Tag: crypto
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/
-
South Korean Tax Agency Leak Leads to $4.8M Crypto Theft
A South Korean tax agency press release exposed a seized wallet’s seed phrase, enabling a $4.8 million cryptocurrency theft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/south-korean-tax-agency-leak-leads-to-4-8m-crypto-theft/
-
Chrome Extension Hijacked to Push ClickFix Malware
A trusted Chrome extension was hijacked to strip browser protections, deploy ClickFix malware, and steal cryptocurrency and user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/chrome-extension-hijacked-to-push-clickfix-malware/
-
Seed Phrase geleakt: Behördenpanne führt zu millionenschwerem Krypto-Diebstahl
Krypto-Anleger wissen, wie wichtig es ist, eine Seed Phrase sicher und geheim zu bewahren. Steuerfahnder aus Südkorea aber offenkundig nicht. First seen on golem.de Jump to article: www.golem.de/news/seed-phrase-geleakt-behoerdenpanne-fuehrt-zu-millionenschwerem-krypto-diebstahl-2603-205980.html
-
QuickLens Chrome extension steals crypto, shows ClickFix attack
A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
-
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
South Korea’s National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
-
Double whammy: Steaelite RAT bundles data theft, ransomware in one evil tool
Credential and cryptocurrency theft, live surveillance, ransomware – an attacker’s Swiss Army knife First seen on theregister.com Jump to article: www.theregister.com/2026/02/27/double_extortion_whammy_steaelite_rat/
-
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering.The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added.”Criminal First…
-
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password First seen on thehackernews.com Jump to article:…
-
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor in Developer Environments
Malicious actors are abusing Go’s open-source ecosystem by deploying a backdoored crypto module that steals passwords and installs a Rekoobe Linux backdoor on developer and CI environments. The package imitates Go’s trusted cryptography library to turn ordinary password prompts into a full compromise chain quietly. On pkg.go.dev it appears as a normal cryptography library with…
-
Malicious Ads Bypass Google Ads Screening via New Campaign Platform Exploit
A sophisticated cloaking platform called 1Campaign, designed to help attackers run malicious Google Ads campaigns while evading detection. The service acts as a full”‘service infrastructure for malvertising, filtering out researchers and automated scanners to keep phishing and cryptocurrency drainer sites online for extended periods. Operated by a developer using the alias DuppyMeister, 1Campaign has been…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Airline brands become launchpads for phishing, crypto fraud
Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/airline-phishing-campaigns-crypto-fraud/
-
Crypto platform Step Finance shutting down after $40 million theft
The decentralized finance platform Step Finance said the theft of $40 million from its treasury in late January led the company to decide to wind down operations. First seen on therecord.media Jump to article: therecord.media/step-finance-cryptocurrency-theft-shutdown
-
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. First seen on hackread.com Jump to article: hackread.com/zerodayrat-malware-monitoring-android-ios-devices/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts.”Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim First seen on thehackernews.com Jump…
-
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code…
-
Why crypto agility is key to quantum readiness
With quantum computing threatening current encryption standards, experts call for organisations to achieve crypto agility by managing the lifecycle of certificates and cryptographic keys through automation First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639320/Why-crypto-agility-is-key-to-quantum-readiness
-
DPRK-Linked Hackers Continue Aggressive Crypto Attacks One Year After Bybit Breach
DPRK-linked operators are maintaining a relentless focus on the crypto sector, with activity accelerating rather than slowing in the year since the record-breaking Bybit breach. On 21 February 2025, threat actors linked to North Korea stole around 1.46 billion dollars in cryptoassets from Dubai-based exchange Bybit, in what remains the largest confirmed crypto theft to date. By…
-
New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Infostealer
Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-crypto-wallets-browsers-infostealer/
-
Scammers Use Fake Gemini AI Chatbot for Crypto Scam
Scammers used a fake Gemini AI chatbot to promote a bogus Google Coin presale, signaling a rise in AI-driven crypto impersonation fraud. The post Scammers Use Fake Gemini AI Chatbot for Crypto Scam appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-scammers-use-fake-gemini-ai-chatbot-crypto-scam/
-
Don’t trust TrustConnect: This fake remote support tool only helps hackers
Attackers use a dual-purpose website: The TrustConnect website has realistic marketing language, feature descriptions, and documentation that serves both as a public-facing front to promote the software and as a backend portal for customers who purchase access to the tool’s malicious services.”Cybercriminals are instructed to sign up for a ‘free trial,’ instructed on how to…
-
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets/
-
10 Passwordless-Optionen für Unternehmen
Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme, obwohl sie sich immer wieder aufs Neue als anfällig für diverse Cyberangriffsformen erwiesen haben und kompromittierte Benutzerkonten auf regelmäßiger Basis zum Einfallstor für kriminelle Hacker werden. Ein Mittel für CISOs, um diesem Problem…
-
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
Tags: ai, blockchain, crypto, cyber, exploit, framework, intelligence, open-source, openai, vulnerabilityOpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability of AI to successfully read, write, and audit code is becoming a critical component of…
-
OpenAI Launches EVMbench: A New Framework to Detect and Exploit Blockchain Vulnerabilities
Tags: ai, blockchain, crypto, cyber, exploit, framework, intelligence, open-source, openai, vulnerabilityOpenAI has collaborated with crypto investment firm Paradigm to release EVMbench, a new benchmark designed to evaluate how artificial intelligence agents interact with smart contract security. As smart contracts currently secure over $100 billion in open-source crypto assets, the ability of AI to successfully read, write, and audit code is becoming a critical component of…