Krebs on Security

JANUARY 7, 2025

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Image: Shutterstock, iHaMoo.

Phishing 352

Phishing Cryptocurrency Accountability Social Engineering 352

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. An FBI wanted poster for Matveev. Matveev, a.k.a. prosecutors allege.

Cybercrime 272

Cybercrime Ransomware Cryptocurrency Government 272

Security Affairs

MARCH 10, 2025

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. Common malware families include NJRat , XWorm, Phemedrone , and DCRat.

Cryptocurrency 92

Cryptocurrency Malware Social Engineering Antivirus 92

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware 124

Malware Architecture Risk Cryptocurrency 124

SecureList

FEBRUARY 24, 2025

We observed these files to contain information about the projects, as well as instructions on how to compile their code. stealer that collects information such as saved credentials, cryptocurrency wallet data and browsing history, packs it into a.7z files, possibly generated using AI tools. Snippets of README.md

Cryptocurrency 121

Cryptocurrency Software Encryption Internet 121

The Hacker News

JULY 23, 2025

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.

Banking 116

Banking Malware Cryptocurrency 116

Krebs on Security

NOVEMBER 9, 2024

. “Cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests to US based companies, exposing the personal information of customers to further use for criminal purposes,” the FBI warned. Don’t be discouraged.

Hacking 317

Hacking Accountability Government Social Engineering 317

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report.

Malware 144

Malware Cryptocurrency Encryption Hacking 144

Security Affairs

JANUARY 14, 2025

A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. The Wiz Incident Response team reported that threat actors are exploiting the flaw in attacks in the wild to deploy backdoors and cryptocurrency miners. ” reads the advisory published by Wiz.

Cryptocurrency 83

Cryptocurrency Hacking Risk Cybercrime 83

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software 118

Software Cryptocurrency Malware Encryption 118

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware 89

Malware Cryptocurrency Software Hacking 89

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Security Affairs

MAY 28, 2025

The malware includes tools for password theft and stealthy access.” ” The malware is designed for password theft and stealthy access, aiming to steal credentials, crypto wallets, and sell system access for financial gain. . This build-your-own-malware approach makes these attacks more efficient, stealthy, and adaptable.

Antivirus 121

Antivirus Malware Banking Cryptocurrency 121

Krebs on Security

NOVEMBER 14, 2024

But not long after KrebsOnSecurity reported in April that Shefel/Rescator also was behind the theft of Social Security and tax information from a majority of South Carolina residents in 2012, Mr. Shefel began contacting this author with the pretense of setting the record straight on his alleged criminal hacking activities.

Advertising 299

Advertising Retail Cryptocurrency Cybercrime 299

Security Affairs

DECEMBER 22, 2024

Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024. reward for information leading to his arrest.

Ransomware 121

Ransomware Small Business Antivirus Malware 121

Malwarebytes

MAY 28, 2025

Cybercriminals are taking advantage of the publics interest in Artificial Intelligence (AI) and delivering malware via text-to-video tools. After the first run, the malware displays an error window to trick victims into executing it again. For a full technical analysis of the malware, feel free to read the researchers’ report.

Malware 114

Malware Scams Artificial Intelligence Media 114

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking 101

Banking Malware Encryption Energy and Utilities 101

Security Affairs

MAY 25, 2025

Coordination by Eurojust ensured that authorities were able to exchange information and align their investigative efforts.” in cryptocurrency, bringing the total to over 21.2M. This follows the 2024 botnet crackdown , targeting evolving malware threats and cybercriminal groups. ” Authorities also seized 3.5M

Ransomware 127

Ransomware Cybercrime Malware Cryptocurrency 127

SecureWorld News

FEBRUARY 26, 2025

On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 Enhanced malware defense, including advanced detection and regular audits, is crucial. billion in crypto assets.

Hacking 95

Hacking Cryptocurrency Cyber threats Malware 95

Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim Alexandrovich Rudometov.

Malware 88

Malware Passwords Identity Theft Government 88

Security Affairs

JUNE 22, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): (..)

Malware 94

Malware Cryptocurrency Threat Reports Mobile 94

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. ” reads the report published by Check Point.

Malware 122

Malware Antivirus Advertising Cybercrime 122

Security Affairs

APRIL 23, 2025

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malicious script connects to teneo[.]pro

Cryptocurrency 117

Cryptocurrency Malware Media Hacking 117

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Cryptocurrency 123

Cryptocurrency Malware Firmware Antivirus 123

Security Affairs

APRIL 6, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with (..)

Malware 78

Malware Cryptocurrency Hacking Accountability 78

Security Affairs

MAY 25, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack How a Trusted IT Tool Became a Malware Delivery Vector Malicious Checker Packages on PyPI Probe TikTok and Instagram for (..)

Malware 86

Malware Cryptocurrency Banking Ransomware 86

SecureList

JUNE 23, 2025

The malware was distributed through unofficial sources as well as Google Play and App Store. We believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims. Tapping these opened WebView, revealing an online store named TikToki Mall that accepted cryptocurrency as payment for consumer goods.

Spyware 128

Spyware Malware Cryptocurrency Scams 128

Security Affairs

OCTOBER 13, 2024

The Mexican Drug Cartels Want You Casio: Notice of Partial Service Outage and Information Leak Caused by Ransomware Attack He founded a “startup” to access sanctioned Russian websites: the cyber police of Khmelnytskyi region exposed the hacker Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse Malware Over 300,000!

Data breaches 118

Data breaches Cryptocurrency Cybercrime Artificial Intelligence 118

Security Affairs

MARCH 18, 2025

dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital wallet data, clipboard content, and system information. Microsoft has yet to attribute the malware to a specific threat actor or geolocation, however, the IT giant believes that it was not widespread at this time.

Malware 114

Malware Cryptocurrency Encryption Hacking 114

eSecurity Planet

MAY 5, 2025

A notorious hacker group known as Golden Chickens is back in the spotlight after cybersecurity researchers discovered two new digital weapons designed to steal passwords, watch every word you type, and target your cryptocurrency. But unlike most modern malware, TerraLogger doesnt send the stolen data anywhere at least not yet.

Passwords 67

Passwords Malware Cryptocurrency Cybercrime 67

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

MARCH 4, 2025

Threat actors use weak credential brute force to gain access to target systems, then deploy cryptocurrency miners and crimeware with capabilities like data exfiltration, persistence, self-termination, and pivot attacks. The malware disables remote access to entrench itself further. West Coast to deploy info stealers and crypto miners.

Cryptocurrency 107

Cryptocurrency Malware Hacking Passwords 107

Security Affairs

APRIL 14, 2025

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2 , and were used to steal PayPal credentials and hijack cryptocurrency transfers.

Cryptocurrency 106

Cryptocurrency Hacking Accountability Cybercrime 106

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 80

Malware Cryptocurrency Encryption Phishing 80

Security Affairs

FEBRUARY 5, 2025

Bitdefender researchers reported that the North Korea-linked Lazarus group uses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. The code appears harmless but hides an obfuscated script that loads malware.

Cryptocurrency 73

Cryptocurrency Malware Hacking Technology 73

Security Boulevard

DECEMBER 16, 2024

IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. exeapimonitor-x64.exex32dbg.exex64dbg.exex96dbg.execheatengine.exescylla.execharles.execheatengine-x86_64.exereclass.net.exeThese

Malware 97

Malware Cryptocurrency Encryption Software 97

Security Affairs

APRIL 7, 2025

These falsely obtained credentials enable cyber criminals to successfully mimic a real-world investigation by inducing platform operators to provide extremely sensitive information. By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited.

Cybercrime 140

Cybercrime Social Engineering Accountability Government 140