SecureList

AUGUST 30, 2023

While investigating an infection of a cryptocurrency company in Southeast Asia, we found Gopuram coexisting on target computers with AppleJeus , a backdoor attributed to the Lazarus. The threat actor specifically targeted cryptocurrency companies. We observed that they have a specific interest in cryptocurrency companies.

Malware 73

Malware Spyware Cryptocurrency Government 73

SecureList

DECEMBER 1, 2023

The targets included government, military, critical infrastructure and IT organizations in Ukraine, Romania, Poland, Jordan, Turkey, Italy and Slovakia. However, they included an additional module that constantly monitored the messenger and sent data to the spyware creator’s C2 server. org domain.

Malware 91

Malware Ransomware Encryption Energy and Utilities 91

SecureList

MAY 27, 2022

In January, we reported a malicious campaign targeting companies that work with cryptocurrencies, smart contracts, decentralized finance and blockchain technology: the attackers are interested in fintech in general. The campaign has two goals: gathering information and stealing cryptocurrency.

Phishing 103

Phishing Spyware Firmware Malware 103

eSecurity Planet

FEBRUARY 16, 2021

Additional features of botnets include spam, ad and click fraud, and spyware. Cybersecurity vendors like Panda Security suggest the best way to defend against crimeware is using a combination of antivirus, anti-spyware, firewalls, and threat detection technology. Jump ahead: Adware. Bots and botnets. Browser hijacker. RAM scraper.

Malware 105

Malware Adware Spyware Antivirus 105

SecureList

SEPTEMBER 26, 2022

NullMixer is a dropper that includes more than just specific malware families; it drops a wide variety of malicious binaries to infect the machine with, such as backdoors, bankers, downloaders, spyware and many others. Screen with cryptocurrency addresses from Generic.ClipBanker binary. NullMixer execution chain. ColdStealer.

Malware 108

Malware Cryptocurrency Passwords Software 108