Tag: crypto
-
Someone’s poking the bear with infostealers targeting Russian crypto developers
If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it First seen on theregister.com Jump to article: www.theregister.com/2025/08/18/solana_infostealer_npm_malware/
-
US govt seizes $1 million in crypto from BlackSuit ransomware gang
The U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from the BlackSuit ransomware gang. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-govt-seizes-1-million-in-crypto-from-blacksuit-ransomware-gang/
-
BlackSuit ransomware crew loses servers, domains, and $1m in global shakedown
US cops yank servers, domains, and crypto from the Russia-linked gang – but the crooks remain at large First seen on theregister.com Jump to article: www.theregister.com/2025/08/12/blacksuit_ransomware_crew_loses_servers/
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds
TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/embargo-ransomware-amasses-attack/
-
Embargo Ransomware Gang Amasses $34.2m in Attack Proceeds
TRM Labs observed crypto payments worth $34.2m moved from victims addresses to a range of destinations likely associated with the group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/embargo-ransomware-amasses-attack/
-
Ghanaian fraudsters arrested for BEC/Sakawa
In Nigeria, scammers who specialize in Romance Scams and BEC are called “Yahoo Boys.” In Ghana, the term for the same activity is “Sakawa.” Several Ghanaian headlines are talking about this case with headlines such as “Multimillion dollar Sakawa” or “Sakawa Chairman Busted” or “Sakawa Kingpin Bows to Extradition!” On 08AUG2025 the US Attorney’s office…
-
MedusaLocker ransomware group is looking for pentesters
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent…
-
Efimer Trojan Targets Crypto Wallets Using Phony Legal Notices and Booby-Trapped Torrents
The Efimer Trojan has emerged as a potent ClipBanker-type malware, primarily designed to steal cryptocurrency by intercepting and swapping wallet addresses in victims’ clipboards. First detected in October 2024, Efimer named after a comment in its decrypted script has evolved into a multifaceted threat, spreading via compromised WordPress sites, malicious torrents, and targeted email campaigns.…
-
Security Affairs newsletter Round 536 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Embargo Ransomware nets $34.2M in crypto since April 2024 Germany limits police spyware use to serious…
-
Embargo Ransomware nets $34.2M in crypto since April 2024
Embargo ransomware, likely a BlackCat/Alphv successor, has netted $34.2M in crypto since mid-2024, researchers say. The Embargo ransomware group has processed $34.2M in crypto since emerging in April 2024, researchers from Blockchain intelligence company TRM Labs report. >>TRM Labs has identified approximately USD 34.2 million in incoming transaction volume likely associated with the group, with…
-
Typosquatted PyPI Packages Used by Threat Actors to Steal Cryptocurrency from Bittensor Wallets
GitLab’s Vulnerability Research team has uncovered a highly sophisticated cryptocurrency theft campaign exploiting typosquatted Python packages on the Python Package Index (PyPI) to target the Bittensor decentralized AI network. The operation, detected through GitLab’s automated package monitoring system, involved the deployment of malicious packages mimicking legitimate Bittensor components, specifically designed to siphon funds from developers…
-
AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims
Cybersecurity researchers are drawing attention to a new campaign that’s using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivated campaign.The activity involves the creation of lookalike sites imitating Brazil’s State First seen on thehackernews.com…
-
Attackers Target the Foundations of Crypto: Smart Contracts
A whole criminal ecosystem revolves around scamming users out of their cryptocurrency assets, but malicious, or vulnerable, smart contracts could be used against businesses as well. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/attackers-target-crypto-smart-contracts
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating…
-
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called “GreedyBear” has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security. First seen on hackread.com Jump to article: hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
-
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users.The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively,…
-
GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets.The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said.What makes the First…
-
6.8M WhatsApp Accounts Shut Down in Meta’s Fight Against Scam Networks
Scam groups use fake investments, crypto fraud, and social media manipulation to deceive victims across platforms like WhatsApp, Telegram, and TikTok. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-scams-meta/
-
BlackSuit, Royal ransomware group hit over 450 US victims before last month’s takedown
The Department of Homeland Security said the Russian cybercrime collective received at least $370 million in ransom payments, based on current cryptocurrency valuations. First seen on cyberscoop.com Jump to article: cyberscoop.com/blacksuit-royal-ransomware-450-us-victims/
-
Cryptohack Roundup: Verdict in Tornado Cash Founder’s Case
Also: Samourai Wallet Co-Founders’ Guilty Plea, Coinbase Loss From Data Theft. This week, Tornado Cash co-founder convicted, Samourai Wallet guilty plea, Coinbase insider data theft, a U.S. court overturned an OpenSea executive’s fraud conviction, AI-written malware stole crypto, Credix exploit, CZ sought dismissal of FTX claim, July hacks and a FinCEN crypto ATM warning. First…
-
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed ‘GreedyBear’ has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-extensions-hits-firefox-add-on-store/
-
Cryptomixer founders pled guilty to laundering money for cybercriminals
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samourai-cryptomixer-founders-pled-guilty-to-laundering-money-for-cybercriminals/
-
Cryptomixer founders pled guilty to laundering money for cybercriminals
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samourai-cryptomixer-founders-pled-guilty-to-laundering-money-for-cybercriminals/