Tag: crypto
-
FBI Warns of Filipino Tech Company Running Sprawling Crypto Scams
The US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/fbi-warns-tech-company-crypto-scams
-
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to a detailed report from AhnLab SEcurity intelligence Center (ASEC), the attackers, active since 2022, are using the notorious Gh0st RAT (Remote Access Trojan) to seize control of…
-
US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams, causing $200M in U.S. victim losses. A romance scam…
-
FBI Flags Philippines Tech Company Behind Crypto Scam Infrastructure
The FBI provided details of Funnull’s malicious activities, selling infrastructure to criminal groups to facilitate cryptocurrency fraud in the US First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-philippines-crypto-scam/
-
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses.The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in First seen…
-
Securing Windows 11 and Server 2025: What CISOs should know about the latest updates
Susan Bradley / CSOYou can prevent Recall use by turning off the saving of snapshots and also disabling Click to Do. Alternatively, if you want to enable the service, I recommend setting a list of applications that you want filtered as well as excluding a list of URLs.In addition, you can set policies for Copilot.…
-
Treasury sanctions crypto scam facilitator that allegedly stole $200M from US victims
The Philippines-based company Funnull operated a large cybercrime platform encompassing more than 332,000 domains, the FBI said. First seen on cyberscoop.com Jump to article: cyberscoop.com/funnull-cryptocurrency-scam-sanctions/
-
Crypto heist pilfers over $12M from Cork Protocol
Tags: cryptoFirst seen on scworld.com Jump to article: www.scworld.com/brief/crypto-heist-pilfers-over-12m-from-cork-protocol
-
US government sanctions tech company involved in cyber scams
The Treasury said FUNNULL was involved in providing infrastructure for pig butchering crypto scams. First seen on techcrunch.com Jump to article: techcrunch.com/2025/05/29/us-government-sanctions-tech-company-involved-in-cyber-scams/
-
Cryptohack Roundup: $223M Cetus Exploit
Also: Mango Markets Hacker’s Convictions Overturned, Coinbase Lawsuit. This week, $223M Cetus Protocol hack, U.S. judge overturned Mango Markets hacker convictions, class action lawsuit against Coinbase, Cork Protocol’s $12M exploit, fake software sites spread crypto-stealing malware, a violent crypto-linked kidnapping and civil proceedings against the ex-ACX exec. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-223m-cetus-exploit-a-28538
-
Krypto-Börse gehackt, mehr als $ 200 Millionen gestohlen?
Tags: cryptoSui DEX Cetus hit by suspected hack: Over $200M in potential losses First seen on cointelegraph.com Jump to article: cointelegraph.com/news/cetus-dex-sui-exploit-200m-loss
-
More than $12 million stolen from crypto platform Cork Protocol
Decentralized finance platform Cork Protocol paused trading and launched an investigation after millions of dollars’ worth of Ethereum were lost in a “security incident.” First seen on therecord.media Jump to article: therecord.media/cork-protocol-defi-12million-crypto-theft
-
Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands
The Zanubis Android banking Trojan has evolved into a highly sophisticated threat, initially targeting financial institutions in Peru before expanding its scope to virtual cards and cryptocurrency wallets. This malware, known for impersonating legitimate Peruvian Android apps, tricks users into granting accessibility permissions, thereby enabling extensive data theft and remote control capabilities. Evolution of a…
-
Dark Partners cybercrime gang fuels large-scale crypto heists
A sprawling network of fake AI, VPN, and crypto software download sites is being used by the “Dark Partner” threat actors to conduct a crypto theft attacks worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dark-partners-cybercrime-gang-fuels-large-scale-crypto-heists/
-
New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.”Rather than scanning the internet, the malware retrieves a list of targets…
-
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in…
-
Cybercriminals Clone Antivirus Site to Spread Venom RAT and Steal Crypto Wallets
Tags: access, antivirus, credentials, crypto, cybercrime, cybersecurity, finance, malicious, rat, softwareCybersecurity researchers have disclosed a new malicious campaign that uses a fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT.The campaign indicates a “clear intent to target individuals for financial gain by compromising their credentials, crypto wallets, and potentially selling access to their systems,” the…
-
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet.The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and rope them into an ever-growing horde of mining bots.Kaspersky said it…
-
Hackers Exploit Craft CMS Vulnerability to Inject Cryptocurrency Miner Malware
Threat actors have exploited a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32432, in the Craft Content Management System (CMS). Discovered by Orange Cyberdefense in mid-February 2025 and publicly disclosed on April 25, 2025, this flaw carries a maximum CVSS score of 10 due to its unauthenticated nature. Affecting Craft CMS versions from 3.0.0-RC1…
-
AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report
Tags: ai, api, attack, authentication, awareness, breach, cloud, compliance, computing, control, crypto, cryptography, data, encryption, guide, malicious, malware, mfa, nist, passkey, phishing, privacy, programming, ransomware, regulation, risk, software, strategy, threat, tool, vulnerabilityAI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report madhav Tue, 05/27/2025 – 04:40 The Thales 2025 Data Threat Report reveals a critical inflection point in global cybersecurity. As the threat landscape grows more complex and hostile, the rapid adoption of generative AI is amplifying both opportunity and…
-
Crooks stole over $200 million from crypto exchange Cetus Protocol
Cetus Protocol reported a $223 million crypto theft and is offering to drop legal action if the stolen funds are returned. Last week, threat actors stole about $223 million from decentralized crypto exchange Cetus. The platform was paused during the investigation and later confirmed the cyber heist. The company confirmed that it has successfully paused…
-
SilverRAT Source Code Leaked Online: Here’s What You Need to Know
SilverRAT Source Code leaked on GitHub, exposing powerful malware tools for remote access, password theft, and crypto attacks before removal. First seen on hackread.com Jump to article: hackread.com/silverrat-source-code-leaked-online-you-need-to-know/
-
Hackers Reportedly Selling Over 500 Stolen Crypto Databases on Dark-Web Forums
A hackers has made news by allegedly selling a ZIP archive containing more than 500 compromised databases, which seems to be a serious blow to the cybersecurity of several cryptocurrency companies. This clandestine operation, taking place on dark-web forums, showcases the growing threat landscape within the crypto space where cybercriminals are increasingly targeting valuable digital…
-
Katz Stealer Targets Chrome, Edge, Brave, and Firefox to Steal Login Credentials
Katz Stealer has emerged as a potent credential-stealing malware-as-a-service, targeting popular web browsers such as Chrome, Edge, Brave, and Firefox. This multi-feature stealer conducts extensive system reconnaissance and data theft by extracting saved passwords, cookies, and session tokens from these browsers. Beyond browsers, it also compromises cryptocurrency wallets, communication platforms like Discord and Telegram, email…
-
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint.The packages, published under three different accounts, come with an install”‘time script that’s triggered during npm install, Socket security researcher Kirill Boychenko said in a…
-
Crypto Drainers are Targeting Cryptocurrency Users
Some key recommendations for protecting crypto wallets include: 1. Enable multifactor authentication (2FA or MFA) when available on your wallets 2. Use hardware wallets or cold wallets for maximum security 3. Don’t be phished or socially engineered! Never click a questionable link, install untrusted software, or provide your private keys! 4. Avoid browser extensions! They can…
-
Almost $223M pilfered in Cetus crypto heist
Tags: cryptoFirst seen on scworld.com Jump to article: www.scworld.com/brief/almost-223m-pilfered-in-cetus-crypto-heist