Tag: crypto
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
Malicious npm Packages Target Crypto Developers to Steal Login Credentials
A sophisticated threat campaign dubbed >>Solana-Scan>cryptohan
-
Cryptoagility: the strategic pillar for digital resilience
Tags: compliance, crypto, cryptography, dora, finance, framework, google, infrastructure, PCI, regulation, resilience, risk, strategy, update, vulnerabilityA real case: the Chromecast incident: A real example I personally experienced made me appreciate this approach even more: on 9 March 2025, my second-generation Chromecast stopped working. It displayed the message “Untrusted device” when trying to cast, with no possibility of a solution. This problem was global, affecting users in several countries, and was…
-
Cryptomining group Kinsing expands operations to Russia, researchers warn
Russia-based cybersecurity firm F6 said the attacks began in April and infected devices with Kinsing and XMRig malware, tools commonly used to mine the cryptocurrency Monero. First seen on therecord.media Jump to article: therecord.media/cryptomining-group-kinsing-hits-russia
-
DoJ Seizes $2.8M in Crypto from Zeppelin Ransomware Group
The Department of Justice has announced a significant victory against cybercriminals, seizing over $2.8 million in cryptocurrency and additional assets from a Zeppelin ransomware operation. The coordinated law enforcement action targeted Ianis Aleksandrovich Antropenko, who faces federal charges for his role in deploying ransomware attacks against victims worldwide, including numerous American organizations and businesses. Major…
-
DOJ Seizes $2.8 Million, Indicts Alleged Zeppelin Ransomware Operator
U.S. authorities seized $2.8 million crypto and $70,000 from Ianis Aleksandrovich Antropenko, who they say used the Zeppelin ransomware to attack companies in the United States and elsewhere and then laundered the cryptocurrency used to pay the ransoms through a crypto mixer and by exchanging it for cash. First seen on securityboulevard.com Jump to article:…
-
Cryptojacking: Influencer bereichert sich an teuren Cloudressourcen
Tags: cryptoEin Krypto-Influencer wollte auf Youtube zeigen, wie man reich wird. Für seinen eigenen Geldsegen hat er jedoch zwei Cloudanbieter betrogen. First seen on golem.de Jump to article: www.golem.de/news/cryptojacking-influencer-bereichert-sich-an-teuren-cloudressourcen-2508-199269.html
-
DoJ seizes $2.8M linked to Zeppelin Ransomware
DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware. The U.S. Department of Justice (DoJ) seized more than $2.8 million in cryptocurrency from Ianis Aleksandrovich Antropenko. Antropenko was allegedly involved in now defunct Zeppelin ransomware operation (2019 2022), he also laundered proceeds via ChipMixer and structured […]…
-
Someone’s poking the bear with infostealers targeting Russian crypto developers
If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it First seen on theregister.com Jump to article: www.theregister.com/2025/08/18/solana_infostealer_npm_malware/
-
US govt seizes $1 million in crypto from BlackSuit ransomware gang
The U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from the BlackSuit ransomware gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-govt-seizes-1-million-in-crypto-from-blacksuit-ransomware-gang/
-
BlackSuit ransomware crew loses servers, domains, and $1m in global shakedown
US cops yank servers, domains, and crypto from the Russia-linked gang – but the crooks remain at large First seen on theregister.com Jump to article: www.theregister.com/2025/08/12/blacksuit_ransomware_crew_loses_servers/
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds
TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/embargo-ransomware-amasses-attack/
-
Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds
TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/embargo-ransomware-amasses-attack/
-
Ghanaian fraudsters arrested for BEC/Sakawa
In Nigeria, scammers who specialize in Romance Scams and BEC are called “Yahoo Boys.” In Ghana, the term for the same activity is “Sakawa.” Several Ghanaian headlines are talking about this case with headlines such as “Multimillion dollar Sakawa” or “Sakawa Chairman Busted” or “Sakawa Kingpin Bows to Extradition!” On 08AUG2025 the US Attorney’s office…
-
MedusaLocker ransomware group is looking for pentesters
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent…
-
Efimer Trojan Targets Crypto Wallets Using Phony Legal Notices and Booby-Trapped Torrents
The Efimer Trojan has emerged as a potent ClipBanker-type malware, primarily designed to steal cryptocurrency by intercepting and swapping wallet addresses in victims’ clipboards. First detected in October 2024, Efimer named after a comment in its decrypted script has evolved into a multifaceted threat, spreading via compromised WordPress sites, malicious torrents, and targeted email campaigns.…
-
Security Affairs newsletter Round 536 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Embargo Ransomware nets $34.2M in crypto since April 2024 Germany limits police spyware use to serious…
-
Embargo Ransomware nets $34.2M in crypto since April 2024
Embargo ransomware, likely a BlackCat/Alphv successor, has netted $34.2M in crypto since mid-2024, researchers say. The Embargo ransomware group has processed $34.2M in crypto since emerging in April 2024, researchers from Blockchain intelligence company TRM Labs report. >>TRM Labs has identified approximately USD 34.2 million in incoming transaction volume likely associated with the group, with…
-
Typosquatted PyPI Packages Used by Threat Actors to Steal Cryptocurrency from Bittensor Wallets
GitLab’s Vulnerability Research team has uncovered a highly sophisticated cryptocurrency theft campaign exploiting typosquatted Python packages on the Python Package Index (PyPI) to target the Bittensor decentralized AI network. The operation, detected through GitLab’s automated package monitoring system, involved the deployment of malicious packages mimicking legitimate Bittensor components, specifically designed to siphon funds from developers…
-
AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims
Cybersecurity researchers are drawing attention to a new campaign that’s using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign.The activity involves the creation of lookalike sites imitating Brazil’s State First seen on thehackernews.com…
-
Attackers Target the Foundations of Crypto: Smart Contracts
A whole criminal ecosystem revolves around scamming users out of their cryptocurrency assets, but malicious, or vulnerable, smart contracts could be used against businesses as well. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/attackers-target-crypto-smart-contracts
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users.The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively,…
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating…