This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js is the recommended library for integrating a JavaScript/TypeScript app with the XRP, it has more than 140.000 weekly downloads.
Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. com to distribute an infected archive, which had over 40,000 downloads. This is a covert miner able to mine multiple cryptocurrencies (ETH, ETC, XMR, RTM and others) using various algorithms.
A clipper malware is a type of malicious software designed to intercept and manipulate clipboard data, typically for cryptocurrency theft. When a victim copies a cryptocurrency wallet address, the malware replaces it with an attacker-controlled address, redirecting funds to the hacker instead of the intended recipient.
” Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload.
reads the report published by Elastic Security Labs. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. We’ve archived the leak and made it available for download on GitHub.” concludes the report.
Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2 , and were used to steal PayPal credentials and hijack cryptocurrency transfers. ” concludes the report.
Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (bitdefender-download[.]com) ” concludes the report that also provides Indicators of compromise.
Then the DLL launches a decoy by opening an msedge_proxy window that displays a legitimate cryptocurrency trading website. In this attack phase, a PowerShell script downloads an archive from the command-and-control server containing the Node.js ” reads the report published by Microsoft. runtime and a compiled JavaScript file.
“Afterwards, the attacker downloaded and deployed the SRBMiner cryptominer from GitHub, and started mining to their cryptocurrency wallet and public IP address.” The attacker downloads SRBMiner from GitHub, unzips it into a temporary directory, and deploys it in the /usr/sbin directory. continues the analysis.
projects or npm packages downloaded from GitHub or Bitbucket. Loaders for OtterCookie download JSON data from a remote source and execute the cookie property as JavaScript code. Attackers may also directly download and execute JavaScript, with control passing to a catch block when an HTTP 500 status code occurs.
” The attackers, linked to BlueNoroff and past RustBucket campaigns, used fake cryptocurrency news emails and a malicious app disguised as a PDF. ” Once launched, the application downloads and displays a decoy PDF file retrieved from Google Drive, that fetches the second-stage executable from a remote server and executes it.
. “PoisonSeed threat actors are targeting enterprise organizations and individuals outside the cryptocurrency industry.They have been phishing CRM and bulk email providers credentials to export email lists and send bulk spam from the accounts. ” reads the report published by Silent Push. ” continues the report.
Unlike other platforms, Kidflix allowed streaming and used cryptocurrency-based payments. “Unlike other known platforms of this kind, Kidflix not only enabled users to download CSAM but also to stream video files. Users made payments using cryptocurrencies, which were subsequently converted into tokens. .
The software can be downloaded from the police website and Europol’s NoMoreRansom site. Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024. Despite false malware flags from some browsers, tests confirm it works and is safe.
The malicious apps were downloaded more than 242,000 times from Google Play. The module uses Google ML Kit OCR to extract text from images, searching for cryptocurrency wallet recovery phrases in multiple languages. The experts noted that the malware-laced apps were also distributed through official stores.
Microsoft also assesses that in January 2024, Secret Blizzard used the backdoor of Storm-1837, a Russia-based threat actor, to download the Tavdig and KazuarV2 backdoors on a target device in Ukraine. Storm-1919 often deploys XMRIG cryptocurrency miners via Amadey bots, used globally in 2024. dll and clip64.dll
The frozen funds include cryptocurrency, NFTs, and other digital assets. District Court for the District of Columbia alleging that North Korean information technology (IT) workers obtained illegal employment and amassed millions in cryptocurrency for the benefit of the North Korean government, all as a means of evading U.S.
from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0
Attackers exploit a misconfigured server to drop backdoors and download two JPEG polyglot files via shortened URLs. Only the last bytes are downloaded and executed, making it a sneaky form of polyglot abuse. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection.
FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. Inform customers whether the financial institution has a mobile application.
Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. Unity is an XMRig cryptocurrency miner. and Quick.tar.gz.
Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. Miner itself is downloaded from gitlab. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.
The gap is being abused for malicious cryptocurrency mining.” “If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment information stealers, remote access trojans (RATs), and ransomware.”
Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. “The.zip file is not a compressed archive, but a batch script that then invokes the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip.”
CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js. Pierluigi Paganini.
Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org subdomain. org subdomain. ” reported Kasperksy. freedownloadmanager[.]org
Palo Alto Network researcher Aviv Sasson discovered 30 malicious Docker images, which were downloaded 20 million times, that were involved in cryptojacking operations. The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Pierluigi Paganini.
Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. ” states the report published by Trend Micro.
In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. “This could cause the file to run when double-clicked instead of opening it with a PDF viewer.”
Alleged Russian threat actors have been targeting cryptocurrency users in Eastern Europe with Enigma info-stealing malware. The attackers are sending out emails with fake job opportunities as bait in an attempt to trick victims into installing Enigma information-stealing malware. ” reads the analysis published by Trend Micro.
Trojanized versions of legitimate applications are being used to deploy XMRig cryptocurrency miner on macOS systems. The malicious code uses i2p to download malicious components and send mined currency to the attacker’s wallet. ” reads the analysis published by the experts. ” concludes the report.
The North Korea-linked Lazarus APT spreads fake cryptocurrency apps under the fake brand BloxHolder to install the AppleJeus malware. Volexity researchers warn of a new malware campaign conducted by the North Korea-linked Lazarus APT against cryptocurrency users. In this campaign, the threat actors used the “bloxholder[.]com”
The recent wave has been noted in Portugal and is impacting clients of several Portuguese and Brazilian banking organizations and also some cryptocurrency platforms. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain.
Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. According to Martin, other cryptocurrency organizations were hit by similar attacks. browser ) or OS only when the application is downloaded via normal means (i.e.
Bandit Stealer is a new stealthy information stealer malware that targets numerous web browsers and cryptocurrency wallets. Trend Micro researchers discovered a new info-stealing malware, dubbed Bandit Stealer, which is written in the Go language and targets multiple browsers and cryptocurrency wallets.
A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners. Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives.
The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. Clipminer was first spotted in early 2021, it likely spread via Trojanized downloads of cracked or pirated software. Then the downloader connects to the Tor network to download the components of the Clipminer.
Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.
The malware also supports anti-sandbox techniques and evasion techniques, it can download and execute a second-stage payload, log keys, steal sensitive information and cryptocurrency, and execute remote commands. ” reads the report published by Zscaler. BunnyLoader v1.7 ” continues the report.
An unnamed Japanese cryptocurrency exchange was the victim of a cyber attack aimed at deploying an Apple macOS backdoor named JokerSpy. Elastic Security Labs researchers provided details about a recently discovered intrusion at an unnamed cryptocurrency exchange, aimed at deploying an Apple macOS backdoor named JokerSpy.
Once the hackers gained access to a system, they downloaded an initial assm.exe file to achieve persistence and to add a backdoor account for future access. Upon creating the account, the malicious code connects to the C2 to download a Monero (XMR) cryptocurrency miner that runs on the local server.
The researchers pointed out that the Doki is a new multi-threaded malware leverages an undocumented technique for C2 communications by abusing the Dogecoin cryptocurrency blockchain in a unique way. The downloader script allows operators to download and install various malware binaries, including cryptominers.
Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from Intezer uncovered a large scale operation targeting cryptocurrency users with a previously undetected RAT named ElectroRAT. ” continues the variant.
We organize all of the trending information in your field so you don't have to. Join 28,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content