Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency 353

Cryptocurrency Financial Services Banking Government 353

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. fr leyamor[.]com

Scams 139

Scams Identity Theft Cryptocurrency Accountability 139

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. BANSHEE Stealer is macOS-based malware that can collect extensive data from the system, browsers, cryptocurrency wallets, and numerous browser extensions.” concludes the report.

Malware 143

Malware Cryptocurrency Encryption Hacking 143

Security Affairs

MARCH 24, 2025

” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload.

Malware 115

Malware Identity Theft Scams Antivirus 115

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 345

Malware Cryptocurrency Software Scams 345

Security Affairs

MAY 28, 2025

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com) ” concludes the report that also provides Indicators of compromise.

Antivirus 118

Antivirus Malware Banking Cryptocurrency 118

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. As for the specifics of the phishing tactic deployed, Cuban is reported as saying he may have downloaded a bogus wallet tool via a search engine query.

Cryptocurrency 127

Cryptocurrency Scams Phishing Engineering 127

Security Affairs

OCTOBER 23, 2024

“Afterwards, the attacker downloaded and deployed the SRBMiner cryptominer from GitHub, and started mining to their cryptocurrency wallet and public IP address.” The attacker downloads SRBMiner from GitHub, unzips it into a temporary directory, and deploys it in the /usr/sbin directory. continues the analysis.

Cryptocurrency 117

Cryptocurrency Authentication Hacking Cybercrime 117

Malwarebytes

MARCH 18, 2025

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. These two malware families have wreaked havoc, pillaging victims’ personal data and enabling their distributors to make substantial gains, mostly by taking over cryptocurrency wallets.

Cryptocurrency 112

Cryptocurrency Malware Scams Antivirus 112

Security Affairs

NOVEMBER 1, 2021

Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 The following graph shows that the cryptocurrency peaked at a price of $2,861 before dropping to $0 around. ” reported GixModo.

Cryptocurrency 138

Cryptocurrency Scams Cybercrime Advertising 138

SecureList

JUNE 23, 2025

We believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims. Tapping these opened WebView, revealing an online store named TikToki Mall that accepted cryptocurrency as payment for consumer goods. Our initial search led us to a bunch of cryptocurrency apps. Another activity cluster?

Spyware 129

Spyware Malware Cryptocurrency Scams 129

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. To extract cookies from Chromium-based browsers, it downloads a module from the C&C to bypass App-Bound encryption.

Encryption 115

Encryption Password Management Cryptocurrency Social Engineering 115

Security Affairs

APRIL 14, 2025

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2 , and were used to steal PayPal credentials and hijack cryptocurrency transfers. ” concludes the report.

Cryptocurrency 101

Cryptocurrency Hacking Accountability Cybercrime 101

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 124

Passwords Malware Encryption Cryptocurrency 124

The Hacker News

NOVEMBER 17, 2023

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.

Cryptocurrency 136

Cryptocurrency Malware 136

Security Affairs

JULY 19, 2022

FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. million from 244 victims between October 4, 2021, and May 13, 2022. million. .”

Cryptocurrency 128

Cryptocurrency Mobile Hacking Accountability 128

Krebs on Security

AUGUST 25, 2021

In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. universities). When Schober went to move approximately 16.4 When Schober went to move approximately 16.4

Cryptocurrency 363

Cryptocurrency Malware Mobile Accountability 363

SecureList

OCTOBER 29, 2024

Inside this content is an obfuscated PowerShell script that ultimately downloads the malicious payload. Payload: Lumma stealer Initially, the malicious PowerShell script downloaded and executed an archive with the Lumma stealer. One of the modules can also take screenshots.

Adware 125

Adware Malware Cryptocurrency Data collection 125

SecureList

JULY 10, 2025

Nothing but essential and popular apps had been downloaded to the machine. At the time this research, the extension had been downloaded 54,000 times. All it does is download and execute malicious code from the aforementioned web server. Why would he download a malicious extension with fewer downloads than the original?

Malware 103

Malware Cryptocurrency Software Antivirus 103

eSecurity Planet

MAY 20, 2025

Security experts have uncovered a new malware campaign, RedisRaider, that targets misconfigured Redis servers to secretly mine cryptocurrency. If confirmed, the malware abuses Redis commands specifically SET, CONFIG, and BGSAVE to drop a malicious cron job that downloads and executes the RedisRaider malware.

Cryptocurrency 97

Cryptocurrency Malware Authentication Engineering 97

Security Affairs

SEPTEMBER 22, 2022

The gap is being abused for malicious cryptocurrency mining.” ” In one of the attacks spotted by the experts, threat actors exploited the flaw to inject an OGNL expression and download and run a shell script (“ro.sh”) on the victim’s machine. .” in the collaboration tool Atlassian Confluence.

Cryptocurrency 136

Cryptocurrency Firewall Malware Hacking 136

The Hacker News

JUNE 18, 2024

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

Cryptocurrency 129

Cryptocurrency Malware Cybersecurity 129

SecureList

JUNE 12, 2023

Introduction Stealing cryptocurrencies is nothing new. Since then, stealing cryptocurrencies has continued to occupy cybercriminals. One of the latest additions to this phenomenon is the multi-stage DoubleFinger loader delivering a cryptocurrency stealer. For example, the Mt. recovery phrases). recovery phrases).

Cryptocurrency 119

Cryptocurrency Encryption Malware Ransomware 119

Schneier on Security

MAY 14, 2020

The first of the new malware variants, COPPERHEDGE , is described as a Remote Access Tool (RAT) "used by advanced persistent threat (APT) cyber actors in the targeting of cryptocurrency exchanges and related entities." It's interesting to see the US government take a more aggressive stance on foreign malware.

Government 270

Government Malware Antivirus Cryptocurrency 270

Hot for Security

JUNE 17, 2021

At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page.

Cryptocurrency 145

Cryptocurrency Data breaches Scams Phishing 145

Security Affairs

DECEMBER 27, 2024

projects or npm packages downloaded from GitHub or Bitbucket. Loaders for OtterCookie download JSON data from a remote source and execute the cookie property as JavaScript code. Attackers may also directly download and execute JavaScript, with control passing to a catch block when an HTTP 500 status code occurs.

Malware 87

Malware Cryptocurrency Software Hacking 87

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The popular library has million of weekly downloads. The names of the three npm packages were klow , klown , okhsa that were installing cryptocurrency miners on both Windows or Linux platforms.

Cryptocurrency 145

Cryptocurrency Malware Accountability Software 145

Malwarebytes

SEPTEMBER 27, 2023

Cryptocurrency owners should take heed of warnings related to Xenomorph malware—Bleeping Computer reports that the most recent version of Xenomorph now targets various cryptocurrency wallets using fake browser update messaging as bait. Keep threats off your Android devices by downloading Malwarebytes for Android today.

Cryptocurrency 117

Cryptocurrency Scams Malware Banking 117

Malwarebytes

SEPTEMBER 18, 2023

In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. Visitors from these IP addresses were always given the correct download link. of our visitors might have encountered this issue.”

Malware 119

Malware Cryptocurrency Cybercrime Software 119

Security Affairs

APRIL 17, 2025

Then the DLL launches a decoy by opening an msedge_proxy window that displays a legitimate cryptocurrency trading website. In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js ” reads the report published by Microsoft. runtime and a compiled JavaScript file.

Social Engineering 113

Social Engineering Malware Cryptocurrency Engineering 113

The Hacker News

FEBRUARY 19, 2025

Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024.

Cryptocurrency 111

Cryptocurrency Cybersecurity 111

SecureList

MARCH 5, 2025

Dynamics of Windows Packet Divert detections ( download ) The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. The counter at the time of posting the video showed more than 40,000 downloads. After the download, it saves the payload named t.py com , which hosted the infected archive.

Malware 110

Malware Cryptocurrency Antivirus Technology 110

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. tmp 2>&1″ Stealing cryptocurrency. Malware infection.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org subdomain. org subdomain. ” reported Kasperksy. freedownloadmanager[.]org

Malware 132

Malware Software Cryptocurrency Hacking 132

Malwarebytes

MAY 28, 2025

The dropper then deploys the XWorm (detected as Backdoor.XWorm) and Frostrift (detected as Trojan.Crypt) backdoors and the GRIMPULL downloader (also detected as Trojan.Crypt). Look out for ads with too-good-to-be-true offers, urgent deadlines, or unusual payment methods like cryptocurrency or wire transfers. Be vigilant.

Malware 109

Malware Scams Artificial Intelligence Media 109

Malwarebytes

MAY 11, 2022

The sites vary in terms of style or general setup, but all focus on having you download Canon drivers. However, when someone attempts to download the driver, the download fails and the site displays a message with a phone number you can call for assistance. A very testing download. Except not really.

Scams 127

Scams Internet Internet Cryptocurrency 127

Malwarebytes

FEBRUARY 19, 2025

Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts. On these websites, cybercriminals advertise a piece of high-demand software and trick users into a download. Keep threats off your devices by downloading Malwarebytes today. They are wildly adaptable.

Malware 124

Malware Software Passwords Cryptocurrency 124