Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 101

Cryptocurrency Malware Authentication Banking 101

SecureWorld News

AUGUST 29, 2023

An advisory from the company states that a "highly sophisticated" SIM swapping attack targeted one of Kroll's employees, resulting in unauthorized access to personal information related to bankruptcy claimants associated with cryptocurrency firms FTX, BlockFi, and Genesis.

Cryptocurrency 87

Cryptocurrency Phishing Social Engineering Accountability 87

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency 91

Cryptocurrency Social Engineering Malware Cybercrime 91

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 80

Phishing Banking Mobile Scams 80

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 115

Phishing Data breaches Cryptocurrency Social Engineering 115

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 94

Scams Phishing Cryptocurrency Social Engineering 94

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. How do Phone Company Insiders enable these scams? The Community wasn't a place online, just the name of their group.

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 357

Phishing VPN Social Engineering Media 357

Malwarebytes

MAY 15, 2022

Things become even worse when social engineering combines with publicly available data to make it even more convincing. We see criminals gravitating to digital payment systems, cryptocurrencies, and even gift cards across most realms of attack. 2 factor authentication and password managers are good places to start.

Scams 124

Scams Social Engineering Password Management Engineering 124

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm.

Phishing 91

Phishing Social Engineering Scams Identity Theft 91

Malwarebytes

MARCH 5, 2024

Separately, in September 2023, Malwarebytes discovered a cybercriminal campaign that tricked Mac users into accidentally installing a type of malware that can steal passwords, browser data, cookies, files, and cryptocurrency. But users who clicked the Mac download button instead received AMOS.

Malware 137

Malware Adware Ransomware Social Engineering 137

Security Affairs

AUGUST 6, 2023

” Since at least December 17, 2022, the group has used a new naming pattern for its domains containing keywords related to information technology and cryptocurrency. Some examples are cloudrootstorage[.]com, com, directexpressgateway[.]com, com, storagecryptogate[.]com, com, and pdfsecxcloudroute[.]com. ” concludes the report.

Phishing 77

Phishing Social Engineering Authentication Cryptocurrency 77

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 85

Spyware Hacking Malware Social Engineering 85

SC Magazine

MAY 12, 2021

Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app. Make sure passwords are not the company’s only security control,” Carson said. Photo by Justin Sullivan/Getty Images). Do not make it easy for them.

Scams 62

Scams Cryptocurrency Social Engineering Banking 62

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. “Most of the observed malware was capable of stealing both user passwords and cookies. The hackers used fake collaboration opportunities (i.e.

Accountability 125

Accountability Malware Phishing Social Engineering 125

SecureWorld News

AUGUST 2, 2022

The report explains in more detail: "Since the Twitter API provides direct access to a Twitter account, there must be some form of authentication involved. Sending passwords with each request to the API is not an efficient and secure method. To understand it intuitively, suppose that you have the color red as your password.

Mobile 87

Mobile Accountability Identity Theft Cryptocurrency 87

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

eSecurity Planet

SEPTEMBER 14, 2022

Often, a scammer will simply target the people in a company and fool them into giving up their personal details, account passwords, and other sensitive information and gain access that way. Then, we’ll go over the basic, foundational techniques most scammers find themselves using, such as social engineering and phishing.

Social Engineering 118

Social Engineering Energy and Utilities Phishing Scams 118

Security Affairs

SEPTEMBER 2, 2018

The Loki Bot attacks started in July and aimed at stealing passwords from browsers, messaging applications, mail and FTP clients, and cryptocurrency wallets. Loki Bot operators employ various social engineering technique to trick victims into opening weaponized attachments that would deploy the Loki Bot stealer.

Social Engineering 53

Social Engineering Cryptocurrency Advertising Malware 53

Security Affairs

JANUARY 3, 2024

Besides Artificial Intelligence to scale operations, in a novel approach to circumvent two-factor authentication (2FA), the perpetrators crafted malicious Android code that mimics official mobile banking applications. Utilizing AI-driven bots for advanced social engineering techniques.

Artificial Intelligence 117

Artificial Intelligence Banking Scams Cybercrime 117

CyberSecurity Insiders

APRIL 4, 2023

One method is to directly purchase cryptocurrency or gift cards through websites using stolen credit card information, which is popular for U.S. Nowadays, man-in-the-middle attack phishing techniques have become the mainstream, and one-time-password (OTP) authentication is insufficient to defend against these attacks anymore.

Phishing 67

Phishing Social Engineering Authentication eCommerce 67

Identity IQ

FEBRUARY 8, 2024

Transactions on the dark web are typically conducted using cryptocurrencies such as Bitcoin to maintain anonymity. Transactions on the dark web are often carried out with Bitcoin or other cryptocurrencies, which are unregulated and difficult to trace back to the user. Turn on multifactor authentication for all online accounts.

Identity Theft 98

Identity Theft Cryptocurrency Government Engineering 98

SecureList

SEPTEMBER 6, 2022

When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money.

Mobile 96

Mobile Passwords Software Accountability 96

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “These guys were not leet , just damn persistent.” ” HOW DID WE GET HERE?

Social Engineering 243

Social Engineering Phishing Engineering Accountability 243

Security Boulevard

MAY 19, 2022

These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. 50;true;movies:music:mp3; This configuration is the default with every stealing function enabled (passwords, cryptocurrency wallets, two-factor authentication, etc).

Media 64

Media Social Engineering Backups Passwords 64

Security Affairs

JANUARY 27, 2022

Other affected businesses include Chip, a UK-based savings app boasting 400,000 users; Hoolah, a shopping app with over 100,000 installs ; Mode, a cryptocurrency app with over 50,000 installs ; and Greenwheels, a car-sharing service with over 50,000 installs. Threat actors can abuse PII to conduct phishing and social engineering attacks.

Identity Theft 85

Identity Theft Accountability Data breaches Social Engineering 85

Spinone

NOVEMBER 1, 2019

Authenticator – a method of how a user can prove his/her identity to a system. It can be a password, a fingerprint, a face scan. Group Authenticator – used to allow access to specific data or functions that may be shared by all members of a particular group. The most widespread spyware are keyloggers and trojans.

Passwords 40

Passwords Social Engineering Malware Encryption 40

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. To lend an air of authenticity and to motivate the victim to enter valid information, the swindlers warned that the victim could be prosecuted for providing false information.

Phishing 90

Phishing Scams Accountability Energy and Utilities 90

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 233

Cryptocurrency Cybercrime Computers and Electronics Scams 233

Security Boulevard

MARCH 31, 2022

RedLine Password Theft Malware. The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Passwords: An Easy Target. Let’s not mince words: passwords are difficult for most organizations to manage. Let’s not mince words: passwords are difficult for most organizations to manage.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 236

Mobile Cryptocurrency Accountability Passwords 236

SecureList

AUGUST 23, 2021

Most threats uncovered on PC and mobile devices were adware, but dangerous malware was also present: from stealers to bankers, often leading to the loss of not just credentials but money, including cryptocurrency. These schemes generally result in logins and passwords being stolen as well. Conclusion and advice.

Adware 112

Adware Mobile Phishing Malware 112

IT Security Guru

SEPTEMBER 28, 2023

Perpetrators utilise ransomware as a means to extort funds from their targets, typically requesting payment in cryptocurrencies, in exchange for a decryption key or as a condition to prevent the exposure of sensitive information on the dark web or public internet. With that said…Password Attacks are honestly in the past.

Ransomware 118

Ransomware Encryption Backups Social Engineering 118

Cisco Security

OCTOBER 6, 2021

Mining cryptocurrencies requires large amounts of computing power to solve the cryptographic challenges necessary to acquire new cryptocurrency tokens. With users and the systems they access outside of the traditional office environment, the question of how to authenticate users has become increasingly important.

Cybersecurity 124

Cybersecurity Authentication Passwords Cryptocurrency 124

NetSpi Executives

APRIL 27, 2024

Ransomware, a definition Ransomware is a set of malware technologies, hacking techniques, and social engineering tactics that cybercriminals use to cause harm, breach data, and render data unusable. Victims pay ransomware adversaries for decryption keys through cryptocurrency, such as Bitcoin. Unpatched exploits.

Ransomware 52

Ransomware Cyber Insurance Backups Insurance 52

eSecurity Planet

FEBRUARY 16, 2021

Organizations can help prevent their computers from becoming part of a botnet by installing anti-malware software, using firewalls , keeping software up-to-date, and forcing users to use strong passwords. Always change the default passwords for any IoT devices you install before extended use. Phishing and Social Engineering.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

NOVEMBER 18, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. The attackers compress stolen files into encrypted and password-protected ZIP archives. The group delivers its malware using social engineering. Other malware.

Malware 100

Malware Computers and Electronics Adware Cryptocurrency 100