Security Affairs

APRIL 7, 2025

. “PoisonSeed threat actors are targeting enterprise organizations and individuals outside the cryptocurrency industry.They have been phishing CRM and bulk email providers credentials to export email lists and send bulk spam from the accounts. ” reads the report published by Silent Push. These are later used to steal funds.

Scams 75

Scams Cryptocurrency Phishing Cybercrime 75

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In phishing attacks, there never is a genuine problem with a users account, and there never is a real request for information from the company.

Small Business 93

Small Business Cybersecurity Scams Passwords 93

SecureList

OCTOBER 21, 2024

Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. This changed in February this year when we discovered a new Kral stealer, which we believe is part of the same malware family as the downloader due to certain code similarities. That file is the Kral downloader.

Passwords 120

Passwords Malware Encryption Cryptocurrency 120

SecureWorld News

FEBRUARY 14, 2025

Avoid phishing emails and messages You may receive emails or texts with fake Valentine's Day deals, electronic greeting cards (e-cards), or delivery notifications. Use secure payment methods Avoid wire transfers, prepaid gift cards, or cryptocurrency for online purchases for Valentine's Day.

Scams 84

Scams Cybercrime Phishing Social Engineering 84

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 72

Phishing Banking Scams Mobile 72

eSecurity Planet

MAY 27, 2025

The FBI has issued a new warning to US law firms about an ongoing and increasingly aggressive phishing campaign orchestrated by the cybercriminal group Luna Moth. Some warning signs the FBI says to watch out for: Unexpected downloads of remote access tools. Connections from WinSCP or Rclone to outside networks.

Phishing 60

Phishing Scams Antivirus Backups 60

eSecurity Planet

JULY 15, 2025

Victims are then asked to download what appears to be a PayPal-branded support tool. Avoid odd payment requests: Scammers often ask for payments via gift cards, wire transfers, or cryptocurrency. Report suspicious activity: Forward scam emails to phishing@paypal.com and contact law enforcement if you’ve been scammed.

Scams 96

Scams Cryptocurrency Risk Media 96

Security Affairs

JULY 18, 2025

The software can be downloaded from the police website and Europol’s NoMoreRansom site. Threat actors behind Phobos attacks were observed gaining initial access to vulnerable networks by leveraging phishing campaigns. The tool works on files with extensions like.phobos,8base,elbie,faust, and.LIZARD, and may support others.

Ransomware 130

Ransomware Encryption Malware Cybercrime 130

SecureList

NOVEMBER 29, 2024

The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. The malware, which received commands via the Dropbox cloud service, was used to download additional payloads. All the active sub-campaigns host the initial downloader on Dropbox.

Energy and Utilities 98

Energy and Utilities Ransomware Malware Government 98

SecureList

APRIL 25, 2025

Specifically, they can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps. Similar to previous versions, the backdoor downloads and executes other payloads. services class.

Cryptocurrency 74

Cryptocurrency Malware Firmware Accountability 74

SecureList

DECEMBER 16, 2024

The number of unique threads about drainers on the dark web ( download ) In fact, in 2024, Telegram channels were a prominent hub for drainer-related activity. Stealers and drainers to see a rise in their promotion as services on the dark web Cryptocurrencies have been a prime target for cybercriminals for years.

Marketing 103

Marketing Cryptocurrency Data breaches Malware 103

SecureList

MARCH 3, 2025

Attacks on Kaspersky mobile users in 2024 ( download ) At the end of 2024, we discovered a new distribution scheme for the Mamont banking Trojan, targeting users of Android devices in Russia. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app.

Mobile 112

Mobile Malware Adware Banking 112

IT Security Guru

MARCH 13, 2025

Cryptocurrency isnt just a buzzword anymore. By December 2024, the number of global cryptocurrency owners reached approximately 659 million, marking a 13% increase from January 2024. Phishing attacks are a known threat, where someone might trick you into giving away personal details or private keys.

Cryptocurrency 62

Cryptocurrency Internet Internet Risk 62

eSecurity Planet

MAY 14, 2025

Poor grammar (a common giveaway in phishing scams). In addition to detecting unpaid toll scams, the system can flag messages related to cryptocurrency fraud, fake tech support offers, and gift card scams. But what sets Google apart is that this protection is baked into Androids default messaging app with no extra downloads needed.

Scams 60

Scams Cryptocurrency Banking Phishing 60

Malwarebytes

FEBRUARY 19, 2025

Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts. That means that, for instance, ransomware that works on a Windows laptop doesnt automatically work on a Mac laptop, and likewise, a phishing app developed for Android devices doesnt work on iPhones.

Malware 133

Malware Software Passwords Cryptocurrency 133

SecureList

APRIL 21, 2025

Primary infection vectors include phishing emails with malicious attachments or links, as well as trojanized legitimate applications. Fake Telegram channels for pirated content and cryptocurrencies. txt file contains aBase64-encoded PowerShell script that then downloads and runs theLumma Stealer. It downloads the win15.zip

Malware 77

Malware Cryptocurrency Software Antivirus 77

SecureList

OCTOBER 23, 2024

On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version. But that was just a disguise. As big computer games fans ourselves, we immediately wanted to try it.

Engineering 145

Engineering Accountability Social Engineering Cryptocurrency 145

Penetration Testing

JULY 9, 2025

The malware’s infection chains and system persistence methods echo those used in DPRK’s cryptocurrency-stealing operations—albeit now adapted and deployed globally by Russia-affiliated threat actors. That’s when the malware begins to harvest sensitive data—and lay the groundwork for persistent access.

Malware 77

Malware Surveillance InfoSec Penetration Testing 77

SecureList

FEBRUARY 21, 2025

Technical details Initial attack vector The initial attack vector used by Angry Likho consists of standardized spear-phishing emails with various attachments. Contents of spear-phishing email inviting the victim to join a videoconference The archive includes two malicious LNK files and a legitimate bait file.

Phishing 80

Phishing Encryption Banking Malware 80

Security Boulevard

MARCH 24, 2025

Vulnerabilities Apples Passwords app was vulnerable to phishing attacks for nearly three months after launch 9to5Mac Mysk security researchers first discovered this vulnerability after noticing the Passwords app had connected to 130 different domains over regular (unencrypted) HTTP.

Surveillance 76

Surveillance Telecommunications Spyware Data breaches 76

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Affairs

DECEMBER 12, 2024

Microsoft also assesses that in January 2024, Secret Blizzard used the backdoor of Storm-1837, a Russia-based threat actor, to download the Tavdig and KazuarV2 backdoors on a target device in Ukraine. Storm-1919 often deploys XMRIG cryptocurrency miners via Amadey bots, used globally in 2024. dll and clip64.dll

Cybercrime 51

Cybercrime Malware Hacking Cryptocurrency 51

Cisco Security

JULY 7, 2025

A PDF of the report can be downloaded directly from the National Academies, and a webinar that walks viewers through the report’s findings is also available. And, the advent of Bitcoin and other cryptocurrencies has provided a relatively safe channel for ransom, extortion and other illicit payments.

Cyber Risk 101

Cyber Risk Media Risk Cybersecurity 101

Webroot

OCTOBER 31, 2024

The rise of AI-driven phishing and social engineering, increased targeting of critical infrastructure, and the emergence of more sophisticated fileless malware are all trends that have shaped the cybersecurity battlefield this year. Download the infographic HERE The post Nastiest Malware 2024 appeared first on Webroot Blog.

Malware 117

Malware Ransomware Healthcare Passwords 117

eSecurity Planet

FEBRUARY 17, 2025

It warns you about phishing attempts. Plus, it stops unsafe downloads in Microsoft Edge and other supported apps. Users looking for extra tight security: It was reported that Microsoft Defender missed a type of malware that hijacked a victim’s Google account in the Chrome browser and stole over $24,000 in cryptocurrency.

Antivirus 67

Antivirus Identity Theft VPN Spyware 67

Security Affairs

MARCH 2, 2025

from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0

Cybercrime 62

Cybercrime Hacking Ransomware Cryptocurrency 62

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency 356

Cryptocurrency Financial Services Banking Cybercrime 356

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware 350

Malware Cryptocurrency Software Phishing 350

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. As for the specifics of the phishing tactic deployed, Cuban is reported as saying he may have downloaded a bogus wallet tool via a search engine query.

Cryptocurrency 134

Cryptocurrency Scams Phishing Engineering 134

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Phishing 355

Phishing Mobile Authentication Accountability 355

CyberSecurity Insiders

NOVEMBER 26, 2021

Google, the business subsidiary of tech giant Alphabet Inc, has released a report saying that the compromised cloud accounts were leading hackers to mine cryptocurrency that could prove as a double threat to customers. The post Compromised cloud accounts leading to Cryptocurrency mining appeared first on Cybersecurity Insiders.

Cryptocurrency 131

Cryptocurrency Accountability Passwords Software 131

Hot for Security

JUNE 17, 2021

At the time we warned users of the hardware cryptocurrency wallet to watch out for phishing scams that might attempt to steal users’ credentials. It does not contain any application to download and install on your computer. The only way to download the Ledger Live app is by using the official download page.

Cryptocurrency 145

Cryptocurrency Data breaches Scams Phishing 145

Graham Cluley

APRIL 3, 2022

Owners of physical Trezor cryptocurrency wallets should be on their guard after an email was sent out by thieves attempting to dupe them into downloading new software to their devices.

Phishing 145

Phishing Cryptocurrency Hacking Software 145

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported.

Phishing 139

Phishing Data breaches Cryptocurrency Social Engineering 139

Security Affairs

MARCH 30, 2020

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. The phishing messages tell the victims that one of their colleagues, friends, or family members has tested positive for the virus, then it urges them to print the attached “EmergencyContact.

Phishing 145

Phishing Advertising Cryptocurrency Malware 145

The Hacker News

NOVEMBER 29, 2021

Threat actors are exploiting improperly-secured Google Cloud Platform (GCP) instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation.

Cryptocurrency 104

Cryptocurrency Accountability Phishing Ransomware 104

Malwarebytes

MAY 11, 2022

The sites vary in terms of style or general setup, but all focus on having you download Canon drivers. However, when someone attempts to download the driver, the download fails and the site displays a message with a phone number you can call for assistance. A very testing download. Except not really.

Scams 133

Scams Internet Internet Cryptocurrency 133