 27, 2022

Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. However, the App Store doesn’t publicly share download data. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft 86

Identity Theft Accountability Data breaches Social Engineering 86

CyberSecurity Insiders

NOVEMBER 26, 2021

Ransomware, a piece of code that locks the user out of their machine until a ‘ransom’ (usually a sum of money in cryptocurrency) is paid, looks set to continue to rise in 2022 also. Employees should download app updates for email clients and anti-malware software as soon as they are available. 2) Create strong passwords.

Digital transformation 119

Digital transformation Phishing Social Engineering Passwords 119

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. Links account for 29%, while attachments—for 71%. Another trend was disguising malware in emails.

Ransomware 71

Ransomware Antivirus Malware Banking 71

SecureList

AUGUST 23, 2021

Analysts predict that mobile gaming will account for $90.7 Last year’s lockdowns gave a boost to the mobile market, with users downloading thirty percent more mobile games per week in Q1 2021 than in Q4 2019 globally, reaching over one billion weekly downloads. Global consumer spending on mobile games reached $44.7

Adware 115

Adware Mobile Phishing Malware 115

Security Affairs

JULY 19, 2020

The social media giant Twitter confirmed that hackers compromised 130 accounts in last week hack and downloaded data from eight of them. The social media platform Twitter suffered one of the biggest cyberattacks in its history, multiple high-profile accounts were hacked. You send $1,000, I send you back $2,000.”.

Accountability 102

Accountability Social Engineering Media Hacking 102

Malwarebytes

APRIL 11, 2023

Information can be retrieved or downloaded without your consent. There are crawlers that can search your phone for personally identifiable information (PII), account credentials, banking-related or credit card data in seconds. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!”

Mobile 98

Mobile Banking Malware Spyware 98

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. Let’s look at a few primary examples.

Scams 108

Scams Phishing Firewall Social Engineering 108

SecureList

MARCH 1, 2021

In their campaigns to infect mobile devices, cybercriminals always resort to social engineering tools, the most common of these passing a malicious application off as another, popular and desirable one. Number of attacks on mobile users in 2019 and 2020 ( download ). Users attacked by adware in 2018 through 2020 ( download ).

Mobile 135

Mobile Malware Adware Banking 135