Cryptocurrency and Malware - Cyber Security Informer

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. North Korea is the government we know that hacks cryptocurrency in order to fund its operations.

Malware

Malware Cryptocurrency Internet Internet

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

The Hacker News

MAY 27, 2025

Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet. Kaspersky said it observed an unidentified threat

Cryptocurrency

Cryptocurrency Malware

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Security Affairs

APRIL 23, 2025

Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js The user 'mukulljangid ‘released all five malware-laced versions of the library starting from 21 Apr, 20:53 GMT+0.

Cryptocurrency

Cryptocurrency Hacking Malware Risk

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

A sophisticated cybercrime campaign, dubbed Elusive Comet , has been uncovered, in which North Korean threat actors are exploiting Zoom's remote control feature to infiltrate the systems of cryptocurrency professionals. The research behind the discovery was released by Security Alliance , which tracked and analyzed the campaign.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

Advanced Malware Targets Cryptocurrency Wallets

Security Boulevard

MARCH 24, 2025

More attacks targeting cryptocurrency users. The malware targets many widely used cryptocurrency wallet browser extensions: 1. As I outlined in my 2025 Cybersecurity Predictions , I forecast an increased Nation State focus on the finance sector, with specific emphasis on the cryptocurrency.

Cryptocurrency

Cryptocurrency Malware Hacking Cybersecurity

Cryptocurrency users in the US hit by ransomware and Clipper malware

Tech Republic Security

FEBRUARY 16, 2023

Learn how to protect your business and staff from the MortalKombat ransomware and Laplas Clipper malware. The post Cryptocurrency users in the US hit by ransomware and Clipper malware appeared first on TechRepublic.

Cryptocurrency

Cryptocurrency Malware Ransomware Phishing

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed

Penetration Testing

NOVEMBER 29, 2024

Cybersecurity researchers at ReversingLabs have uncovered a stealthy supply chain attack targeting cryptocurrency wallets via the PyPI repository.

Cryptocurrency

Cryptocurrency Cybersecurity Malware

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Security Affairs

FEBRUARY 22, 2025

worth of cryptocurrency from one of the companys offline wallets. The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M). Crypto exchange Bybitwas the victim of a sophisticated attack, and threat actors stole $1.5B

Cryptocurrency

Cryptocurrency Hacking Banking Cybersecurity

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” continues the alert.

Malware

Malware Scams Identity Theft Antivirus

The GitVenom campaign: cryptocurrency theft using GitHub

SecureList

FEBRUARY 24, 2025

stealer that collects information such as saved credentials, cryptocurrency wallet data and browsing history, packs it into a.7z com/Dipo17/battle ) and execute them. These components were as follows: A Node.js 7z archive and uploads it to the attackers via Telegram. Notably, the attacker-controlled Bitcoin wallet ( ID: bc1qtxlz2m6r[.]yspzt

Cryptocurrency

Cryptocurrency Software Encryption Internet

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!

Malware

Malware DDOS Cryptocurrency Education

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. Common malware families include NJRat , XWorm, Phemedrone , and DCRat.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

DPRK-linked BlueNoroff used macOS malware with novel persistence

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware

Malware Risk Architecture Cryptocurrency

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. You are then guided to execute PowerShell code designed to “fix” the supposed problem, unwittingly allowing malware to infiltrate their systems.

Scams

Scams Malware Phishing Social Engineering

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Phishing

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Security Affairs

MAY 28, 2025

The malware includes tools for password theft and stealthy access.” ” The malware is designed for password theft and stealthy access, aiming to steal credentials, crypto wallets, and sell system access for financial gain. . This build-your-own-malware approach makes these attacks more efficient, stealthy, and adaptable.

Antivirus

Antivirus Malware Banking Passwords

SourceForge Used to Distribute ClipBanker Trojan and Cryptocurrency Miner

Penetration Testing

APRIL 8, 2025

In a disturbing discovery by Kaspersky Labs, attackers have been exploiting SourceForge to deliver a sophisticated malware combo: a ClipBanker Trojan and […] The post SourceForge Used to Distribute ClipBanker Trojan and Cryptocurrency Miner appeared first on Daily CyberSecurity.

Cryptocurrency

Cryptocurrency Malware Software Cybersecurity

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in cryptocurrencies from Tony was verify-trezor[.]io. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. Image: Shutterstock, iHaMoo.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

New Go-Based Malware ‘RedisRaider’ Exploits Redis Servers to Mine Cryptocurrency

eSecurity Planet

MAY 20, 2025

Security experts have uncovered a new malware campaign, RedisRaider, that targets misconfigured Redis servers to secretly mine cryptocurrency. The malware, written in Go, spreads aggressively by exploiting weak Redis configurations, ultimately deploying the XMRig Monero miner on compromised Linux systems.

Cryptocurrency

Cryptocurrency Malware Authentication Engineering

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software

Software Cryptocurrency Malware DNS

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

Schneier on Security

APRIL 4, 2023

News : Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week.

Cryptocurrency

Cryptocurrency Hacking Software Cybersecurity

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

Once these permissions are granted, the malware gains extensive capabilities that allow its operators to steal the user’s banking data and credentials, as well as perform remote actions and control the device without the user’s knowledge. Join us in this blogpost as we take a closer look at the malware’s evolution over time.

Banking

Banking Malware Energy and Utilities Encryption

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Penetration Testing

MAY 14, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this time The post PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers appeared first on Daily CyberSecurity.

Malware

Malware Cryptocurrency Software Cybersecurity

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Malwarebytes

MAY 28, 2025

Cybercriminals are taking advantage of the publics interest in Artificial Intelligence (AI) and delivering malware via text-to-video tools. After the first run, the malware displays an error window to trick victims into executing it again. For a full technical analysis of the malware, feel free to read the researchers’ report.

Malware

Malware Scams Artificial Intelligence Media

Mobile malware evolution in 2024

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. million malware, adware or unwanted software attacks targeting mobile devices. Some time later, the user received a phishing link to download malware disguised as a shipment tracking app. A total of 1.1 A total of 1.1

Mobile

Mobile Malware Adware Banking

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 46

Security Affairs

MAY 25, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack How a Trusted IT Tool Became a Malware Delivery Vector Malicious Checker Packages on PyPI Probe TikTok and Instagram for (..)

Malware

Malware Cryptocurrency Banking Ransomware

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

Security Affairs

JANUARY 14, 2025

A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. The Wiz Incident Response team reported that threat actors are exploiting the flaw in attacks in the wild to deploy backdoors and cryptocurrency miners. ” reads the advisory published by Wiz.

Cryptocurrency

Cryptocurrency Hacking Risk Cybercrime

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report.

Malware

Malware Cryptocurrency Encryption Hacking

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software

Software Cryptocurrency Malware Encryption

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

The Hacker News

SEPTEMBER 17, 2024

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.

Cryptocurrency

Cryptocurrency Malware

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

The Hacker News

SEPTEMBER 12, 2024

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua.

Cryptocurrency

Cryptocurrency Malware Cybersecurity

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. “It’s possible this is a shakedown by Kaliningrad authorities of a local internet thug who has tens of millions of dollars in cryptocurrency,” Intel 471 wrote in an analysis published Dec.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

The Hacker News

JUNE 18, 2024

Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads.

Cryptocurrency

Cryptocurrency Malware Cybersecurity

North Korea actors use OtterCookie malware in Contagious Interview campaign

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware

Malware Cryptocurrency Software Hacking

New Linux Cryptomining Malware

Schneier on Security

SEPTEMBER 12, 2022

It’s pretty nasty : The malware was dubbed “ Shikitega ” for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to “mutate” its code to avoid detection.

Malware

Malware Backups IoT Software

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

Security Affairs

NOVEMBER 10, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware Cryptocurrency Banking Hacking

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Shefel asserts he and his team were responsible for developing the card-stealing malware that Golubov’s hackers installed on Target and Home Depot payment terminals, and that at the time he was technical director of a long-running Russian cybercrime community called Lampeduza. “I’m also godfather of his second son.”

Advertising

Advertising Retail Cryptocurrency Cybercrime

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Security Affairs

APRIL 6, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with (..)

Malware

Malware Cryptocurrency Hacking Accountability

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Security Affairs

NOVEMBER 3, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware

Malware VPN Cryptocurrency Mobile

Zoom attack tricks victims into allowing remote access to install malware and steal money

Malwarebytes

APRIL 24, 2025

ELUSIVE COMET targets its victims by luring them into a Zoom video call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets. Sadly, that wasn’t the case for Jake Gallen, who owns a cryptocurrency company called Emblem Vault. He took the bait. ” Gallen did his due diligence.

Malware

Malware Media Accountability Cryptocurrency

Fake Zoom Meeting Links Lead to Million-Dollar Cryptocurrency Heist

Penetration Testing

DECEMBER 27, 2024

A sophisticated phishing campaign masquerading as Zoom meeting invitations has resulted in the theft of millions in cryptocurrency, as revealed by a recent analysis from blockchain security firm SlowMist. By... The post Fake Zoom Meeting Links Lead to Million-Dollar Cryptocurrency Heist appeared first on Cybersecurity News.

Cryptocurrency

Cryptocurrency Phishing Cybersecurity Malware

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. According to the U.S.

Malware

Malware Identity Theft Cybercrime Accountability

U.S. Indicts North Korean Hackers in Theft of $200 Million

Krebs on Security

FEBRUARY 17, 2021

Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings. Image: CISA.

Cryptocurrency

Cryptocurrency Financial Services Banking Government

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

The Hacker News

OCTOBER 3, 2024

Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software.

Cryptocurrency

Cryptocurrency Malware Software

Perfectl Malware

New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency

Trending Sources

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

Advanced Malware Targets Cryptocurrency Wallets

Cryptocurrency users in the US hit by ransomware and Clipper malware

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed

Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

FBI warns of malicious free online document converters spreading malware

The GitVenom campaign: cryptocurrency theft using GitHub

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

DPRK-linked BlueNoroff used macOS malware with novel persistence

Deceptive Google Meet Invites Lures Users Into Malware Scams

Calendar Meeting Links Used to Spread Mac Malware

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

SourceForge Used to Distribute ClipBanker Trojan and Cryptocurrency Miner

A Day in the Life of a Prolific Voice Phishing Crew

New Go-Based Malware ‘RedisRaider’ Exploits Redis Servers to Mine Cryptocurrency

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

Zanubis in motion: Tracing the active evolution of the Android banking malware

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware

Mobile malware evolution in 2024

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 46

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

The source code of Banshee Stealer leaked online

New MassJacker clipper targets pirated software seekers

Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

U.S. Offered $10M for Hacker Just Arrested by Russia

New Malware Targets Exposed Docker APIs for Cryptocurrency Mining

North Korea actors use OtterCookie malware in Contagious Interview campaign

New Linux Cryptomining Malware

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 19

An Interview With the Target & Home Depot Hacker

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 18

Zoom attack tricks victims into allowing remote access to install malware and steal money

Fake Zoom Meeting Links Lead to Million-Dollar Cryptocurrency Heist

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

U.S. Indicts North Korean Hackers in Theft of $200 Million

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Stay Connected