Security Affairs

APRIL 23, 2025

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. These points can be converted to $TENEO tokens.

Cryptocurrency

Krebs on Security

NOVEMBER 9, 2024

A review of EDR vendors across many cybercrime forums shows that some fake EDR vendors sell the ability to send phony police requests to specific social media platforms, including forged court-approved documents. .” An ad from Pwnstar for fake EDR services. “Unlimited Emergency Data Requests.

Hacking

Malwarebytes

NOVEMBER 22, 2024

Once the victim places enough trust in the scammer, they bring the victim into a cryptocurrency investment scheme. They are also forced to engage in a wide range of malicious activities that can involve cryptocurrency and gambling, or they can be tasked to carry out impersonation scams.

Accountability

Security Affairs

DECEMBER 3, 2024

The Japanese cryptocurrency platform DMM Bitcoin is closing its operations just six months after a $300 million cyber heist. DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Bitcoin (BTC), approximately $304 million (48.2

Cryptocurrency

Security Affairs

APRIL 7, 2025

By simply paying the fee, usually in cryptocurrencies, the customer will receive the sensitive material ready to be exploited. This can impact not only the general public but also pose a heightened risk to individuals with significant media exposure, including activists, journalists, and politicians.

Cybercrime

Security Affairs

OCTOBER 13, 2024

CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog Three new Ivanti CSA zero-day actively exploited in attacks Ukrainian national pleads guilty in U.S.

Data breaches

Security Affairs

NOVEMBER 7, 2024

” The attackers, linked to BlueNoroff and past RustBucket campaigns, used fake cryptocurrency news emails and a malicious app disguised as a PDF. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware

Malwarebytes

MAY 1, 2025

Whereas early phishing scams arrived almost entirely through emails, modern phishing scams can reach victims through malicious websites, text messages, social media, and even mobile app downloads. The hackers hijacked the channels to spread cryptocurrency scams, while deleting some of the groups old videos in the process.

Small Business

SecureWorld News

DECEMBER 3, 2024

In a surprising move related to international cybercrime, Russian authorities have charged Mikhail Matveev, also known as "Wazawaka," with creating ransomware to extort commercial organizations, according to Russian media outlet RIA.

Cybercrime

SecureList

AUGUST 13, 2025

Their primary goal is to extract money from victims by persuading them to pursue “viable investment opportunities” that often involve cryptocurrency. Here are the key trends we are seeing: Personalized attacks: AI analyzes social media and corporate data to stage highly convincing phishing attempts.

Phishing

Malwarebytes

APRIL 24, 2025

The group typically approaches victims with a supposed media opportunity to get them interested, and then sets up an introductory Zoom call. The attackers approached him via the X social media network and refused to switch to email when asked. Then they used a third-party booking system called Calendly to arrange the call.

Malware

SecureWorld News

FEBRUARY 14, 2025

And 2025 will be no different, as increasingly sophisticated online hackers seek to take advantage of Valentine's themed email traffic, social media advertisements, or marketing campaigns, and exploit heightened emotions and a desire to connect. Last year saw a 110% rise in cybercrime in the lead up to Valentine's Day.

Scams

Malwarebytes

MAY 28, 2025

Links to the malicious websites were brought to the researchers’ attention by ads and links in comments on social media platforms. Look out for ads with too-good-to-be-true offers, urgent deadlines, or unusual payment methods like cryptocurrency or wire transfers.

Malware

SecureWorld News

JUNE 19, 2025

On June 18th, the same group drained and "burned" more than $90 million in cryptocurrency from Nobitex, Iran's la rgest crypto exchange. The digital defacement was brief but symbolically powerful, undermining state control of official media during a period of heightened national tension.

Internet

Malwarebytes

JUNE 18, 2025

They can profess their empty love to you across your social media apps. They use it to check emails, browse the internet, make phone calls, scroll through social media, and text family and friends. A romance scam, similarly, can start on a social media platform but can move into a messaging service like WhatsApp.

Scams

SecureList

JUNE 23, 2025

We believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims. Tapping these opened WebView, revealing an online store named TikToki Mall that accepted cryptocurrency as payment for consumer goods. Our initial search led us to a bunch of cryptocurrency apps.

Spyware

SecureList

APRIL 25, 2025

Specifically, they can modify cryptocurrency wallet addresses during transfer attempts, replace links in browsers, send arbitrary text messages and intercept replies, and steal login credentials for messaging and social media apps. The downloaded payload attempts to steal the victim’s cryptocurrency using various methods.

Cryptocurrency

eSecurity Planet

JULY 15, 2025

Buy from trusted sources: Stick to verified sellers and avoid social media listings or unverified platforms. Avoid odd payment requests: Scammers often ask for payments via gift cards, wire transfers, or cryptocurrency. Avoid sending money using “Friends and Family” for goods or services.

Scams

SecureList

NOVEMBER 29, 2024

Furthermore, an independent security researcher released an analysis of a new version of BeaverTail , another type of information stealer designed to exfiltrate data from web browsers and cryptocurrency wallets. This malware also possessed the capability to install a backdoor on compromised systems.

Mobile

SecureWorld News

JULY 8, 2025

This shift was supercharged by cryptocurrency, encrypted communication platforms, and the global reach of phishing. The anonymity of cryptocurrency fuels the ecosystem, offering frictionless payments while shielding both parties from law enforcement. This model made ransomware more accessible, more efficient, and far more dangerous.

Ransomware

SecureWorld News

MAY 14, 2025

Top cybercrime categories: Phishing/spoofing: 193,407 complaints Extortion: 86,415 complaints Personal data breaches: 64,882 complaints Cryptocurrency-related scams: Nearly 150,000 complaints involved cryptocurrency, accounting for $9.3 billion in losses. Ransomware The IC3 recognized 67 new ransomware variants in 2024.

Cybercrime

IT Security Guru

APRIL 25, 2025

As more people shift to online financial platforms or cryptocurrencies, digital wallets have become a common target for phishing scams. Furthermore, scammers may also try to contact you via social media or SMS, so being wary of any unsolicited communication coming your way is important.

Scams

Security Affairs

MARCH 29, 2025

A pig butchering scam is a manipulative fraud where scammers build trust with victims over time, often via social media or dating apps, before exploiting them financially. They introduce fake investment opportunities, convincing victims to invest large sums.

Scams

Security Affairs

JUNE 6, 2025

” Maxim Rudometov has been closely involved with the RedLine infostealer operation, regularly managing its technical infrastructure and handling cryptocurrency accounts used to receive and launder payments. He’s known online by several aliases, including “dendimirror,” “alinchok,” “makc1901,” and “bloodzz.fenix.”

Malware

Zero Day

JUNE 26, 2025

Also:  Best data removal services: Delete yourself from the internet If you have any cryptocurrency, you were probably encouraged to write down a seed phrase when you created your wallet and store it in a secure, offline location. While writing the phrase down is optimal, many people take a screenshot to remember it later.

Password Management

Security Affairs

MARCH 2, 2025

DragonForce Ransomware Group is Targeting Saudi Arabia Massive Botnet Targets M365 with Stealthy Password Spraying Attacks Notorious Malware, Spam Host Prospero Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2 #StopRansomware: Ghost (Cring) Ransomware The GitVenom campaign: cryptocurrency theft using GitHub Silent Killers: (..)

Malware

Cisco Security

JULY 7, 2025

Twenty years ago, when the National Academies last published the Cyber Hard Problems report, social media was for college kids with.edu emails and the global pandemic had yet to drive business online. And, the advent of Bitcoin and other cryptocurrencies has provided a relatively safe channel for ransom, extortion and other illicit payments.

Cyber Risk

We Live Security

JULY 4, 2025

They may differ in small details , but all work something like this: You are approached via an unsolicited text message (WhatsApp, Telegram etc), SMS or social media message. The FTC recorded 20,000 cases in the first half of 2024 alone, versus 5,000 in the whole of 2023. This is what the whole scam is really about.

Scams

Digital Shadows

MARCH 12, 2025

The gambling subsector was hit hardest, followed by the music, media, and tourism industries. Credential Harvesters Drive Increased Impersonation Campaigns Impersonation campaigns emerged as a leading tactic during the reporting period, with threat actors using fake domains and social media profiles to deceive customers and steal credentials.

Cyber threats

SecureList

APRIL 21, 2025

Fake CAPTCHA distribution vectors Fake CAPTCHA distribution scheme There are two types of resources used to promote fake CAPTCHA pages: Pirated media, adult content, and cracked software sites. Fake Telegram channels for pirated content and cryptocurrencies. The attackers also use social media posts to lure victims to these channels.

Malware

SecureList

OCTOBER 23, 2024

For several months, the attackers were building their social media presence, regularly making posts on X (formerly Twitter) from multiple accounts and promoting their game with content produced by generative AI and graphic designers.

Engineering

Zero Day

JUNE 17, 2025

Also in the mix were several European banks, apps such as Tinder and Snapshot, the Binance cryptocurrency exchange, and even encrypted chat apps like Signal and WhatsApp. " Analyzing the data, Bloomberg and Lighthouse found that the senders included such major tech players as Google, Meta, and Amazon.

Authentication

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The percentage was lower for home users (10.34%), but home users were more likely to be targeted by pages using banks and global internet portals, social media and IMs, payment systems, and online games as a lure. million detections compared to 5.84

Phishing

SecureList

APRIL 23, 2025

Initial vector The infection began when the user of a targeted system accessed several South Korean online media sites. LPEClient LPEClient is a tool known for victim profiling and payload delivery ( T1105 ) that has previously been observed in attacks on defense contractors and the cryptocurrency industry. com The first domain, www.

Malware

SecureList

NOVEMBER 29, 2024

The sub-campaigns imitate legitimate projects, with slight modifications to names and branding, and using multiple social media accounts to enhance their credibility. All the active sub-campaigns host the initial downloader on Dropbox.

Energy and Utilities

Malwarebytes

FEBRUARY 19, 2025

With stolen passwords, the impact is even broader; hackers could wire funds from a breached online banking account into their own, or masquerade as someone on social media to ask friends and family for money. Some info stealers dont even require an additional stepthey can take cryptocurrency directly from a victims online accounts.

Malware

Krebs on Security

NOVEMBER 5, 2024

404 Media reports that at a court hearing in Ontario this morning, Moucka called in from a prison phone and said he was seeking legal aid to hire an attorney. KrebsOnSecurity has learned that Moucka is currently named in multiple indictments issued by U.S. prosecutors and federal law enforcement agencies.

Cybercrime