Tag: crypto

PyPI package with 1.1M monthly downloads hacked to push infostealer

Apr 27, 2026 6:39 PM

Tags: crypto, data, malicious, pypi

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-package-with-11m-monthly-downloads-hacked-to-push-infostealer/
US Sanctions Target Cambodian Scam Network Leaders

Apr 27, 2026 5:39 PM

Tags: crypto, fraud, network, scam

US sanctions target Cambodian scam networks tied to crypto fraud and trafficking First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-sanctions-cambodian-scam-network/
Money launderer linked to $230M crypto heist gets 70 months in prison

Apr 27, 2026 3:39 PM

Tags: breach, crypto

22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/money-launderer-linked-to-230m-crypto-heist-gets-70-months-in-prison/
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

Apr 27, 2026 12:39 PM

Tags: attack, captcha, crypto

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data. First seen on hackread.com Jump to article: hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Apr 27, 2026 11:38 AM

Tags: captcha, crypto, cybersecurity, fraud, international, mobile, phone, scam, threat

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers.According to a new report published by Infoblox, the operation is believed…
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Apr 24, 2026 2:39 PM

Tags: apple, crypto, cybersecurity, kaspersky, malicious

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025.”Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of…
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews

Apr 24, 2026 12:39 PM

Tags: ai, crypto, cyber, hacker, jobs, malware

Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Developers are invited to complete coding tests that require cloning and running seemingly legitimate repositories from platforms…
Warnung vor neuen Android-Trojanern: 800 Apps betroffen

Apr 24, 2026 5:39 AM

Tags: android, banking, crypto

Zimperium identifiziert vier neue Android-Banking-Trojaner. Über 800 Finanz- und Krypto-Apps weltweit sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-800-apps-betroffen
Cryptohack Roundup: US-Sanctioned Grinex Hacked

Apr 23, 2026 9:39 PM

Tags: crypto, exploit, finance, hacker, scam, theft, update

Also: Updates in KelpDAO, Drift, Hyperbridge Hacks. This week, Grinex was exploited, a hacker laundered KelpDAO funds, Circle was sued over $280M Drift hack, Rhea Finance and Volo Protocol were exploited, update in Hyperbridge hack, sentencing in art scam case, a French home invasion for crypto theft and eth.limo hijack thwarted. First seen on govinfosecurity.com…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions

Apr 23, 2026 11:39 AM

Tags: crypto, cyber, infrastructure, international, north-korea, tactics, threat

North Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher ZachXBT, sheds light on the infrastructure and tactics behind this evolving campaign. ZachXBT identified the domain luckyguys[.]site as being…
Lazarus Lures Developers With Backdoored Coding Tests

Apr 23, 2026 11:39 AM

Tags: ai, crypto, cyber, data, group, hacker, korea, lazarus, malware, north-korea

North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations before pivoting fully to malware-driven theft. In just three months, the group exfiltrated data from…
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware

Apr 23, 2026 10:39 AM

Tags: crypto, cyber, hacker, macOS, malware

Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdings above 10,000 USD and using polished lures that closely mimic legitimate apps and workflows.…
KI-Agent betreibt im Modelltraining autonomes Krypto-Mining

Apr 23, 2026 10:39 AM

Tags: ai, crypto

Was auf den ersten Blick wie ein kurioser Einzelfall wirkt, legt ein strukturelles Problem offen. Der KI-Agent nutzte eine simple, aber wirkungsvolle Technik. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-agent-betreibt-im-modelltraining-autonomes-krypto-mining/a44727/
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Apr 23, 2026 12:39 AM

Tags: crypto, iran, scam

Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Apr 23, 2026 12:39 AM

Tags: crypto, iran, scam

Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Apr 23, 2026 12:39 AM

Tags: crypto, iran, scam

Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign

Apr 22, 2026 11:39 PM

Tags: attack, crypto, group, hacker, malware, north-korea

Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
North Korea Blamed for $290m KelpDAO Crypto Heist

Apr 22, 2026 5:39 PM

Tags: crypto, group, korea, lazarus, north-korea, theft

North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/
Malicious Google Ads Hit Crypto Users With Wallet Drainers

Apr 22, 2026 3:39 PM

Tags: crypto, cyber, defense, google, malicious

Malicious Google Ads are increasingly being used to steal cryptocurrency by draining wallets and harvesting seed phrases from unsuspecting users searching for legitimate DeFi apps and wallet services. Recent campaigns tracked by SEAL show a sustained, technically advanced operation that actively evades Google’s automated defenses while directly targeting both retail users and crypto organizations. In…
French Fintech Accounts Used to Launder Stolen Funds Before Detection

Apr 22, 2026 2:39 PM

Tags: access, breach, crypto, cyber, cybercrime, detection, finance, fintech

Cybercriminals are turning French freelancer fintech accounts into high-speed money laundering channels, moving stolen funds within minutes often before banks or victims realise anything is wrong. Fintech platforms like Revolut, Wise and N26 allow fast, remote account opening, light-touch digital KYC, and access to SEPA instant transfers, invoicing, cards, and sometimes crypto all packaged for…
26 gefälschte Krypto-Wallets im Apple App Store entdeckt

Apr 22, 2026 11:39 AM

Tags: apple, crypto, malware

Die unter dem Namen ‘FakeWallet” bekannte Malware nutzt raffinierte Täuschungen, um sowohl digitale als auch physische Wallets im Apple App Store zu plündern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apple-app-store-gefaelschte-wallets
$293M KelpDAO Crypto Heist Exposes Cross-Chain Weaknesses in DeFi

Apr 22, 2026 12:40 AM

Tags: crypto, exploit

A $293M KelpDAO hack shows how attackers exploited cross-chain weaknesses to trigger widespread DeFi risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/293m-kelpdao-crypto-heist-exposes-cross-chain-weaknesses-in-defi/
North Korea’s Lazarus APT stole $290M from Kelp DAO

Apr 21, 2026 9:39 PM

Tags: apt, crypto, finance, group, hacker, korea, lazarus, north-korea, theft

North Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a decentralized finance (DeFi) protocol built on the Ethereum ecosystem that focuses on a concept called…
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

Apr 21, 2026 8:40 PM

Tags: attack, crypto, cybercrime, fraud, group, identity, phishing, technology

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

Apr 21, 2026 8:40 PM

Tags: attack, crypto, cybercrime, fraud, group, identity, phishing, technology

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

Apr 21, 2026 8:40 PM

Tags: attack, crypto, cybercrime, fraud, group, identity, phishing, technology

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology…