Tag: crypto
-
A $20 Billion Crypto Scam Market Faces a New Government Crackdown
The Telegram-based Xinbi Guarantee black market sells services that help prop up scam operations. British officials just hit the highly lucrative marketplace with sweeping sanctions. First seen on wired.com Jump to article: www.wired.com/story/20-billion-xinbi-guarantee-uk-sanctions/
-
GitHub phishers use fake OpenClaw tokens to drain crypto wallets
Smart, obfuscated malware code: According to OX, the malicious phishing and wallet-stealing code is “highly obfuscated” and resides within the “eleven.js” JavaScript file in the repository.The threat actor used “watery-compost[.]today” to host a C2 server to collect information (including wallet address, transaction value, and name) and drain wallets once they were connected. Commands used by…
-
UK sanctions Chinese crypto marketplace tied to scam compounds
The British government sanctioned Xinbi, a Chinese-language cryptocurrency marketplace accused of enabling large-scale online fraud and human exploitation, in a move targeting the financial infrastructure behind global scam networks. First seen on therecord.media Jump to article: therecord.media/xinbi-crypto-marketplace-sanctioned
-
New Torg Grabber infostealer malware targets 728 crypto wallets
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/
-
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs.”It logs keystrokes, dumps cookies and session tokens, captures screenshots, and First seen…
-
Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam
OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets First seen on hackread.com Jump to article: hackread.com/fake-openclaw-token-github-devs-wallet-drainer-scam/
-
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers. First seen on hackread.com Jump to article: hackread.com/teampcp-trivy-checkmarx-litellm-credential-theft/
-
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
A large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-assisted lures ranging from OpenClaw deployment tools to game cheats, Roblox scripts, crypto bots, VPN crackers, and…
-
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys to the same Telegram bot-based command-and-control (C2) channel. The campaign hits both Solana and Ethereum…
-
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.”The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared First seen on thehackernews.com…
-
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.”The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared First seen on thehackernews.com…
-
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.”The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared First seen on thehackernews.com…
-
New Npm ‘Ghost Campaign’ Uses Fake Install Logs to Hide Malware
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-ghost-campaign-fake-install/
-
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data.The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below -react-performance-suitereact-state-optimizer-corereact-fast-utilsaai-fast-auto-trader First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/ghost-campaign-uses-7-npm-packages-to.html
-
Founder of CoinDCX Arrested Amid Serious Fraud and Cheating Charges
The Indian cryptocurrency sector is currently facing a significant legal and cybersecurity controversy following the recent arrest of prominent CoinDCX executives. Local law enforcement from Mumbra police in Thane apprehended co-founders Sumit Gupta and Neeraj Khandelwal in Bengaluru. Both executives were produced before a court and remanded into police custody, facing charges of criminal breach…
-
Quantum threats are already active and the defense response remains fragmented
Enterprises are moving toward post-quantum security at uneven speeds, and the gap between organizations that have built crypto-agility into their infrastructure and those that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/23/ciso-post-quantum-crypto-agility/
-
Why US companies must be ready for quantum by 2030: A practical roadmap
Tags: api, backup, control, crypto, cryptography, data, encryption, endpoint, firmware, government, identity, infrastructure, ml, nist, risk, service, software, strategy, supply-chain, update, vpn“Harvest now, decrypt later” is not theoretical. If an attacker steals encrypted session captures or archived backups, the confidentiality loss happens the day quantum-capable decryption becomes practical. Your risk horizon is set by the shelf life of your data, not the arrival date of a quantum computer.Government and critical infrastructure guidance are converging. The National…
-
Why US companies must be ready for quantum by 2030: A practical roadmap
Tags: api, backup, control, crypto, cryptography, data, encryption, endpoint, firmware, government, identity, infrastructure, ml, nist, risk, service, software, strategy, supply-chain, update, vpn“Harvest now, decrypt later” is not theoretical. If an attacker steals encrypted session captures or archived backups, the confidentiality loss happens the day quantum-capable decryption becomes practical. Your risk horizon is set by the shelf life of your data, not the arrival date of a quantum computer.Government and critical infrastructure guidance are converging. The National…
-
Gefälschte Schutz-App für Krypto-Wallets stiehlt Nutzerdaten
Tags: cryptoEine neue Betrugswelle im Kryptoumfeld zeigt, wie raffiniert Cyberkriminelle inzwischen vorgehen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/gefalschte-schutz-app-krypto-wallets-nutzerdaten
-
CISA orders feds to patch DarkSword iOS flaws exploited attacks
CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-darksword-ios-flaws-exploited-attacks/
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Copyright Complaint Lures Linked to New PureLog Stealer Credential Theft Wave
Threat actors are actively distributing the PureLog Stealer through a sophisticated, multi-stage attack campaign disguised as legal copyright violation notices. This information-stealing malware is engineered to silently harvest sensitive data, including browser credentials, browser extensions, cryptocurrency wallets, and detailed system information. The campaign selectively targets organizations within the healthcare, government, hospitality, and education sectors across…
-
Gefälschte Schutz-App für Krypto-Wallets stiehlt Nutzerdaten
Okta Threat Intelligence hat eine gefährliche Kryptoscam-Kampagne namens <> aufgedeckt und ihre Infrastruktur zerschlagen. Die als Browser-Erweiterung beworbene Anwendung versprach Nutzern, ihre Krypto-Wallet vor Phishing und Betrug zu schützen in Wirklichkeit war sie jedoch ein Trojaner, der gezielt Wallet-Adressen und sensible Daten von Binance, Coinbase, Metamask, Opensea, Phantom und Uniswap abgriff. Sogar Nutzer von […]…
-
Wenn die Verschlüsselung zum Risiko wird
Hinter der PQC-Migration steckt ein übergeordnetes Ziel: Krypto-Agilität die Fähigkeit, kryptographische Algorithmen jederzeit und ohne spürbare Betriebsunterbrechungen auszutauschen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-die-verschluesselung-zum-risiko-wird/a44225/
-
Bitrefill blames North Korean Lazarus group for cyberattack
Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitrefill-blames-north-korean-lazarus-group-for-cyberattack/
-
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.”‹ ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such…
-
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.”‹ ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such…
-
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.”‹ ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such…
-
C2 Implant ‘SnappyClient’ Targets Crypto Wallets
In addition to enabling remote access, the malware supports a wide range of capabilities including data theft and spying. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/new-c2-implant-snappyclient-targets-crypto-wallets