Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Cryptocurrency 281

Cryptocurrency Financial Services Banking Government 281

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 131

Cryptocurrency Malware Accountability Banking 131

Hacker Combat

AUGUST 8, 2022

North Korean hackers use phoney Coinbase job offers to target cryptocurrency professionals. The renowned North Korean hacking outfit Lazarus has uncovered a new social engineering scheme in which the hackers pose as Coinbase to lure workers into the fintech sector. Lazarus hackers go after cryptocurrency.

Social Engineering 93

Social Engineering Cryptocurrency Engineering Malware 93

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. 9, 2024, U.S.

Social Engineering 327

Social Engineering Mobile Cybercrime Passwords 327

Malwarebytes

JANUARY 20, 2023

The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack." Keep threats off your devices by downloading Malwarebytes today.

Social Engineering 92

Social Engineering Accountability Cryptocurrency Engineering 92

Malwarebytes

SEPTEMBER 11, 2023

The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing. exe and a bundled script.

Malware 117

Malware Social Engineering Cryptocurrency Cybercrime 117

Malwarebytes

MARCH 5, 2024

Separately, in September 2023, Malwarebytes discovered a cybercriminal campaign that tricked Mac users into accidentally installing a type of malware that can steal passwords, browser data, cookies, files, and cryptocurrency. But users who clicked the Mac download button instead received AMOS.

Malware 136

Malware Adware Ransomware Social Engineering 136

Approachable Cyber Threats

JULY 7, 2022

It also serves as an easy access point for more advanced hackers and scammers to target specific organizations, or even harvest cryptocurrency. Earlier Raccoon Stealer campaigns allowed criminals to steal $13,200 worth of cryptocurrency and mine another $2,900 worth over a six month period, all for the cost of around $1,250. “So

Social Engineering 105

Social Engineering Cryptocurrency Malware Antivirus 105

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 91

Cryptocurrency Social Engineering Accountability Media 91

Security Boulevard

MAY 19, 2022

In April 2022, ThreatLabz discovered several newly registered domains, which were created by a threat actor to spoof the official Microsoft Windows 11 OS download portal. These variants of Vidar malware fetch the C2 configuration from attacker-controlled social media channels hosted on Telegram and Mastodon network. Key points.

Media 64

Media Social Engineering Backups Passwords 64

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 100

Phishing Banking Mobile Scams 100

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 102

Cryptocurrency Malware Authentication Banking 102

SecureWorld News

JULY 11, 2022

Axie Infinity, a video game that utilizes NFTs and Ethereum-based cryptocurrencies, lost $540 million in March of this year after a senior engineer was tricked into opening a PDF of a fake job application, according to a story from The Block. The employee who fell for the social engineering scheme no longer works for Sky Mavis.

Social Engineering 73

Social Engineering Hacking Cryptocurrency Engineering 73

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Example of a downloaded image upon macro execution. VileLoader: an evasive multi-stage implant downloader. xml version="1.0"

Cryptocurrency 93

Cryptocurrency Encryption Social Engineering Passwords 93

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 290

Malware Software Technology Accountability 290

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 101

Scams Phishing Cryptocurrency Social Engineering 101

Webroot

FEBRUARY 13, 2024

Rise in Cryptocurrency Payments : Fraudsters are increasingly asking for payments in cryptocurrency, exploiting its semi-anonymous nature. In 2021, losses to romance scams involving cryptocurrency were reported at $139 million ​​. Expect this to avenue of fraud to consistently escalate as crypto prices and adoption increase.

Scams 80

Scams Cryptocurrency Media Education 80

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. was not accidental, because agent-base is the name of a legitimate npm package with tens of million downloads.

Encryption 78

Encryption Social Engineering Malware Cryptocurrency 78

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 112

Phishing Data breaches Cryptocurrency Social Engineering 112

Malwarebytes

APRIL 7, 2021

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. According to the Washington Post , the fake Trezor app, which was on the App Store for at least two weeks (from 22 January to 3 February), was downloaded 1,000 times before it was taken down.

Cryptocurrency 105

Cryptocurrency Scams Engineering Accountability 105

Malwarebytes

JANUARY 3, 2024

The social engineering techniques used by fraudsters are growing in complexity. Popular investment opportunities offered by the criminals include stocks, cryptocurrencies, and pension funds. The most reported investment fraud products in the EU are cryptocurrencies. But you will need to act fast.

Scams 95

Scams Cryptocurrency Social Engineering Internet 95

Malwarebytes

OCTOBER 20, 2022

Social engineering attacks and malware form the core of Ducktail's modus operandi. Not only does Ducktail continue to steal Facebook credentials and browser data, but it also steals cryptocurrency wallets, too. Be wary of downloading files from popular file-sharing sites. Ducktail 101. Prevention is key.

Social Engineering 80

Social Engineering Malware Accountability Engineering 80

Security Affairs

JANUARY 23, 2022

Never download an app from a QR code, avoid making any payment requested through unsolicited email that uses social engineering techniques to trick recipients into scanning the embedded QR code. If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.

Cryptocurrency 96

Cryptocurrency Social Engineering Malware Scams 96

Malwarebytes

AUGUST 13, 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Fake Elon Musk cryptocurrency scams. Another social media shenanigan involving cryptocurrency? The FTC estimates at least $2 million has been stolen from cryptocurrency investors. 30 malicious images downloaded roughly 20 million times(!)

Scams 106

Scams Cryptocurrency Social Engineering Media 106

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 107

Cryptocurrency Social Engineering Media Phishing 107

eSecurity Planet

SEPTEMBER 15, 2022

The Shikitega attack consists of a “multistage infection chain where each module responds to a part of the payload and downloads and executes the next one,” the AT&T researchers wrote. Once the CRONs are set, there’s no need to keep downloaded files, so the malware deletes them to evade detection. Multistage Infection Chain.

Malware 114

Malware Social Engineering System Administration Antivirus 114

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The malware landing page is disguised as a software download URL that was sent via email or a PDF on Google Drive, or via Google documents containing the phishing links. .

Accountability 123

Accountability Malware Phishing Social Engineering 123

SC Magazine

MAY 12, 2021

Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app. Photo by Justin Sullivan/Getty Images). If targets later tried to withdraw funds or close the account, the attackers would block access.

Scams 62

Scams Cryptocurrency Social Engineering Banking 62

Security Affairs

JULY 24, 2020

Last week, the social media giant Twitter revealed that hackers compromised 130 accounts in the attack that took place on July 15 and downloaded data from eight of them. Twitter explained is was victim of a”coordinated social engineering attack” against its employees who gave attackers the access to its internal tools.

Accountability 91

Accountability Advertising Cryptocurrency Social Engineering 91

SecureList

MARCH 7, 2024

Cryptocurrency scams Phishing aimed at stealing crypto wallet credentials remained a common money-making tool. Fake pages mimicking popular cryptocurrency sites invited users to sign in with their wallet credentials. Scam sites also used cryptocurrency as bait. The price of downloading either script was just under $50.

Phishing 102

Phishing Scams Cryptocurrency Accountability 102

SecureList

JUNE 7, 2023

Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff , a financially motivated threat actor known for stealing cryptocurrency. The threat actor uses social engineering to infect a PoS terminal.

DNS 101

DNS Malware Cryptocurrency Retail 101

SecureList

NOVEMBER 23, 2021

We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. In fact, from January through the end of October, Kaspersky detected more than 2,300 fraudulent global resources aimed at 85,000 potential crypto investors or users who are interested in cryptocurrency mining. Extortion on the rise.

Cryptocurrency 112

Cryptocurrency Banking Cybercrime Ransomware 112

SecureList

NOVEMBER 22, 2022

Cryptocurrency targeted attacks. The cryptocurrency business continues to grow, and people continue to invest their money in this market because it’s a digital asset and all transactions occur online. More cryptocurrency-related threats: fake hardware wallets, smart contract attacks, DeFi hacks, and more.

Cryptocurrency 92

Cryptocurrency Mobile Ransomware Banking 92

SecureWorld News

AUGUST 2, 2021

Robinhood is an increasingly popular trading app where you can buy and sell stocks, as well as cryptocurrency. Phishing attempts come via email where scammers use different social engineering tactics to pose as a reputable sender like the IRS, your bank or brokerage firm.

Phishing 85

Phishing Social Engineering Scams Identity Theft 85

Security Boulevard

MARCH 31, 2022

RedLine is a malware service available for purchase on underground forums that specifically targets the theft of sensitive information: passwords, credit cards, execution environment data, computer name, installed software, and more recently, cryptocurrency wallets and related files. OpenLink - open a link in the default browser.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

eSecurity Planet

SEPTEMBER 14, 2022

As a matter of fact, the most-reported crime in the 2021 Internet Crime Report report was phishing , a social engineering scam wherein the victim receives a deceptive message from someone in an attempt to get the victim to reveal personal information or account credentials or to trick them into downloading malware.

Social Engineering 117

Social Engineering Energy and Utilities Phishing Scams 117

Malwarebytes

JULY 19, 2021

We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with WhatsApp conversation. Folks already involved in cryptocurrency would likely have suspicions raised after reading the below. It’s all about that personal touch in the land of cryptocurrency scams.

Accountability 107

Accountability Scams Cryptocurrency Banking 107