Tag: crypto
-
ClipXDaemon Malware Targets Crypto Users in Linux X11 Sessions
ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command”‘and”‘control (C2) infrastructure. It reuses a ShadowHS-style loader built with the public bincrypter framework but delivers a completely different, autonomous financial payload. ShadowHS used an obfuscated shell loader to deploy an in”‘memory hackshell for long”‘term…
-
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux
Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/clipxdaemon-linux-malware/
-
ClipXDaemon Malware, a Stealthy Cryptocurrency Clipboard Hijacker on Linux
Security researchers have identified a new Linux malware strain called ClipXDaemon, a stealthy threat designed to target cryptocurrency users by manipulating copied wallet addresses. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/clipxdaemon-linux-malware/
-
PQC roadmap remains hazy as vendors race for early advantage
Tags: attack, cisco, communications, control, crypto, cryptography, data, encryption, finance, firmware, gartner, google, grc, guide, Hardware, healthcare, identity, infrastructure, monitoring, network, nist, risk, software, technology, threat, tool, vpn, vulnerabilitySome are already ahead as the migration question looms: One of the earliest vendors to operationalize cryptographic discovery specifically for PQC readiness was Sandbox AQ, which emerged from Google’s quantum research efforts. As early as 2022, the company argued that enterprises needed to inventory cryptography assets long before post-quantum algorithms could be deployed at scale.Initially…
-
Massive GitHub malware operation spreads BoryptGrab stealer
Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user files. Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is designed to collect browser and cryptocurrency wallet data, system details, and common files. Some variants also deploy…
-
Malicious Browser Add”‘on Targets imToken Users’ Private Keys
Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases from cryptocurrency users. The malicious add-on, named >>lmΤoken Chromophore<< (extension ID bbhaganppipihlhjgaaeeeefbaoihcgi), disguises itself as a harmless hex color visualizer for developers and digital artists. However, its true purpose is to impersonate the widely used…
-
ClickFix attackers using new tactic to evade detection, says Microsoft
AppData\Local that is then invoked through cmd.exe to write a VBScript to %Temp%. The batch script is executed via cmd.exe with the /launched command-line argument, and is then executed again through MSBuild.exe, resulting in LOLBin abuse. The script connects to Crypto Blockchain RPC endpoints, indicating etherhiding technique, and also performs QueueUserAPC()-based code injection into chrome.exe…
-
FBI Arrests Suspect in $46M U.S. Marshals Crypto Theft
The FBI arrested a suspect accused of stealing $46 million in cryptocurrency from U.S. Marshals Service holdings. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fbi-arrests-suspect-in-46m-u-s-marshals-crypto-theft/
-
CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/
-
CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-apple-flaws-exploited-in-spyware-crypto-theft-attacks/
-
Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets
We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fake-cleanmymac-site-installs-shub-stealer-and-backdoors-crypto-wallets/
-
Son of government contractor arrested after alleged $46M crypto heist from US Marshals
FBI and French GIGN swoop on Saint Martin, John Daghita in cuffs First seen on theregister.com Jump to article: www.theregister.com/2026/03/06/contractor_son_crypto_arrest/
-
Teenage hacker myth primed for a middle-age criminal makeover
Tags: access, breach, business, corporate, crypto, cyber, cybercrime, cybersecurity, data, detection, extortion, finance, group, hacker, hacking, infrastructure, jobs, malware, network, penetration-testing, programming, ransomware, service, skills, software, technology, threat, vulnerabilityCybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism…
-
What Is Address Poisoning
As cryptocurrency adoption continues to grow, so do the tactics used by cybercriminals to exploit users. One of the emerging threats in the blockchain ecosystem is address poisoning, a subtle yet highly deceptive attack designed to trick users into sending funds to fraudulent wallet addresses. Unlike traditional hacking methods that rely on breaching systems,… First…
-
FBI Detains U.S. Government Contractor in Massive $46 Million Fraud Scheme
In a major law enforcement operation, authorities have arrested a U.S. government contractor accused of executing a massive cryptocurrency theft. John Daghita allegedly stole over $46 million in digital assets from the United States Marshals Service (USMS). This successful apprehension highlights the growing intersection of insider threat management, cryptocurrency tracing, and international law enforcement collaboration.…
-
FBI arrests suspect linked to $46M crypto theft from US Marshals
A U.S. government contractor’s son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-arrests-suspect-linked-to-46m-crypto-theft-from-us-marshals/
-
Coruna iOS Exploit Kit Compromises Thousands of iPhones
Researchers uncovered Coruna, a sophisticated iOS exploit kit used to compromise thousands of iPhones and steal cryptocurrency data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/coruna-ios-exploit-kit-compromises-thousands-of-iphones/
-
DPRK Hackers Target Crypto Firms, Steal Keys and Cloud Assets in Coordinated Attacks
Suspected DPRK-linked threat actors have been observed compromising cryptocurrency firms through a coordinated campaign that blends web-app exploitation, cloud abuse, and secrets theft to position for large”‘scale digital asset theft. The intrusions show a full kill chain from initial access via the React2Shell vulnerability (CVE”‘2025″‘55182) to deep AWS and Kubernetes reconnaissance and exfiltration of proprietary…
-
Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/spyware-grade-coruna-ios-exploit-kit-now-used-in-crypto-theft-attacks/
-
Ariomex, Iran-based crypto exchange, suffers data leak
Resecurity says Iran’s Ariomex crypto exchange suffered a data leak exposing user and transaction data from 2022 to 2025. Resecurity (USA) reports that Ariomex’s database, one of Iran’s cryptocurrency exchange platforms, suffered a data leak. The report published by the cybersecurity company presents the findings of a structured analysis of the leaked database, which contains…
-
Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets
A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases. The post Chrome Extension Hijacked to Deliver Malware, Steal Crypto Wallets appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-compromised-chrome-extension-malware-crypto-theft/
-
They seized $4.8m in crypto… then gave the master key to the internet
South Korea’s National Tax Service (NTS) has found itself in the middle of a deeply embarrassing – and costly – blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/they-seized-4-8m-in-crypto-then-gave-the-master-key-to-the-internet
-
Leaked Database Sheds Light on Iranian Crypto Sanctions Evasion
Ariomex database reveals potential sanctions evasion and capital transfers tied to Iranian actors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranian-crypto-leaked-database/
-
Südkoreanische Steuerbehörde verliert Krypto-Millionen weil sie das Passwort verraten hat
First seen on t3n.de Jump to article: t3n.de/news/steuerbehoerde-krypto-passwort-1731953/
-
New ‘StegaBin’ Campaign Deploys Multi-Stage Credential Stealer via 26 Malicious npm Packages
Tags: access, attack, credentials, crypto, cyber, malicious, north-korea, open-source, supply-chain, threatA new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT). The campaign is linked to the North Korean-aligned FAMOUS CHOLLIMA threat actor, known from previous “Contagious Interview” operations against cryptocurrency…
-
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed >>malext,<< which steals sensitive data such as browser credentials and crypto wallets. Suspicious password prompts halted the compromise, revealing initial domains like optimize-storage-mac-os[.]medium[.]com, octopox[.]com, and vagturk[.]com."‹ Google Ads Library exposed over…