Krebs on Security

NOVEMBER 14, 2024

” Mr. Shefel says he stopped selling stolen payment cards after being pushed out of the business, and invested his earnings in a now-defunct Russian search engine called tf[.]org. He also apparently ran a business called click2dad[.]net net that paid people to click on ads for Russian government employment opportunities.

Retail 270

Retail Advertising Cryptocurrency Cybercrime 270

Malwarebytes

SEPTEMBER 20, 2023

The dangers of cryptocurrency phishing are back in the news, after tech investor Mark Cuban was reported to have lost around $870k via a phishing link. As for the specifics of the phishing tactic deployed, Cuban is reported as saying he may have downloaded a bogus wallet tool via a search engine query.

Cryptocurrency 133

Cryptocurrency Scams Phishing Engineering 133

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Researchers from Gen Digital who discovered the threat, believe it is in its early development phase.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. ” reads the press release published by DoJ.

Cybercrime 111

Cybercrime Identity Theft Cryptocurrency Phishing 111

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 358

Passwords Accountability Engineering Cryptocurrency 358

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 9, 2024, U.S. Twilio disclosed in Aug.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Krebs on Security

FEBRUARY 26, 2023

million customers, including website administrator passwords, sFTP credentials, and private SSL keys; -December 2022: Hackers gained access to and installed malware on GoDaddy’s cPanel hosting servers that “intermittently redirected random customer websites to malicious sites.”

Hacking 330

Hacking Social Engineering Phishing Scams 330

Security Affairs

JULY 15, 2022

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. ” reads the advisory published by Dragos.

Passwords 130

Passwords Software Firmware Malware 130

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. co showing the site did indeed swap out any cryptocurrency addresses.

Phishing 288

Phishing Cryptocurrency DDOS Internet 288

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Options like waiting rooms and password-protected meetings can help prevent unauthorized access.

Scams 124

Scams Malware Phishing Social Engineering 124

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. The now-defunct and always phony cryptocurrency trading platform xtb-market[.]com,

Cryptocurrency 305

Cryptocurrency Cybercrime Computers and Electronics Scams 305

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts.

Malware 133

Malware Software Passwords Cryptocurrency 133

The Last Watchdog

DECEMBER 18, 2024

Organizations face rising risks of AI-driven social engineering and personal device breaches. Simic Bojan Simic , CEO, HYPR The era of passwords will further decline as credential misuse rises, with AI both aiding and challenging security efforts. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. “They were calling up consumer service and tech support personnel, instructing them to reset their passwords.

Social Engineering 291

Social Engineering Phishing Engineering Accountability 291

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 274

Mobile Cryptocurrency Accountability Passwords 274

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. Constella also shows the email address zankomario@gmail.com used the password “dugidox2407.”

DNS 314

DNS Cybercrime Passwords Accountability 314

Krebs on Security

AUGUST 30, 2022

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. In an Aug.

Mobile 340

Mobile Phishing Authentication Accountability 340

SecureList

APRIL 8, 2025

Pages like that are well-indexed by search engines and appear in their search results. The infection chain: from searching for office software to downloading an installer The downloaded archive contains another password-protected archive, installer.zip , and a Readme.txt file with the password.

Passwords 87

Passwords Cryptocurrency Software Antivirus 87

Security Affairs

NOVEMBER 6, 2018

Group-IB and Swiss insurance broker ASPIS that owns CryptoIns project, have developed the world’s first scoring model for assessing cryptocurrency exchanges. Based on the risk score, CryptoIns experts have calculated insurance rates for cryptocurrency exchange users who can now insure their accounts against cyber threats.

Insurance 96

Insurance Cryptocurrency Cyber threats Marketing 96

Hot for Security

JUNE 8, 2021

million from a cryptocurrency account used by the hackers. bitcoin as it moved through the cryptocurrency ecosystem in multiple anonymous transfers. Fortunately, they also had the password or private key needed to access the wallet address, according to the supporting affidavit.

Cryptocurrency 137

Cryptocurrency Ransomware Passwords Engineering 137

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. As cryptocurrencies continue to grow, this number is only ever going to get larger. million in 2023.

Phishing 84

Phishing Banking Scams Mobile 84

Security Boulevard

FEBRUARY 12, 2021

This allowed them to access many apps and ask for password resets, which often confirm the request is intended for the correct user by sending a "Two Factor Authentication" request in the form of an SMS message. Some crypto currency exchanges use an even stronger method, of requiring confirmation both by an SMS to the phone and by email.

Cryptocurrency 119

Cryptocurrency Accountability Scams Social Engineering 119

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Meanwhile, in August 2020, we also released a private report on VileRAT to our threat intelligence customers for the first time. xml version="1.0"

Cryptocurrency 117

Cryptocurrency Encryption Social Engineering Passwords 117

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 128

Cryptocurrency Malware Authentication Banking 128

Malwarebytes

MARCH 19, 2024

Armed with an email and password—which are easily bought online— and the 2FA code, an attacker could take over the victim’s online accounts. SIM swapping can be done in a number of ways, but perhaps the most common involves a social engineering attack on the victim’s carrier. Katz pleaded guilty before Chief U.S.

Social Engineering 142

Social Engineering Computers and Electronics Mobile Identity Theft 142

Security Affairs

APRIL 7, 2025

“In the Florida case, Urban was accused of stealing at least $800,000 in cryptocurrency from five different victims between August 2022 and March 2023.” Prosecutors revealed that Urban and co-conspirators stole victims’ personal info and used SIM swapping to reset crypto account passwords and drain funds.

Cybercrime 67

Cybercrime Identity Theft Social Engineering Hacking 67

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST.

DNS 145

DNS Malware Internet Internet 145

Security Affairs

MAY 18, 2022

Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns of the rise of cryware, malicious software used to steal info an dfunds from non-custodial cryptocurrency wallets, also known as hot wallets. Password and info stealers.

Cryptocurrency 110

Cryptocurrency Social Engineering Malware Cybercrime 110

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 138

Phishing Data breaches Cryptocurrency Social Engineering 138

Security Affairs

OCTOBER 28, 2019

Security expert Marco Ramilli published a quick analysis of an interesting attack carried out by SWEED threat actor targeting precision engineering firms in Italy. Today I’d like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Introduction. Analysis of Dropped PE File.

Engineering 69

Engineering Passwords Malware Advertising 69

SecureWorld News

JUNE 17, 2024

The CISA warning explicitly states that its employees "will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret." RELATED: The Impact of AI on Social Engineering Cyber Attacks ] Follow SecureWorld News for more stories related to cybersecurity.

Social Engineering 113

Social Engineering Scams Artificial Intelligence Engineering 113

SecureWorld News

FEBRUARY 14, 2025

Use secure payment methods Avoid wire transfers, prepaid gift cards, or cryptocurrency for online purchases for Valentine's Day. Protect your personal information Valentine's Day scammers take advantage of social engineering and people letting their guard down around February 14th.

Scams 73

Scams Cybercrime Social Engineering Phishing 73

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

SecureList

APRIL 21, 2025

Lumma has also been observed using exploit kits, social engineering, and compromised websites to extend its reach and evade detection by security solutions. Fake Telegram channels for pirated content and cryptocurrencies. In this article, we’ll focus mainly on the fake CAPTCHA distribution vector.

Malware 89

Malware Cryptocurrency Software Phishing 89

Krebs on Security

DECEMBER 5, 2022

Glupteba is a rootkit that steals passwords and other access credentials, disables security software, and tries to compromise other devices on the victim network — such as Internet routers and media storage servers — for use in relaying spam or other malicious traffic. attorney to pay Google’s legal fees.

Cybercrime 305

Cybercrime Malware Internet Internet 305