SecureList

MARCH 5, 2025

Dynamics of Windows Packet Divert detections ( download ) The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. The counter at the time of posting the video showed more than 40,000 downloads. After the download, it saves the payload named t.py com , which hosted the infected archive.

Malware 106

Malware Cryptocurrency Antivirus Technology 106

SecureList

APRIL 8, 2025

Instead of the description copied from GitHub, the visitor is presented with an imposing list of office applications complete with version numbers and “Download” buttons. io/download. Page for downloading the suspicious archive Clicking that button finally downloads a roughly seven-megabyte archive named vinstaller.zip.

Passwords 79

Passwords Cryptocurrency Software Antivirus 79

Security Affairs

JULY 18, 2025

The software can be downloaded from the police website and Europol’s NoMoreRansom site. NoMoreRansom warns users to remove the malware first with a reliable antivirus before using the decryptor, or files may be re-encrypted repeatedly. Despite false malware flags from some browsers, tests confirm it works and is safe.

Ransomware 133

Ransomware Encryption Malware Cybercrime 133

eSecurity Planet

MARCH 10, 2025

A new wave of cyberattacks is sweeping through Russia as cybercriminals deploy the so-called SilentCryptoMiner a cryptocurrency miner masquerading as a legitimate internet bypass tool. Beyond cryptocurrency theft, such attacks could pave the way for further exploitation, including deploying remote access tools (RATs) and stealers.

VPN 52

VPN Antivirus Cryptocurrency Malware 52

SecureList

APRIL 23, 2025

Variants of Lazarus’ malicious tools, such as ThreatNeedle, Agamemnon downloader, wAgent, SIGNBT, and COPPERHEDGE, were discovered with new features. LPEClient LPEClient is a tool known for victim profiling and payload delivery ( T1105 ) that has previously been observed in attacks on defense contractors and the cryptocurrency industry.

Malware 139

Malware Software Encryption Internet 139

SecureList

APRIL 21, 2025

Fake Telegram channels for pirated content and cryptocurrencies. The attackers create Telegram channels with names containing keywords related to cryptocurrencies or pirated content, such as software, movies, etc. txt file contains aBase64-encoded PowerShell script that then downloads and runs theLumma Stealer. shop/firefire[.]png.

Malware 77

Malware Cryptocurrency Software Antivirus 77

eSecurity Planet

MAY 27, 2025

Traditional antivirus systems usually fail to detect suspicious activity due to this. Some warning signs the FBI says to watch out for: Unexpected downloads of remote access tools. Be cautious of unusual downloads, remote access tools, or sudden file transfers to unfamiliar IP addresses.

Phishing 60

Phishing Scams Antivirus Backups 60

Cisco Security

JULY 7, 2025

A PDF of the report can be downloaded directly from the National Academies, and a webinar that walks viewers through the report’s findings is also available. Endpoint security still meant antivirus agents. The More Things Change, the More They Stay the Same Two decades is a long time in the cybersecurity world.

Cyber Risk 101

Cyber Risk Media Risk Cybersecurity 101

eSecurity Planet

FEBRUARY 17, 2025

Simply put, they are antivirus solutions. In fact, it is one of the most popular antivirus solutions. Per 6sense, McAfee Cloud Security makes up 12.47% of the worldwide antivirus market share. Plus, it stops unsafe downloads in Microsoft Edge and other supported apps. 5 Pricing: 5/5 Core features: 3.5/5 5 Pricing: 4.7/5

Antivirus 67

Antivirus Identity Theft VPN Spyware 67

Security Boulevard

MARCH 24, 2025

Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign Infosecurity Magazine Threat actors are leveraging a "bring your own vulnerable driver" (BYOVD) attack to bypass Windows security measures. These threat actors go to lengths to bury the actual commands used in malicious.LNK files which download malware onto the machine.

Surveillance 75

Surveillance Telecommunications Data breaches Spyware 75

Digital Shadows

NOVEMBER 26, 2024

Attackers exploiting cloud accounts pose significant risks, targeting virtual machines (VMs) for activities like cryptocurrency mining, leading to unexpected costs for organizations. While the guides themselves aren’t a direct threat, their availability—sometimes shared freely for anyone to download—can lead to an uptick in cyber attacks.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Malwarebytes

FEBRUARY 20, 2025

ACRStealer is often distributed via the tried and tested method of download as cracks and keygens , which are used in software piracy. Keep threats off your devices by downloading Malwarebytes today. The infostealer has been around since mid-2024 (as a beta test), but its only really taken off in 2025. ID-number}.

Identity Theft 97

Identity Theft Malware Financial Services Antivirus 97

Security Affairs

JULY 25, 2025

Attackers exploit a misconfigured server to drop backdoors and download two JPEG polyglot files via shortened URLs. The images are polyglot files that hide malicious code appended at the end and execute directly in memory to evade antivirus detection. One is C code compiled into a rootkit.so ” continues the report.

Malware 81

Malware Artificial Intelligence DNS Antivirus 81

Schneier on Security

MAY 14, 2020

The first of the new malware variants, COPPERHEDGE , is described as a Remote Access Tool (RAT) "used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities." It's interesting to see the US government take a more aggressive stance on foreign malware.

Government 268

Government Malware Antivirus Cryptocurrency 268

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 350

Malware Cryptocurrency Software Phishing 350

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus 137

Antivirus Malware DNS Cryptocurrency 137

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus 144

Antivirus Cryptocurrency Malware Software 144

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. The initial stage of these trojans is generally the execution of a dropper in a form of a VBS, JScript, or MSI file that downloads from the Cloud (AWS, Google, etc.) the trojan loader/injector.

Antivirus 138

Antivirus Malware Banking Internet 138

Security Affairs

MARCH 28, 2019

In 2018, the Lazarus APT group targeted several cryptocurrency exchanges , including the campaign tracked as Operation AppleJeus discovered in August 2018. If you’re part of the booming cryptocurrency or technological startup industry, exercise extra caution when dealing with new third parties or installing software on your systems.”

Cryptocurrency 111

Cryptocurrency Malware Advertising Antivirus 111

Krebs on Security

MARCH 28, 2021

Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. But Watson said they don’t know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain.

Hacking 363

Hacking Cybercrime DNS Antivirus 363

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency 145

Cryptocurrency Malware Antivirus Phishing 145

Security Affairs

SEPTEMBER 2, 2020

The malware has been active since at least December 2018, it targets cryptocurrency users as a triple threat. The malware uses the victim’s resource to mine cryptocurrency, steals cryptocurrency wallet-related files, and replaces wallet addresses in the clipboard to hijack cryptocurrency payments.

Cryptocurrency 144

Cryptocurrency Antivirus Malware Advertising 144

The Last Watchdog

SEPTEMBER 6, 2023

Over time, Bitcoin has become the most widely used cryptocurrency in the world. To avoid potential vulnerabilities, keep your operating system, antivirus software, and other security tools up to date. Refrain from installing illegal or dubious software, and only download wallets from reliable sources. Ashford Be wary of fraud.

Cryptocurrency 100

Cryptocurrency Backups Passwords Software 100

Security Affairs

FEBRUARY 22, 2021

Excel documents created with the APOMacroSploit builder are capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection. The macro is triggered automatically when the victim opens the document, and downloads a BAT file from cutt.ly.”

Malware 144

Malware Antivirus Phishing Cryptocurrency 144

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . Researchers at Z s caler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. .

Cryptocurrency 111

Cryptocurrency Malware Advertising Antivirus 111

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns.

Cryptocurrency 138

Cryptocurrency Antivirus Manufacturing Government 138

SecureList

OCTOBER 4, 2024

In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims’ devices without user consent; they’ve used large amounts of resources for distribution, but what’s more, used multiple unusual vectors for defense evasion and persistence.

Scams 145

Scams Cryptocurrency Malware Software 145

SecureList

DECEMBER 27, 2022

We have published technical details of how this notorious group steals cryptocurrency before. The first new method the group adopted is aimed at evading the Mark-of-the-Web (MOTW) flag, the security measure whereby Windows displays a warning message when the user tries to open a file downloaded from the internet. Remote URL: [link].

Malware 145

Malware Banking Passwords Antivirus 145

Approachable Cyber Threats

JULY 7, 2022

It also serves as an easy access point for more advanced hackers and scammers to target specific organizations, or even harvest cryptocurrency. Earlier Raccoon Stealer campaigns allowed criminals to steal $13,200 worth of cryptocurrency and mine another $2,900 worth over a six month period, all for the cost of around $1,250. “So

Social Engineering 105

Social Engineering Cryptocurrency Malware Antivirus 105

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. sellsourcecode.alpha) Powerful Cleaner, Antivirus (com.pagnotto28.sellsourcecode.supercleaner).

Banking 98

Banking Antivirus Mobile Malware 98

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer. Back then, cybercriminals distributed malware under the guise of the Malwarebytes antivirus installer.

DNS 145

DNS Antivirus Malware Encryption 145

Security Affairs

AUGUST 21, 2022

” The infection chain begins with a spear-phishing message written in Spanish that includes a link that points to a website that further downloads a malicious ZIP archive on the victim’s machine. .” ” reads the post published by Zscaler. That’s not all. ” concludes the report.

Banking 112

Banking Malware Antivirus Phishing 112

CyberSecurity Insiders

JUNE 27, 2023

2. Financial Loss: Attackers often demand payment in cryptocurrencies, making it difficult to trace and retrieve the funds. 3. Consider the following preventive measures: 1. Update Software: Keep your smartphone’s operating system, apps, and antivirus soft-ware up to date.

Ransomware 107

Ransomware Antivirus Backups Encryption 107

eSecurity Planet

SEPTEMBER 15, 2022

The Shikitega attack consists of a “multistage infection chain where each module responds to a part of the payload and downloads and executes the next one,” the AT&T researchers wrote. Once the CRONs are set, there’s no need to keep downloaded files, so the malware deletes them to evade detection. Multistage Infection Chain.

Malware 117

Malware Social Engineering System Administration Antivirus 117

Security Affairs

JULY 25, 2019

Researchers at Intezer have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining botnet, that also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep vulnerability (CVE-2019-0708). ” reads a blog post published by Intezer.

Cryptocurrency 105

Cryptocurrency Malware Internet Internet 105

Security Affairs

MARCH 29, 2023

The attackers take advantage of the fact that the official Tor Project has been banned in Russia since the end of 2021, so users in Russia search for third-party repositories to download the Tor browser. The victims download the Tor Browser from a third-party server and execute it as torbrowser.exe. ” concludes the report.

Malware 98

Malware Passwords Cryptocurrency Antivirus 98

Digital Shadows

JUNE 7, 2021

It’s been a pretty big year so far for cryptocurrency. Cryptocurrencies’ current total market cap sits just above $1.7 The cryptocurrency exchange Coinbase recently launched an IPO, India has reversed a ban on cryptocurrencies, and ransomware groups continue to demand payment in anonymity-based cryptocurrency.

Cryptocurrency 52

Cryptocurrency Phishing Advertising Antivirus 52