SecureList

FEBRUARY 24, 2025

Further payloads deployed While coded in different programming languages, the malicious payloads stored inside the fake projects had the same goal download further malicious components from an attacker-controlled GitHub repository (URL at the time of research: hxxps://github[.]com/Dipo17/battle com/Dipo17/battle ) and execute them.

Cryptocurrency 126

Cryptocurrency Software Encryption Internet 126

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. You are then guided to execute PowerShell code designed to “fix” the supposed problem, unwittingly allowing malware to infiltrate their systems.

Scams 123

Scams Malware Phishing Social Engineering 123

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software 117

Software Cryptocurrency Malware Encryption 117

Schneier on Security

MAY 14, 2020

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. It's interesting to see the US government take a more aggressive stance on foreign malware.

Government 271

Government Malware Antivirus Cryptocurrency 271

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report.

Malware 144

Malware Cryptocurrency Encryption Passwords 144

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. million malware, adware or unwanted software attacks targeting mobile devices. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app. A total of 1.1 42609775 Your order tracking code.

Mobile 116

Mobile Malware Adware Banking 116

Schneier on Security

SEPTEMBER 12, 2022

It’s pretty nasty : The malware was dubbed “ Shikitega ” for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to “mutate” its code to avoid detection.

Malware 316

Malware Backups IoT Software 316

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software 124

Software Cryptocurrency Malware DNS 124

Malwarebytes

JANUARY 3, 2025

If interested, the victim will receive a download link and a password for the archive containing the promised installer. The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. fr leyamor[.]com

Scams 142

Scams Identity Theft Accountability Cryptocurrency 142

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware 89

Malware Cryptocurrency Software Hacking 89

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking 107

Banking Malware Energy and Utilities Encryption 107

SecureList

DECEMBER 19, 2024

Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. It is unclear exactly how the files were downloaded by the victims.

Malware 140

Malware Encryption Software Cryptocurrency 140

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency 344

Cryptocurrency Financial Services Banking Government 344

Malwarebytes

APRIL 24, 2025

ELUSIVE COMET targets its victims by luring them into a Zoom video call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets. Sadly, that wasn’t the case for Jake Gallen, who owns a cryptocurrency company called Emblem Vault. He took the bait. ” Gallen did his due diligence.

Malware 137

Malware Media Accountability Cryptocurrency 137

The Hacker News

JUNE 6, 2023

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers.

Cryptocurrency 99

Cryptocurrency Malware Accountability 99

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Malwarebytes

MARCH 18, 2025

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. These two malware families have wreaked havoc, pillaging victims’ personal data and enabling their distributors to make substantial gains, mostly by taking over cryptocurrency wallets.

Cryptocurrency 117

Cryptocurrency Malware Scams Antivirus 117

eSecurity Planet

MAY 20, 2025

Security experts have uncovered a new malware campaign, RedisRaider, that targets misconfigured Redis servers to secretly mine cryptocurrency. The malware, written in Go, spreads aggressively by exploiting weak Redis configurations, ultimately deploying the XMRig Monero miner on compromised Linux systems.

Cryptocurrency 96

Cryptocurrency Malware Engineering Authentication 96

SecureList

OCTOBER 29, 2024

Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. As with the previous stage, the victim doesn’t always encounter malware. Inside this content is an obfuscated PowerShell script that ultimately downloads the malicious payload.

Adware 129

Adware Malware Cryptocurrency Password Management 129

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

The Hacker News

JUNE 18, 2024

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

Cryptocurrency 132

Cryptocurrency Malware Cybersecurity 132

Security Affairs

MAY 24, 2025

Qakbot , also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The malware spreads via malspam campaigns, it inserts replies in active email threads. The DOJ has now filed to forfeit over $24 million in seized cryptocurrency. ” reads the press release published by DoJ.

Cybercrime 122

Cybercrime Cryptocurrency Ransomware Malware 122

Krebs on Security

AUGUST 25, 2021

After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware that let them siphon his crypto holdings. universities). When Schober went to move approximately 16.4

Cryptocurrency 362

Cryptocurrency Malware Mobile Accountability 362

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. Microsoft has observed Node.js

Social Engineering 116

Social Engineering Malware Cryptocurrency Engineering 116

Malwarebytes

FEBRUARY 19, 2025

These findings come from the 2025 State of Malware report. The threat of info stealers Info stealers are a type of malware that do exactly as they saythey steal information from peoples devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous. They are wildly adaptable.

Malware 128

Malware Software Passwords Cryptocurrency 128

Malwarebytes

SEPTEMBER 18, 2023

In a public announcement , Free Download Manager has acknowledged that a specific web page on its site was compromised by a Ukrainian cybercrime group, exploiting it to distribute malware. Visitors from these IP addresses were always given the correct download link. of our visitors might have encountered this issue.”

Malware 123

Malware Cryptocurrency Cybercrime Software 123

Security Affairs

SEPTEMBER 14, 2023

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. org domain and they were not containing any malware.

Malware 134

Malware Software Cryptocurrency Hacking 134

SecureList

MARCH 5, 2025

Dynamics of Windows Packet Divert detections ( download ) The growing popularity of tools using Windows Packet Divert has attracted cybercriminals. They started distributing malware under the guise of restriction bypass programs and injecting malicious code into existing programs. com , which hosted the infected archive.

Malware 115

Malware Cryptocurrency Antivirus Technology 115

SecureList

APRIL 23, 2025

Variants of Lazarus’ malicious tools, such as ThreatNeedle, Agamemnon downloader, wAgent, SIGNBT, and COPPERHEDGE, were discovered with new features. We found that the malware was running in the memory of a legitimate SyncHost. They even developed malware to exploit this, avoiding repetitive tasks and streamlining processes.

Malware 143

Malware Software Encryption Internet 143

SecureList

FEBRUARY 5, 2025

In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.

Malware 142

Malware Encryption Mobile Cryptocurrency 142

Malwarebytes

DECEMBER 1, 2021

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. Bad Guy flicks the switch to have Trojan code downloaded into “Fitness App Alpha” in California. .” There are large numbers of positive reviews for the apps.

Malware 134

Malware Banking Authentication Cryptocurrency 134

Security Affairs

MARCH 8, 2021

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. Researchers at 360Netlab are warning of a cryptocurrency malware campaign targeting unpatched QNAP network-attached storage (NAS) devices. Unity is an XMRig cryptocurrency miner. and Quick.tar.gz.

Cryptocurrency 140

Cryptocurrency Firmware Malware Threat Detection 140

The Hacker News

NOVEMBER 17, 2023

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain.

Cryptocurrency 138

Cryptocurrency Malware 138

Security Boulevard

DECEMBER 16, 2024

IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. exeapimonitor-x64.exex32dbg.exex64dbg.exex96dbg.execheatengine.exescylla.execharles.execheatengine-x86_64.exereclass.net.exeThese

Malware 97

Malware Cryptocurrency Encryption Software 97

Graham Cluley

JUNE 12, 2025

ⓘ Malware attack disguises itself as DeepSeek installer Graham Cluley @ 10:47 am, June 12, 2025 @grahamcluley.com @ [email protected] Cybercriminals are exploiting the growing interest in open source AI models by disguising malware as a legitimate installer for DeepSeek. How are the bad guys spreading the malware?

Malware 62

Malware Cryptocurrency Accountability Advertising 62

Security Affairs

JULY 22, 2024

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. SocGholish attack chain involves a malicious JavaScript file that downloads further stages. top, with BOINC accessed directly by IP. ” reads the report published by Huntress.

Malware 141

Malware Cryptocurrency Hacking Software 141

Security Affairs

NOVEMBER 1, 2021

Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 The following graph shows that the cryptocurrency peaked at a price of $2,861 before dropping to $0 around. ” reported GixModo.

Cryptocurrency 140

Cryptocurrency Scams Cybercrime Advertising 140