Krebs on Security

JUNE 15, 2024

One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

Hacking 341

Hacking Cybercrime Phishing Passwords 341

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 124

Malware Advertising Antivirus Cybercrime 124

Krebs on Security

APRIL 4, 2024

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. co showing the site did indeed swap out any cryptocurrency addresses. And it doesn’t send or receive messages.

Phishing 287

Phishing Cryptocurrency DDOS Internet 287

SecureList

APRIL 23, 2025

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. We found that the malware was running in the memory of a legitimate SyncHost.

Malware 144

Malware Software Encryption Internet 144

The Last Watchdog

DECEMBER 18, 2024

Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption. FIPS-203 enables legal PQC deployment, prompting CISOs to overhaul encryption strategies. Supply chain attacks will intensify through poisoned APIs and unchecked software dependencies.

Risk 173

Risk Threat Detection Technology Phishing 173

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 82

Malware Cryptocurrency Engineering Encryption 82

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Malware infection. PROCESS_ID. #. DLL_FILE_SIZE. DLL_FILE_DATA.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. Experts observed the ransomware also installing the dreaded Azorult password-stealing Trojan on victim’s machine to steal account credentials, cryptocurrency wallets, documents and more.

Encryption 109

Encryption Ransomware Cryptocurrency Passwords 109

SecureWorld News

APRIL 21, 2022

Treasury Department warning of a North Korean state-sponsored advanced persistent threat (APT) known as the Lazarus Group targeting cryptocurrency and blockchain companies. The threat actors use social engineering to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems.

Cryptocurrency 98

Cryptocurrency Computers and Electronics Social Engineering System Administration 98

SecureList

APRIL 21, 2025

Fake CAPTCHA distribution vectors Fake CAPTCHA distribution scheme There are two types of resources used to promote fake CAPTCHA pages: Pirated media, adult content, and cracked software sites. Fake Telegram channels for pirated content and cryptocurrencies. mp4 file, legitimate software code, or just random data.

Malware 88

Malware Cryptocurrency Software Phishing 88

Security Affairs

AUGUST 19, 2020

. “FritzFrog is completely proprietary; its P2P implementation was written from scratch, teaching us that the attackers are highly professional software developers.” ” The botnet’s P2P communication is encrypted using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange.

Cryptocurrency 145

Cryptocurrency Malware Advertising Encryption 145

SecureList

OCTOBER 29, 2024

Most redirects lead to websites promoting security software, ad blockers, and the like – standard practice for adware. The ad network pushing pages with the malicious CAPTCHA also includes legitimate, non-malicious offers. It functions as follows: clicking anywhere on a page using the ad module redirects the user to other resources.

Adware 131

Adware Malware Cryptocurrency Password Management 131

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report.

Malware 327

Malware Software Technology Accountability 327

Security Affairs

APRIL 24, 2020

SeaChange International, the multinational supplier of video delivery software solutions, was the victim of the Sodinokibi Ransomware gang. The crew has published images of the data they claim to have stolen before encrypting the systems at the company. – Seachange has over 50,000,000 subscribers. Pierluigi Paganini.

Software 135

Software Ransomware VPN Advertising 135

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 304

Cryptocurrency Cybercrime Computers and Electronics Scams 304

Security Affairs

MARCH 13, 2025

The group’s affiliates gain access to victims using phishing campaigns to steal credentials and exploiting unpatched software vulnerabilities. Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption.

Ransomware 73

Ransomware Encryption Cryptocurrency Insurance 73

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption 113

Encryption Passwords IoT Firewall 113

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption 109

Encryption Passwords Authentication Password Management 109

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. The initial attack vector is typically a software crack, an activator or a patcher, or a key generator (keygen).

Encryption 98

Encryption Malware Cryptocurrency Software 98

The Last Watchdog

SEPTEMBER 6, 2023

Over time, Bitcoin has become the most widely used cryptocurrency in the world. A Bitcoin wallet is a piece of software that enables users to transmit, receive, and store bitcoins securely. A Bitcoin wallet is a piece of software that enables users to transmit, receive, and store bitcoins securely. Update frequently.

Cryptocurrency 100

Cryptocurrency Backups Passwords Software 100

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

SecureList

APRIL 25, 2025

Attackers are leveraging this by embedding malicious software into Android device firmware. Specifically, they can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps.

Cryptocurrency 85

Cryptocurrency Malware Firmware Accountability 85

SecureList

APRIL 8, 2025

Recently, we noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. The site hosts numerous software projects, and anyone can upload theirs. Contents of vinstaller.zip Inside installer.zip is a file named installer.msi.

Passwords 86

Passwords Cryptocurrency Software Antivirus 86

Malwarebytes

MAY 1, 2025

The hackers hijacked the channels to spread cryptocurrency scams, while deleting some of the groups old videos in the process. The attack was largely reminiscent of a 2022 YouTube account hack that repurposed a 2018 interview with Apple CEO Tim Cook to fool viewers into following a separate cryptocurrency scam.

Small Business 93

Small Business Cybersecurity Passwords Scams 93

Krebs on Security

JUNE 2, 2020

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A report published in mid-April by cryptocurrency research firm Chainalysis found that ransomware payments “have decreased significantly since the COVID-19 crisis intensified in the U.S.

Ransomware 353

Ransomware Backups Encryption Internet 353

Malwarebytes

SEPTEMBER 6, 2023

If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted file(name)s and asked for a ransom, it was far from effective. Today's ransomware is the scourge of many organizations.

Ransomware 132

Ransomware Encryption Cryptocurrency Government 132

Security Boulevard

DECEMBER 16, 2024

After establishing the encryption keys for the session, the client sends either a SEND_ID_NEW_VICTIM or SEND_ID message. Immediately after sending the campaign_id to the C2 server, RiseLoader will scan the victim's file system to gather information about cryptocurrency wallets, extensions, and specific programs (shown in the Appendix).

Malware 97

Malware Cryptocurrency Encryption Software 97

Krebs on Security

MARCH 28, 2021

Watson said the Krebsonsecurity file will attempt to open up an encrypted connection between the Exchange server and the above-mentioned IP address, and send a small amount of traffic to it each minute. Organizations Newly Hacked Via Holes in Microsoft’s Email Software. Further reading: A Basic Timeline of the Exchange Mass-Hack.

Hacking 363

Hacking Cybercrime DNS Internet 363

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )!

Ransomware 143

Ransomware Encryption Malware Advertising 143

Security Affairs

OCTOBER 4, 2024

perfctl malware targets misconfigured Linux servers to deploy cryptocurrency miners and proxyjacking software in an ongoing campaign. The malicious code was used to drop cryptocurrency miners and proxyjacking software. The Linux malware is packed and encrypted to evade detection. ” reads the report.

Malware 138

Malware Cryptocurrency Encryption Software 138

SecureList

MARCH 5, 2025

Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives. This is a covert miner able to mine multiple cryptocurrencies (ETH, ETC, XMR, RTM and others) using various algorithms.

Malware 118

Malware Cryptocurrency Antivirus Technology 118

SecureList

JANUARY 22, 2024

We recently caught sight of a new, hitherto unknown, macOS malware family that was piggybacking on cracked software. A downloader A completed “patching” kicked off the main payload, with the sample reaching out to its C2 for an encrypted script. The ciphertext was AES -encrypted in CBC mode.

Software 144

Software Computers and Electronics DNS Malware 144

Malwarebytes

JULY 4, 2022

DNS encryption. DNS encryption plugs a gap that makes it easy to track the websites you visit. DNS encryption restores your privacy by making it impossible for anything other than the DNS resolver to read and respond to your queries. FIDO2 is a specification that uses public key encryption for authentication.

Internet 125

Internet Internet Technology DNS 125

Security Affairs

DECEMBER 8, 2024

officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter) Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence 105

Artificial Intelligence Spyware Hacking Ransomware 105

Security Affairs

MARCH 17, 2020

Last week, security experts from MalwareHunterTeam detected new ransomware dubbed CoronaVirus has been distributed through a malicious web site that was advertising a legitimate system optimization software and utilities from WiseCleaner. The filename of the encrypted files will be changed to the attacker’s email address (i.e.

Ransomware 140

Ransomware Advertising Cryptocurrency Passwords 140

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software. A now-deleted Tweet from Synoptek on Dec.

Ransomware 237

Ransomware Media Financial Services Retail 237

CyberSecurity Insiders

AUGUST 6, 2021

Gangs spreading LockBit ransomware are reportedly bribing employees of corporate companies to enter their computer network and compromise it with file encrypting malware. LockBit that offers Ransomware- as-a-service was offering compromised network access to third parties to conduct pen-testing and espionage related software testing.

Ransomware 144

Ransomware Encryption VPN Cryptocurrency 144