Heimadal Security

APRIL 26, 2021

Cybersecurity analyst Oliver Hough recently discovered that hackers have created a fake DirectX 12 download site to distribute malware that steals your cryptocurrency wallets and passwords. The post Fake DirectX12 Download Website Installs Crypto-Stealing Malware appeared first on Heimdal Security Blog.

Malware 74

Malware Cryptocurrency Passwords Cybersecurity 74

CyberSecurity Insiders

DECEMBER 30, 2021

If you follow a custom of saving passwords in your browser, you better change it, before it’s too late. Because security researchers from a South Korean cybersecurity firm, AhnLab discovered that a new malware named Redline was seen lurking in the browsers and stealing saved passwords only to be transmitted to remote servers.

Passwords 118

Passwords Malware Cryptocurrency Software 118

Approachable Cyber Threats

MARCH 1, 2022

Our 2022 update to our famous password table that’s been shared across the news, internet, social media, and organizations worldwide. Looking for a high resolution version to download? Download the table now. Password Strength in 2022 It’s been two years since we first shared our (now famous) password table.

Passwords 145

Passwords Software Internet Internet 145

SecureList

JUNE 5, 2023

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. In this report we cover a recent malware distribution campaign related to the Satacom downloader. In this case, even legitimate websites may have a malicious “Download” link displayed on the webpage.

Cryptocurrency 84

Cryptocurrency DNS Malware Encryption 84

Malwarebytes

DECEMBER 20, 2022

If you’re a user of the Gemini cryptocurrency exchange, it’s time to be on your guard against phishing attacks. Breaches in cryptocurrency land are always a major issue. Some folks have their life savings and investments in these realms, and cryptocurrency/Web3 phishing generally has been running riot for some time now.

Cryptocurrency 80

Cryptocurrency Phishing Scams Accountability 80

Malwarebytes

FEBRUARY 22, 2022

In reality this application was a Trojan dropper which contacted a remote server and downloaded one of several payloads based on certain parameters. The Fast Cleaner app has now been removed from the Play Store but not before it was downloaded more than 50,000 times. One of these payloads was the banking Trojan Xenomorph.

Banking 104

Banking Backups Malware Cryptocurrency 104

Malwarebytes

DECEMBER 1, 2021

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. As you may know, banking Trojans are kitted for stealing banking data like your username and password, and two-factor authentication (2FA) codes that you use to login to your bank account.

Malware 120

Malware Banking Authentication Cryptocurrency 120

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection. Archive file and its contents.

Cryptocurrency 131

Cryptocurrency Malware Accountability Banking 131

Security Affairs

APRIL 18, 2021

Threat actors targeted are exploiting the ProxyLogon vulnerabilities in Microsoft Exchange servers to deploy Monero cryptocurrency miners. “The.zip file is not a compressed archive, but a batch script that then invokes the built-into-Windows certutil.exe program to download two additional files, win_s.zip and win_d.zip.”

Cryptocurrency 75

Cryptocurrency Passwords Hacking Information Security 75

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 102

Cryptocurrency Malware Authentication Banking 102

Security Affairs

JULY 19, 2020

The social media giant Twitter confirmed that hackers compromised 130 accounts in last week hack and downloaded data from eight of them. All the accounts were compromised simultaneously and threat actors used them to promote a cryptocurrency scam. ” reads the update provided by Twitter. ” continues the update.

Accountability 97

Accountability Social Engineering Media Hacking 97

SecureList

MAY 22, 2024

. “Heaven’s Gate” technique implementation in Acrid stealer In terms of functionality, the malware embeds the typical functionality one might expect from a stealer: Stealing browser data (cookies, passwords, login data, credit card information, etc.); wallet.dat, password.docx, etc.); APPDATA%RoamingExodus).

Malware 92

Malware Cryptocurrency Passwords Marketing 92

Security Boulevard

MAY 19, 2022

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. ThreatLabz discovered several newly registered domains spoofing the official Microsoft Windows 11 OS download portal. Key points. dat:*wallet*.*:*2fa*.*:*backup*.*:*code*.*:*password*.*:*auth*.*:*google*.*:*utc*.*:*UTC*.*:*crypt*.*:*key*.*;50;true;movies:music:mp3;

Media 64

Media Social Engineering Backups Passwords 64

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 9, 2024, U.S. According to an Aug.

Social Engineering 327

Social Engineering Mobile Cybercrime Passwords 327

Security Affairs

APRIL 15, 2020

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. Pierluigi Paganini.

Cryptocurrency 88

Cryptocurrency Advertising Phishing Passwords 88

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 100

Phishing Banking Mobile Scams 100

Bleeping Computer

APRIL 24, 2021

Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords. [.].

Malware 96

Malware Cryptocurrency Passwords 96

Security Affairs

APRIL 6, 2020

Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. sh shell script that the malware downloads is used to laterally spread the malware across the container network. “The spre.

Cryptocurrency 97

Cryptocurrency Malware Advertising VPN 97

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Example of a downloaded image upon macro execution. Meanwhile, in August 2020, we also released a private report on VileRAT to our threat intelligence customers for the first time.

Cryptocurrency 93

Cryptocurrency Encryption Social Engineering Passwords 93

Malwarebytes

APRIL 3, 2023

A new macOS malware—called MacStealer—that is capable of stealing various files, cryptocurrency wallets, and details stored in specific browsers like Firefox, Chrome, and Brave, was discovered by security researchers from Uptycs, a cybersecurity company specializing in cloud security. Users of macOS Catalina (10.5)

Malware 98

Malware Passwords Cryptocurrency Password Management 98

Security Affairs

JANUARY 2, 2020

Security expert discovered a Google Chrome extension named Shitcoin Wallet that steals passwords and wallet private keys. Harry Denley, director of security at the MyCrypto , discovered that the Google Chrome extension named Shitcoin Wallet is stealing passwords and wallet private keys. Bad guys: erc20wallet[.]tk Pierluigi Paganini.

Passwords 63

Passwords Cryptocurrency Advertising Antivirus 63

SecureList

DECEMBER 13, 2023

Clicking the notification downloads a malicious file to the device. Over the course of time, the attackers have changed the download URL to stay undetected longer. Landing page example The download is a JS file that contains obfuscated code. It also created fake password prompts in an attempt to obtain the system password.

Ransomware 97

Ransomware Passwords Malware Encryption 97

SecureWorld News

JULY 24, 2020

Called "Prometei," this cryptocurrency mining botnet uses techniques to fly under the radar of end-users, though the strategies themselves might be obvious to a defender. From there, the infection copies and spreads throughout the system, using passwords retrieved by a modified Mimikatz module and exploits like Eternal Blue.

Cryptocurrency 52

Cryptocurrency Passwords Cyber threats Encryption 52

Malwarebytes

NOVEMBER 24, 2021

No matter which of the many accounts post up these videos, they all typically link to the same download hosting site. The file offered up for download is SteamKeyGeneration.rar, weighing in at 4.19MB. YouTube pages containing the link offer the following instructions: “Download the ExLoader, open the RAR file, open the EXE file”.

Malware 142

Malware Scams Passwords Cryptocurrency 142

Malwarebytes

MARCH 5, 2024

Separately, in September 2023, Malwarebytes discovered a cybercriminal campaign that tricked Mac users into accidentally installing a type of malware that can steal passwords, browser data, cookies, files, and cryptocurrency. But users who clicked the Mac download button instead received AMOS.

Malware 136

Malware Adware Ransomware Social Engineering 136

SecureList

SEPTEMBER 26, 2022

These websites are often related to crack, keygen and activators for downloading software illegally, and while they may pretend to be legitimate software, they actually contain a malware dropper. The whole infection chain of NullMixer is as follows: The user visits a website to download cracked software, keygens or activators.

Malware 114

Malware Cryptocurrency Passwords Software 114

SecureList

MARCH 28, 2023

We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. As long as such attacks continue to thrive in the modern ecosystem of the cryptocurrency world, it’s worth explaining how they work and where the danger lies.

Cryptocurrency 107

Cryptocurrency Malware Banking Passwords 107

Security Affairs

JANUARY 4, 2023

Researchers discovered a new Linux malware developed with the shell script compiler ( shc ) that was used to deliver a cryptocurrency miner. It downloads and runs files from external sources, and based on the fact that XMRig CoinMiner is downloaded and installed from the currently available address, it is assumed to be a CoinMiner downloader.”

Malware 90

Malware DDOS Cryptocurrency Firewall 90

Security Affairs

MARCH 29, 2023

The attackers take advantage of the fact that the official Tor Project has been banned in Russia since the end of 2021, so users in Russia search for third-party repositories to download the Tor browser. The victims download the Tor Browser from a third-party server and execute it as torbrowser.exe. ” concludes the report.

Malware 81

Malware Passwords Cryptocurrency Antivirus 81

Krebs on Security

JUNE 6, 2023

However, far more interesting is their program for rewarding people who choose to sell Kopeechka usernames and passwords for working email addresses. “You upload 1 mailbox of a certain domain, discuss percentage with our technical support (it depends on the liquidity of the domain and the number of downloaded emails).”

Accountability 220

Accountability Scams Cryptocurrency Advertising 220

SecureList

OCTOBER 24, 2023

If all is good (from the attacker point of view), a fake WhatsApp download page is shown and the user is tricked into downloading the malware. Again, something interesting happens, as there are two URLs the malware can be downloaded from. In order to log in, a username and password are required.

Ransomware 99

Ransomware Malware Advertising Passwords 99

Security Affairs

JUNE 20, 2019

Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. According to Martin, other cryptocurrency organizations were hit by similar attacks. browser ) or OS only when the application is downloaded via normal means (i.e.

Cryptocurrency 70

Cryptocurrency Malware Advertising Passwords 70

Security Affairs

JULY 7, 2020

The recent wave has been noted in Portugal and is impacting clients of several Portuguese and Brazilian banking organizations and also some cryptocurrency platforms. Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain. dll (1st stage).

Malware 89

Malware Banking Phishing Internet 89

Security Affairs

MARCH 5, 2023

The script was developed to download a file from a remote server, then silently execute it. The experts noticed something suspicious in the function that provided the URL for downloading the malware. Within a legitimate library, the use of hardcoded URLs for downloading executable resources “on the fly” is uncommon.”

Malware 87

Malware Cryptocurrency Passwords Cybercrime 87

SecureWorld News

JULY 19, 2022

Stay away from cryptocurrencies—for now. It says these fraudsters are "claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency.".

Cryptocurrency 75

Cryptocurrency Scams Cybercrime Accountability 75

Security Affairs

MARCH 21, 2023

Cryptocurrency ATM maker General Bytes suffered a security breach over the weekend, the hackers stole $1.5M worth of cryptocurrency. Cryptocurrency ATM manufacturers General Bytes suffered a security incident that resulted in the theft of $1.5M worth of cryptocurrency. Attackers also stole funds in other cryptocurrencies.

Cryptocurrency 74

Cryptocurrency VPN Manufacturing Firewall 74

SecureList

DECEMBER 27, 2022

We have published technical details of how this notorious group steals cryptocurrency before. The first new method the group adopted is aimed at evading the Mark-of-the-Web (MOTW) flag, the security measure whereby Windows displays a warning message when the user tries to open a file downloaded from the internet. Remote URL: [link].

Malware 136

Malware Banking Passwords Antivirus 136