Tag: crypto
-
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranian-crypto-leaked-database/
-
Südkoreanische Steuerbehörde verliert Krypto-Millionen weil sie das Passwort verraten hat
First seen on t3n.de Jump to article: t3n.de/news/steuerbehoerde-krypto-passwort-1731953/
-
New ‘StegaBin’ Campaign Deploys Multi-Stage Credential Stealer via 26 Malicious npm Packages
Tags: access, attack, credentials, crypto, cyber, malicious, north-korea, open-source, supply-chain, threatA new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT). The campaign is linked to the North Korean-aligned FAMOUS CHOLLIMA threat actor, known from previous “Contagious Interview” operations against cryptocurrency…
-
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed >>malext,<< which steals sensitive data such as browser credentials and crypto wallets. Suspicious password prompts halted the compromise, revealing initial domains like optimize-storage-mac-os[.]medium[.]com, octopox[.]com, and vagturk[.]com."‹ Google Ads Library exposed over…
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/
-
South Korean Tax Agency Leak Leads to $4.8M Crypto Theft
A South Korean tax agency press release exposed a seized wallet’s seed phrase, enabling a $4.8 million cryptocurrency theft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/south-korean-tax-agency-leak-leads-to-4-8m-crypto-theft/
-
Chrome Extension Hijacked to Push ClickFix Malware
A trusted Chrome extension was hijacked to strip browser protections, deploy ClickFix malware, and steal cryptocurrency and user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-extension-hijacked-to-push-clickfix-malware/
-
Seed Phrase geleakt: Behördenpanne führt zu millionenschwerem Krypto-Diebstahl
Krypto-Anleger wissen, wie wichtig es ist, eine Seed Phrase sicher und geheim zu bewahren. Steuerfahnder aus Südkorea aber offenkundig nicht. First seen on golem.de Jump to article: www.golem.de/news/seed-phrase-geleakt-behoerdenpanne-fuehrt-zu-millionenschwerem-krypto-diebstahl-2603-205980.html
-
QuickLens Chrome extension steals crypto, shows ClickFix attack
A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
-
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
South Korea’s National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
-
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool
Credential and cryptocurrency theft, live surveillance, ransomware – an attacker’s Swiss Army knife First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
-
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering.The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added.”Criminal First…
-
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password First seen on thehackernews.com Jump to article:…
-
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments
Malicious actors are abusing Go’s open-source ecosystem by deploying a backdoored crypto module that steals passwords and installs a Rekoobe Linux backdoor on developer and CI environments. The package imitates Go’s trusted cryptography library to turn ordinary password prompts into a full compromise chain quietly. On pkg.go.dev it appears as a normal cryptography library with…
-
Malicious Ads Bypass Google Ads Screening via New Campaign Platform Exploit
A sophisticated cloaking platform called 1Campaign, designed to help attackers run malicious Google Ads campaigns while evading detection. The service acts as a full”‘service infrastructure for malvertising, filtering out researchers and automated scanners to keep phishing and cryptocurrency drainer sites online for extended periods. Operated by a developer using the alias DuppyMeister, 1Campaign has been…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/airline-phishing-campaigns-crypto-fraud/
-
Crypto platform Step Finance shutting down after $40 million theft
The decentralized finance platform Step Finance said the theft of $40 million from its treasury in late January led the company to decide to wind down operations. First seen on therecord.media Jump to article: therecord.media/step-finance-cryptocurrency-theft-shutdown
-
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. First seen on hackread.com Jump to article: hackread.com/zerodayrat-malware-monitoring-android-ios-devices/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts.”Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim First seen on thehackernews.com Jump…
-
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code…
-
Why crypto agility is key to quantum readiness
With quantum computing threatening current encryption standards, experts call for organisations to achieve crypto agility by managing the lifecycle of certificates and cryptographic keys through automation First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639320/Why-crypto-agility-is-key-to-quantum-readiness
-
DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46 billion dollars in cryptoassets from Dubai-based exchange Bybit, in what remains the largest confirmed crypto theft to date. By…
-
New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Infostealer
Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-crypto-wallets-browsers-infostealer/
-
Scammers Use Fake Gemini AI Chatbot for Crypto Scam
Scammers used a fake Gemini AI chatbot to promote a bogus Google Coin presale, signaling a rise in AI-driven crypto impersonation fraud. The post Scammers Use Fake Gemini AI Chatbot for Crypto Scam appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-scammers-use-fake-gemini-ai-chatbot-crypto-scam/
-
Don’t trust TrustConnect: This fake remote support tool only helps hackers
Attackers use a dual-purpose website: The TrustConnect website has realistic marketing language, feature descriptions, and documentation that serves both as a public-facing front to promote the software and as a backend portal for customers who purchase access to the tool’s malicious services.”Cybercriminals are instructed to sign up for a ‘free trial,’ instructed on how to…