Accountability, Cryptocurrency, Information Security and Malware

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability

Accountability Malware Phishing Social Engineering

Crooks manipulate GitHub’s search results to distribute malware

Security Affairs

APRIL 13, 2024

Researchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported that t hreat actors are manipulating GitHub search results to deliver persistent malware to developers systems. csproj or.vcxproj), it is automatically executed when the project is built.

Malware

Malware Cryptocurrency Encryption Hacking

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

Security Affairs

DECEMBER 31, 2021

The Have I Been Pwned data breach notification service now includes credentials for 441K accounts that were stolen by RedLine malware. The Have I Been Pwned data breach notification service now allows victims of the RedLine malware to check if their credentials have been stolen. SecurityAffairs – hacking, malware).

Accountability

Accountability Malware Data breaches Passwords

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. environment. The author used Node.js

Accountability

Accountability Cryptocurrency Malware Phishing

New Bandit Stealer targets web browsers and cryptocurrency wallets

Security Affairs

MAY 28, 2023

Bandit Stealer is a new stealthy information stealer malware that targets numerous web browsers and cryptocurrency wallets. Trend Micro researchers discovered a new info-stealing malware, dubbed Bandit Stealer, which is written in the Go language and targets multiple browsers and cryptocurrency wallets.

Cryptocurrency

Cryptocurrency Malware Advertising Phishing

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Researchers uncovered an ongoing campaign abusing popular messaging platforms Skype and Teams to distribute the DarkGate malware. The threat actors abused popular messaging platforms such as Skype and Teams to deliver a script used as a loader for a second-stage payload, which was an AutoIT script containing the DarkGate malware.

Malware

Malware Cryptocurrency Accountability Cybercrime

3CX Supply chain attack allowed targeting cryptocurrency companies

Security Affairs

APRIL 4, 2023

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. The products from multiple cybersecurity vendors started detecting the popular software as malware suggesting that the company has suffered a supply chain attack. The wirexpro[.]com

Cryptocurrency

Cryptocurrency Malware Software Manufacturing

New Zealand-based cryptocurrency exchange Cryptopia hacked again

Security Affairs

FEBRUARY 28, 2021

The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019 security breach. In 2019, the New Zealand-based cryptocurrency exchange Cryptopia discloses a cyber attack that took place on January 14th. According to the local news site Stuff , a creditor, U.S.

Cryptocurrency

Cryptocurrency Hacking Cyber Attacks Accountability

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. The ASEC analysis team recently discovered that a Linux malware developed with shell script compiler ( shc ) that threat actors used to install a CoinMiner. ” continues the report.

Malware

Malware DDOS Cryptocurrency Firewall

German police seized the dark web marketplace Kingdom Market

Security Affairs

DECEMBER 20, 2023

The Kingdom Market was established in March 2021, the offer of the dark web marketplace included drugs, malware, stolen data, and forged documents. Kingdom Market boasted tens of thousands of customer accounts and several hundred registered sellers, featuring a listing that comprised 42,000 items. ” states US court documents.

Marketing

Marketing Cryptocurrency Accountability Banking

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. ” continues the analysis.

Malware

Malware Cryptocurrency Advertising Accountability

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Security Affairs

MARCH 3, 2020

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups. for helping North Korea-linked hackers in laundering cryptocurrency. The cryptocurrency have been stolen by the APT groups from two cryptocurrency exchanges. and Li Jiadong (???),

Cryptocurrency

Cryptocurrency Banking Hacking Accountability

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

In early January 2024, software firm Ivanti reported that threat actors were exploiting two zero-day vulnerabilities ( CVE-2023-46805, CVE-2024-21887 ) in Connect Secure (ICS) and Policy Secure to remotely execute arbitrary commands on targeted gateways. x and Ivanti Policy Secure. The flaw CVE-2023-46805 (CVSS score 8.2)

VPN

VPN Malware Authentication Small Business

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. Image: Mandiant.

Malware

Malware Software Technology Accountability

Hacker stole $2 million worth of Dai cryptocurrency from Akropolis

Security Affairs

NOVEMBER 13, 2020

Threat actors have stolen $2 million worth of Dai cryptocurrency from the cryptocurrency borrowing and lending service Akropolis. Cryptocurrency borrowing and lending service Akropolis disclosed a “flash loan” attack, hackers have stolen roughly $2 million worth of Dai cryptocurrency. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Hacking Accountability Information Security

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. According to law enforcement bodies, the gang provides services to multiple malware operations, including Dridex , GozNym , and Trickbot. ” states the DoJ. Pierluigi Paganini.

Malware

Malware Banking Cryptocurrency Cybercrime

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

U.S. and Australian police arrested Firebird RAT author and operator

Security Affairs

APRIL 14, 2024

He explained to one buyer that the malware allowed access to another person’s computer without their knowledge. When informed that the target had significant cryptocurrency and project files, Chakhmakhchyan agreed to sell the Hive RAT. ” reported the DoJ. ” continues DoJ.

Computers and Electronics

Computers and Electronics Advertising Cryptocurrency Malware

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

XCSSET, a Mac malware targeting Xcode developers, was now re-engineered and employed in a campaign aimed at Apple’s new M1 chips. Experts from Trend Micro have uncovered a Mac malware campaign targeting Xcode developers that employed a re-engineered version of the XCSSET malware to support Apple’s new M1 chips.

Malware

Malware Cryptocurrency Architecture Engineering

New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users

Security Affairs

JANUARY 5, 2021

Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously undetected RAT named ElectroRAT. ” continues the variant.

Cryptocurrency

Cryptocurrency Media Advertising Marketing

SOVA Android malware now also encrypts victims’ files

Security Affairs

AUGUST 15, 2022

Security researchers from Cleafy reported that the SOVA Android banking malware is back and is rapidly evolving. The malware has been active since 2021 and evolves over time. targets over 200 banking and cryptocurrency exchange apps. SecurityAffairs – hacking, SOVA Android banking malware). Pierluigi Paganini.

Encryption

Encryption Malware Banking Ransomware

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw

Scams

Scams DDOS Cryptocurrency Accountability

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

Security Affairs

SEPTEMBER 16, 2022

Threat actors target gamers looking for cheats on YouTube with the RedLine Stealer information-stealing malware and crypto miners. The malicious code can also act as first-stage malware. “Cybercriminals actively hunt for gaming accounts and gaming computer resources. ” reads the report published by Kaspersky.

Malware

Malware Cryptocurrency Hacking Passwords

New Lobshot hVNC malware spreads via Google ads

Security Affairs

MAY 1, 2023

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. ” reads the report published by Elastic Security Labs.

Malware

Malware Cybercrime Banking Software

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

USCYBERCOM shares five new North Korea-linked malware samples

Security Affairs

MAY 13, 2020

The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT , it has uploaded the malicious code to VirusTotal. ” reads the DHS CISA’s advisory.

Malware

Malware Advertising Government Cryptocurrency

Erbium info-stealing malware, a new option in the threat landscape

Security Affairs

SEPTEMBER 27, 2022

Threat actors behind the new ‘Erbium’ information-stealing malware are distributing it as fake cracks and cheats for popular video games to steal victims’ credentials and cryptocurrency wallets. The Malware-as-a-Service (MaaS) was advertised on a Dark Web forum by a Russian-speaking threat actor.

Malware

Malware Password Management Authentication Passwords

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

Security Affairs

NOVEMBER 13, 2023

The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks. The group created multiple domains to trick recruiters into registering for an account. The experts noticed that the ObjCShellz malware shares similarities with the RustBucket malware campaign associated with the BlueNoroff APT group.

Social Engineering

Social Engineering Cryptocurrency Engineering Malware

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Security Affairs

FEBRUARY 19, 2024

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. The malware is now promoted on English-speaking hacking forums, it works on both 32-bit and 64-bit operating systems. in the stolen data.

Identity Theft

Identity Theft Cryptocurrency Cybercrime Hacking

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Security Affairs

JANUARY 2, 2024

JinxLoader is a new Go-based loader that was spotted delivering next-stage malware such as Formbook and XLoader. Researchers from Palo Alto Networks and Symantec warned of a new Go-based malware loader called JinxLoader, which is being used to deliver next-stage payloads such as Formbook and XLoader. net on 2023-04-30.

Malware

Malware Passwords Cryptocurrency Hacking

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Security Affairs

JANUARY 4, 2024

Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner. The packages have the same author, known as “sastra”, who created a PyPI account shortly before uploading the first of them. The first stage of the malware resides in the processor.py

Cryptocurrency

Cryptocurrency Accountability Malware Hacking

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Advertising Phishing Passwords

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. “Dragos only tested the DirectLogic-targeting malware.

Passwords

Passwords Software Firmware Malware

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. Security experts from ThreatFabric have discovered a new Android banking trojan dubbed BlackRock that steals credentials and credit card data from a list of 337 apps.

Malware

Malware Banking Mobile Spyware

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware

Malware Cybercrime Cryptocurrency Media

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs

MARCH 23, 2023

Nexus is available via a Malware-as-a-Service (MaaS) subscription and is advertised on underground forums or through private channels (e.g., “Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception.

Banking

Banking Cryptocurrency Malware Advertising

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

The malware also targets crypto wallet extensions, password managers, and 2FA extensions. The authors are actively developing malware to evade detection, but no specific attacks have been attributed to the Meduza Stealer to date. The malware admin declared that their operations do not involve any ransom activities.

Password Management

Password Management Passwords Malware Antivirus

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. Install the latest version of Malware Remover.

Cryptocurrency

Cryptocurrency Firmware Malware Passwords

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence

Artificial Intelligence Data breaches Scams Insurance

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware

Malware Cybercrime Cryptocurrency Social Engineering

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs

AUGUST 7, 2018

Group-IB researchers have investigated user data leaks from cryptocurrency exchanges and has analyzed the nature of these incidents. In 2017, when cryptocurrencies were gaining momentum, their record-breaking capitalization and a spike in Bitcoin’s exchange rate led to dozens of attacks on cryptocurrency services.

Cryptocurrency

Cryptocurrency Passwords Authentication Accountability

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

VPN

VPN Cybercrime Ransomware Hacking

YouTube creators’ accounts hijacked with cookie-stealing malware

Crooks manipulate GitHub’s search results to distribute malware

Trending Sources

The Have I Been Pwned service now includes 441K accounts stolen by RedLine malware

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

New Bandit Stealer targets web browsers and cryptocurrency wallets

DarkGate malware campaign abuses Skype and Teams

3CX Supply chain attack allowed targeting cryptocurrency companies

New Zealand-based cryptocurrency exchange Cryptopia hacked again

New shc Linux Malware used to deploy CoinMiner

German police seized the dark web marketplace Kingdom Market

New MrbMiner malware infected thousands of MSSQL DBs

US officials charge two Chinese men for laundering cryptocurrency for North Korea

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

3CX Breach Was a Double Supply Chain Compromise

Hacker stole $2 million worth of Dai cryptocurrency from Akropolis

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Xenomorph malware is back after months of hiatus and expands the list of targets

U.S. and Australian police arrested Firebird RAT author and operator

XCSSET malware now targets macOS 11 and M1-based Macs

New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users

SOVA Android malware now also encrypts victims’ files

Interview With a Crypto Scam Investment Spammer

Experts warn of self-spreading malware targeting gamers looking for cheats on YouTube

New Lobshot hVNC malware spreads via Google ads

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Wannacry, the hybrid malware that brought the world to its knees

Threat actors target crypto and NFT communities with Babadeda crypter

USCYBERCOM shares five new North Korea-linked malware samples

Erbium info-stealing malware, a new option in the threat landscape

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Tainted password-cracking software for industrial systems used to spread P2P Sality bot

New Android BlackRock malware targets hundreds of apps

Google obtained a temporary court order against CryptBot distributors

Nexus, an emerging Android banking Trojan targets 450 financial apps

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Group-IB experts record a massive surge of user data leaks form cryptocurrency exchanges

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected