SecureList

APRIL 25, 2025

Specifically, they can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps. Neither payload is encrypted. Package name check Based on the package name, binder. services class.

Cryptocurrency 80

Cryptocurrency Malware Firmware Accountability 80

Penetration Testing

JUNE 9, 2025

Key tactics included: Obfuscation using ScatterBrain and ScatterBee Use of DLL hijacking DNS-over-HTTPS (DoH) for C2 communication Exploitation of vulnerable enterprise infrastructure (e.g., These implants exfiltrated sensitive files such as certificates and cryptocurrency keys via a custom PowerShell exfiltration script.

Penetration Testing 93

Penetration Testing Advertising Cybersecurity DNS 93

Security Affairs

FEBRUARY 5, 2021

At the end of January, the group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. It also hides malicious processes using library injection and encrypts the malicious payload. aws/credentials and ~/.aws/config

Malware 121

Malware DNS Cryptocurrency Internet 121

SecureList

MARCH 10, 2021

Some time ago, we discovered a number of fake apps delivering a Monero cryptocurrency miner to user computers. After substituting the DNS servers, the malware starts updating itself by running update.exe with the argument self-upgrade (“C:Program Files (x86)AdShieldupdater.exe” -self-upgrade). transmissionbt[.]org.

DNS 145

DNS Antivirus Malware Encryption 145

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 100

Cryptocurrency Data breaches DNS DDOS 100

eSecurity Planet

JULY 28, 2021

Since blockchain’s arrival, cryptocurrency has framed the technology as permissionless, or a public blockchain. Since the 1970s, Public Key Infrastructure (PKI) has offered encryption , authentication, bootstrapping, and digital signatures to secure digital communications. More robust security for Domain Name Systems (DNS).

Cybersecurity 135

Cybersecurity Cryptocurrency Technology Energy and Utilities 135

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware 145

Malware DNS Encryption Cryptocurrency 145

SecureList

JANUARY 22, 2024

A downloader A completed “patching” kicked off the main payload, with the sample reaching out to its C2 for an encrypted script. With this URL, the sample made a request to a DNS server as an attempt to get a TXT record for the domain. The ciphertext was AES -encrypted in CBC mode.

Software 144

Software Computers and Electronics DNS Malware 144

SecureList

SEPTEMBER 26, 2022

RedLine’s main purpose is to steal credentials and information from browsers, in addition to stealing credit card details and cryptocurrency wallets from the compromised machine. Configuration is stored in several registry keys in encrypted and base64 encoded form. ColdStealer. The injected executable is LgoogLoader.

Malware 144

Malware Cryptocurrency Passwords Software 144

The Last Watchdog

OCTOBER 19, 2021

Yet Bitcoin, Ethereum and other cryptocurrencies are mere pieces of the puzzle. Users can create bridges and share part of their file systems with others without relying on any centralized databases or lookup systems like DNS, for example. On the technology front, blockchain systems signal the type of shifts that need to fully unfold.

Internet 223

Internet Internet Cryptocurrency Software 223

Security Affairs

NOVEMBER 10, 2018

However, since they do not encrypt your traffic and communications, your personal information can be easily accessed by an intruder. Also, all your data is passed through a secure encrypted tunnel, making it unreadable to the outside world. Susan Alexandra is a small business owner, traveler, and investor of cryptocurrencies.

VPN 111

VPN Internet Internet Small Business 111

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). We named this botnet “Black” due to the RC4 key value, “black”, that is used for traffic encryption in this botnet.” The second STAGE-1 C&C server is used for controlling malware via an encrypted connection. Bot-B connects to Bot-A.

Malware 73

Malware DNS Encryption Banking 73

SecureList

DECEMBER 1, 2023

For most implants, the threat actor uses similar implementations of DLL hijacking (often associated with ShadowPad malware) and memory injection techniques, along with the use of RC4 encryption to hide the payload and evade detection. libssl.dll or libcurl.dll was statically linked to implants to implement encrypted C2 communications.

Malware 139

Malware Ransomware Encryption Energy and Utilities 139

Security Affairs

MAY 6, 2023

Twitter confirmed that a security incident publicly exposed Circle tweets FBI seized other domains used by the shadow eBook library Z-Library WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks Fortinet fixed two severe issues in FortiADC and FortiOS Pro-Russia group NoName took down multiple France sites, including the French (..)

Data breaches 98

Data breaches Malware Mobile Spyware 98

Fox IT

JUNE 29, 2022

Most used features were the web injections to steal banking and cryptocurrency platform credentials and sending SMS features to distribute and infect new devices. In this new version, they introduced DNS-over-HTTPs (DoH). TAs kept the old classic DNS resolving code. Besides the new protocol encryption on version 4.2,

Banking 97

Banking Malware DNS Encryption 97

SecureList

JANUARY 28, 2021

Apple has publicly clashed with Facebook claiming it has to protect its users’ privacy, while the latter is wrestling with regulators to implement end-to-end encryption in its messaging apps. Public awareness of the perils of unfettered data collection is growing, and the free market is taking notice.

Marketing 95

Marketing Data collection Government Encryption 95

Security Boulevard

JULY 15, 2024

StealC is an information stealer capable of exfiltrating a variety of confidential information, including passwords, emails, and cryptocurrency wallets. Can be used to perform cryptographic operations, potentially aiding in encrypting/decrypting data without raising suspicion. dll FreeBL cryptographic library from Mozilla.

Malware 64

Malware Encryption Telecommunications DNS 64

Security Boulevard

JUNE 15, 2023

Oftentimes this is credential data, but it can be any data that may have financial value to an adversary; this includes paid online service accounts, cryptocurrency wallets, instant messenger, or email contacts lists, etc. Key Mystic Stealer functions include its ability to extract data from web browsers and cryptocurrency wallets.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware 98

Malware Spyware Government Cryptocurrency 98

SecureList

JUNE 5, 2023

It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The encrypted data is stored inside the malicious payload. To do so, it performs a DNS request to don-dns[.]com

Cryptocurrency 114

Cryptocurrency DNS Malware Encryption 114

SecureList

JULY 28, 2021

It is linked to a vulnerability in DNS resolvers that allows amplification attacks on authoritative DNS servers. Attacks on DNS servers are dangerous because all the resources they serve become unavailable, regardless of their size and level of DDoS protection. The bug was named TsuNAME.

DDOS 144

DDOS DNS IoT Marketing 144

Security Affairs

APRIL 9, 2019

Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. The malware command and control infrastructure abuses the Pastebin service to ensure resilience, in fact the malware dynamically retrieves the real C2 destination address from a pastie over an encrypted HTTPS channel. C2 retrieval. 1986[@gmail[.com”,

Malware 103

Malware Advertising DNS Antivirus 103

eSecurity Planet

FEBRUARY 16, 2021

CISA reported that LokiBot “employs Trojan malware to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials.” While this sensitive payment data is only available for milliseconds before passing the encrypted numbers to back-end systems, attackers can still access millions of records.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

NOVEMBER 18, 2022

Finally, it is worth mentioning the CVE-2022-34724 vulnerability, which affects Windows DNS Server and can lead to denial of service if exploited. As a result, the attacker can steal confidential data, encrypt critical files on the server to to extort money from the victim, etc. Vulnerability statistics.

Mobile 122

Mobile Malware Ransomware IoT 122

SecureList

MAY 26, 2021

In addition, the year gone by demonstrated that everything in the Windows operating system is cyclical, and that most of the detected vulnerabilities exist in the same services, for example, in the drivers of the SMB (SMBGhost, SMBBleed), DNS (SigRed) and ICMPv6 (BadNeighbor) network protocols. Cryptocurrency. Targeted extortion.

Phishing 144

Phishing Malware Ransomware Adware 144