Tag: crypto
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads
Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerabilityFinancial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
-
Hackers Hijack 18 Popular npm Packages Downloaded Over 2 Billion Times Weekly
Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers. Early on September 8th, a security feed flagged the sudden update of 18 npm packages”, including favorites like chalk, debug, chalk-template, and supports-color”, with malicious code, as per a report by Aikio.…
-
Hackers Hijack 18 Popular npm Packages Downloaded Over 2 Billion Times Weekly
Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers. Early on September 8th, a security feed flagged the sudden update of 18 npm packages”, including favorites like chalk, debug, chalk-template, and supports-color”, with malicious code, as per a report by Aikio.…
-
Hackers Hijack 18 Popular npm Packages Downloaded Over 2 Billion Times Weekly
Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers. Early on September 8th, a security feed flagged the sudden update of 18 npm packages”, including favorites like chalk, debug, chalk-template, and supports-color”, with malicious code, as per a report by Aikio.…
-
NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages
A sophisticated npm supply chain attack compromised popular packages First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/npm-supply-chain-attack-sophisticated-multi-chain-cryptocurrency-drainer-infiltrates-popular-packages/
-
NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages
A sophisticated npm supply chain attack compromised popular packages First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/npm-supply-chain-attack-sophisticated-multi-chain-cryptocurrency-drainer-infiltrates-popular-packages/
-
Dev snared in crypto phishing net, 18 npm packages compromised
Popular npm packages debug, chalk, and others hijacked in massive supply chain attack First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/dev_falls_for_phishing_email/
-
Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,… First seen on hackread.com Jump to article: hackread.com/lazarus-group-malware-clickfix-scam-fake-job-interview/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Operation HanKook Phantom: North Korean APT37 targeting South Korea Three Lazarus RATs coming for your cheese Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide Android Droppers: The Silent…
-
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers.”The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor,” Socket researcher First…
-
Vorladung wegen Geldwäsche: Wenn Krypto-Opfer plötzlich als Täter gelten
Tags: cryptoOpfer von Kryptobetrug? Hier ist Vorsicht geboten, denn eine Vorladung wegen Geldwäsche (§ 261 StGB) kann selbst Unschuldige treffen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/online-betrug/vorladung-wegen-geldwaesche-wenn-krypto-opfer-ploetzlich-als-taeter-gelten-320412.html
-
DOJ Moves to Seize $848K in Tether Linked to Crypto Confidence Scams
The U.S. Department of Justice has initiated a civil forfeiture action targeting $848,247 in Tether (USDT), suspected to be proceeds from elaborate confidence scams that defrauded victims across several states. The funds, laundered through a complex network of cryptocurrency wallets, are believed to be tied to schemes operating between September 2022 and February 2025. First…
-
DOJ Moves to Seize $848K in Tether Linked to Crypto Confidence Scams
The U.S. Department of Justice has initiated a civil forfeiture action targeting $848,247 in Tether (USDT), suspected to be proceeds from elaborate confidence scams that defrauded victims across several states. The funds, laundered through a complex network of cryptocurrency wallets, are believed to be tied to schemes operating between September 2022 and February 2025. First…
-
New Malware Exploits Windows Character Map to Evade Defender and Mine Crypto
A sophisticated cryptojacking campaign that hijacks Windows’ native Character Map utility (“charmap.exe”) to evade Windows Defender and covertly mine cryptocurrency on compromised machines. First detected in late August 2025, this attack exploits legitimate system binaries to load a custom cryptomining payload directly into memory, thwarting traditional antivirus signatures and curtailing forensic artifacts. Security researchers have…
-
Cryptohack Roundup: El Salvador Splits Bitcoin Reserve
Also: PowerShell-Based Cryptojacking Attack, a Malvertising Campaign. This week, El Salvador split its bitcoin reserve, an Indian court jailed cops for crypto kidnapping, a PowerShell-based cryptojacking attack, a malvertising campaign targeted Android users, a Venus Protocol hack, malware hid in npm packages using smart contracts for evasion and Bunni DEX exploit. First seen on govinfosecurity.com…
-
Malicious npm packages use Ethereum blockchain for malware delivery
Tags: attack, blockchain, crypto, github, infrastructure, malicious, malware, open-source, software, supply-chaincolortoolsv2 and mimelib2 that used Ethereum smart contracts for malware delivery in July. But not much effort was put into making those packages look legitimate and attractive for developers to include in their projects, which is usually the goal of supply chain attacks with rogue npm packages.The colortoolsv2 package, and the mimelib2 one that later…
-
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.”The two npm packages abused…
-
TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows
A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation, USB propagation, and deceptive shortcut files. The malware, which serves as a delivery mechanism for…
-
Grade School Crypto Videos
This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The videos illustrate encryption, decryption, ciphers, keys, algorithms, code cracking, cryptanalysis, and letter frequency analysis. Full disclosure: I produced these videos over a decade ago. Now they are hosted directly on this web site. The technical details in the videos……
-
Quantum Is Closer Than You Think”, So Why Are You Still Encrypting Like It’s 2015?
Tags: access, ai, business, cloud, communications, compliance, computer, computing, container, crypto, cryptography, data, defense, encryption, endpoint, exploit, government, guide, Hardware, infrastructure, network, nist, privacy, regulation, resilience, risk, risk-assessment, service, software, strategy, technology, threat, tool, update, vulnerabilityQuantum Is Closer Than You Think”, So Why Are You Still Encrypting Like It’s 2015? madhav Tue, 09/02/2025 – 05:43 Not long ago, the idea that quantum computers could one day break today’s strongest encryption felt like science fiction. Today, it’s no longer about if”, but when. While real-world demonstrations of quantum algorithms like Shor’s…
-
Malicious npm Package Masquerades as Popular Email Library
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-npm-package-email-library/
-
Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans
Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three distinct remote access trojans (RATs)”, PondRAT, ThemeForestRAT and RemotePE”, to infiltrate and control compromised systems. In a 2024 incident response…
-
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347 First seen…
-
Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks
The post Lazarus Subgroup Deploys Three Custom RATs in Targeted Crypto Attacks appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-subgroup-deploys-three-custom-rats-in-targeted-crypto-attacks/
-
Crooks exploit Meta malvertising to target Android users with Brokewell
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. >>Bitdefender researchers recently uncovered a wave of malicious ads on Facebook…
-
Law Enforcement Operation Seizes Fake ID Platform VerifTools
FBI Seizes Domains; Dutch Police Analyzing Seized Data to Identify Admin and Users. An international law enforcement operation involving the FBI and Dutch police has shuttered VerifTools, a key platform for generating fake identification documents cops have tied to multiple help desk fraud, cryptocurrency theft and other cybercrime cases. First seen on govinfosecurity.com Jump to…
-
Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team identified the malicious package, nodejs-smtp, which impersonates the legitimate Nodemailer library that averages approximately 3.9 million weekly downloads. The fraudulent package employs a clever…