Tag: crypto
-
SparkKitty Swipes Pics From iOS, Android Devices
Like its predecessor, SparkCat, the new malware appears to be going after sensitive data, such as seed phrases for cryptocurrency wallets, in device photo galleries. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/sparkkitty-swipes-pics-ios-android-devices
-
Crypto heist nabs over $43K from CoinMarketCap users
Tags: cryptoFirst seen on scworld.com Jump to article: www.scworld.com/brief/crypto-heist-nabs-over-43k-from-coinmarketcap-users
-
Malware on Google Play, Apple App Store stole your photos”, and crypto
A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-on-google-play-app-store-stole-your-photos-and-crypto/
-
Telegram Purged Chinese Crypto Scam Markets”, Then Watched as They Rebuilt
Last month, Telegram banned black markets that sold tens of billions of dollars in crypto scam-related services. Now, as those markets rebrand and bounce back, it’s done nothing to stop them. First seen on wired.com Jump to article: www.wired.com/story/telegram-purged-chinese-crypto-scam-markets-then-let-them-rebuild/
-
SparkKitty Targets iOS and Android Devices via App Store and Google Play Attacks
A sophisticated spyware campaign, dubbed SparkKitty, has emerged as a significant threat to both iOS and Android users, infiltrating even the official app stores like Google Play and the App Store. First detected in connection with the earlier SparkCat campaign from January 2025, which targeted crypto wallet seed phrases, SparkKitty has since evolved into a…
-
Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist
The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/attackers-docker-apis-tor-anonymity-crypto-heist
-
CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets
The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/coinmarketcap-cointelegraph-compromised-to-serve-pop-ups-to-drain-crypto-wallets/
-
Fake Minecraft Mods on GitHub Found Stealing Player Data
Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn. First seen on hackread.com Jump to article: hackread.com/fake-minecraft-mods-github-found-stealing-player-data/
-
CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call
CoinMarketCap, the globally recognized cryptocurrency data aggregator, experienced a significant security incident when a vulnerability in its homepage doodle image was exploited to inject malicious code, leading to a phishing campaign targeting user wallets. Incident Overview The breach originated from a seemingly innocuous doodle image featured on CoinMarketCap’s homepage. Threat actors manipulated the backend API…
-
North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft
The post North Korean BlueNoroff Uses Deepfakes in Zoom Scams to Install macOS Malware for Crypto Theft appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-bluenoroff-uses-deepfakes-in-zoom-scams-to-install-macos-malware-for-crypto-theft/
-
CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup
CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors’ crypto. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup/
-
Scammers Use Inferno Drainer to Steal $43K from CoinMarketCap Users
Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end. First seen on hackread.com Jump to article: hackread.com/scammers-inferno-drainer-crypto-coinmarketcap-users/
-
Godfather Android trojan uses virtualization to hijack banking and crypto apps
Godfather Android trojan uses virtualization to hijack banking and crypto apps, stealing user funds, warns mobile security firm Zimperium. Zimperium zLabs has uncovered a major evolution of the GodFather Android trojan, which uses on-device virtualization to hijack real banking and crypto apps. Instead of using fake overlays, the malware creates a sandbox on the victim’s…
-
Over $225M nabbed in US’s largest crypto scam seizure yet
First seen on scworld.com Jump to article: www.scworld.com/brief/over-225m-nabbed-in-uss-largest-crypto-scam-seizure-yet
-
Prometei Botnet Targets Linux Servers for Cryptocurrency Mining Operations
Unit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since evolved, with its Linux variant gaining prominence since December 2020. Resurgence of a Persistent Threat…
-
US Pig Butchering Victims ‘Will’ Get Refunds, Feds Seize $225M Cryptocurrency
DoJ, FBI, USSS yoinked USDT: Pretty girls plus investment fraud equals forfeiture recovery (eventually). First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/pig-butchering-225m-seized-richixbw/
-
BitoPro exchange links Lazarus hackers to $11 million crypto heist
The Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitopro-exchange-links-lazarus-hackers-to-11-million-crypto-heist/
-
Iran’s government says it shut down internet to protect against cyberattacks
The government cited the recent hacks on Bank Sepah and cryptocurrency exchange Nobite as reasons to shut down internet access to virtually all Iranians. First seen on techcrunch.com Jump to article: techcrunch.com/2025/06/20/irans-government-says-it-shut-down-internet-to-protect-against-cyberattacks/
-
Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
Iran’s state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports.It’s currently not known who is behind the attack, although Iran pointed fingers at Israel, per Iran International.”If you experience disruptions or irrelevant messages while watching various TV First…
-
Per Virtualisierung: Gefährliche Android-Malware stiehlt Daten aus Banking-Apps
Eine Malware namens Godfather hat es auf fast 500 verschiedene Banking- und Krypto-Apps abgesehen. Virtualisierung sorgt für die perfekte Tarnung. First seen on golem.de Jump to article: www.golem.de/news/per-virtualisierung-gefaehrliche-android-malware-stiehlt-daten-aus-banking-apps-2506-197317.html
-
GodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking Apps
Zimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that merely mimic login screens, this malware creates a fully isolated virtual environment on the victim’s device, enabling attackers to monitor and…
-
Nach Krypto-Scam: US-Polizei knackt Bitcoin-Automaten mit Trennschleifer
Eine Familie aus dem US-Bundesstaat Texas hat Bitcoin im Wert von 25.000 US-Dollar an Betrüger übermittelt. Die Reaktion der Polizei wirft Fragen auf. First seen on golem.de Jump to article: www.golem.de/news/nach-krypto-scam-us-polizei-knackt-bitcoin-automaten-mit-trennschleifer-2506-197309.html
-
How Financial Institutions Can Meet DORA Compliance with Crypto-Agility
Today’s financial systems are highly digital and deeply interconnected. That’s great until something breaks. Whether it’s ransomware paralyzing critical services or cryptographic vulnerabilities quietly eroding trust, disruptions are no longer rare”, they’re systemic. The Modern Heist Bank Report 2025 shows just how serious it’s become: 64% of surveyed financial institutions reported cyber incidents in the…
-
North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links
The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google Meet invitations to deliver a barrage of malicious payloads, specifically designed for macOS systems. The…
-
Cryptohack Roundup: $100 Million Iranian Cryptocurrency Hack
Also: Gotbit CEO Sentencing, US Authorities Seize $225M Tied to Scams. This week, $100 million Nobitex hack, Gotbit CEO sentenced, support for Roman Storm, Trump’s crypto earnings, North Korea’s Codebase infiltration, Haru Invest CEO acquitted, $225 million scam funds seized and New York disrupted a $1 million scam. First seen on govinfosecurity.com Jump to article:…
-
DOJ moves to seize $225 million in crypto stolen by scammers
A civil forfeiture complaint was filed in U.S. District Court for the District of Columbia this week, where investigators from the FBI and U.S. Secret Service said they used blockchain analysis to trace the funds back to fraud schemes perpetrated by actors in the Philippines. First seen on therecord.media Jump to article: therecord.media/doj-moves-to-seize-225-million-in-stolen-crypto
-
US recovers $225 million of crypto stolen in investment scams
The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/us-recovers-225-million-of-crypto-stolen-in-investment-scams/
-
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto
Python RAT PylangGhost, linked to Famous Chollima, targeted crypto professionals via fake job sites First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-hackers-python-trojan/
-
Israel-tied Predatory Sparrow hackers are waging cyberwar on Iran’s financial system
The hacker group has destroyed more than $90 million held at an Iranian crypto exchange. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2025/06/israel-tied-predatory-sparrow-hackers-are-waging-cyberwar-on-irans-financial-system/
-
DuckDuckGo beefs up scam defense to block fake stores, crypto sites
The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and “scareware” sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/duckduckgo-beefs-up-scam-defense-to-block-fake-stores-crypto-sites/