Tag: crypto
-
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
-
Internet Explorer may be dead, but its ghost still runs malware
A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
-
Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense personnel, and academic administrators. Despite using different themes and delivery methods, all campaigns follow a consistent attack chain:…
-
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, and in-memory shellcode execution to evade detection and maintain persistence across infected systems. The attack begins with a malicious executable that launches…
-
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor. First seen on hackread.com Jump to article: hackread.com/reaper-malware-fake-microsoft-domain-macos-passwords/
-
Gremlin Stealer Hides Payloads in .NET Resources to Evade Detection
A newly discovered variant of the Gremlin Stealer is raising concerns among security researchers by adopting stealth-focused techniques that significantly reduce its detection footprint. Gremlin Stealer is an information-stealing malware actively sold on Telegram. It targets a wide range of sensitive data from infected systems, including payment card details, browser cookies, session tokens, cryptocurrency wallets,…
-
Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
A new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 24 hours, highlights the growing risk posed by typosquatting attacks and reused open-source malware. The malicious…
-
Closing the Gap: The Regulatory and Structural Maturation of Digital Assets
Digital assets are reshaping global finance as institutions adopt regulated crypto infrastructure, stablecoins, and tokenized assets. First seen on hackread.com Jump to article: hackread.com/regulatory-structural-maturation-of-digital-assets/
-
Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases. First seen on hackread.com Jump to article: hackread.com/scammers-physical-phishing-letters-ledger-wallet-seed/
-
More than $10 million stolen from crypto platform THORChain
THORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million. First seen on therecord.media Jump to article: therecord.media/more-than-10-million-stolen-crypto-platform-thorchain
-
Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords. First seen on hackread.com Jump to article: hackread.com/fake-job-interview-jobstealer-malware-windows-macos/
-
Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords. First seen on hackread.com Jump to article: hackread.com/fake-job-interview-jobstealer-malware-windows-macos/
-
Cryptohack Roundup: Banking Trojan Targets Crypto Firms
Also: Indictments in Theft Case, KelpDAO Restarts Operations. This week, banking Trojan TCLBanker targeted crypto platforms, three people indicted in a violent digital assets-related robbery, Kelp DAO restarted services after the $292 million hack and the U.S. Department of the Treasury tightened oversight of Binance. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-banking-trojan-targets-crypto-firms-a-31683
-
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria.”TrickMo relies on a runtime-loaded APK (dex.module), First seen…
-
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly harder. At first glance, it appears legitimate, even displaying “1,000,000+ users” and strong ratings on the Chrome…
-
Nordkoreas Hacker-Offensive eskaliert: Shifty Corsair greift gezielt Entwickler und Krypto-Assets an
Da die Angreifer statische Schlüssel direkt in ihre Angriffsketten integrieren, reichen klassische SSH-Sicherheitsmechanismen laut BlueVoyant inzwischen nicht mehr aus. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/nordkoreas-hacker-offensive-eskaliert-shifty-corsair-greift-gezielt-entwickler-und-krypto-assets-an/a45077/
-
OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden. The archive contains a 130MB Rust executable padded with fake documentation to evade antivirus file-size scanning limits and many automated sandbox upload thresholds. The PE…
-
âš¡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago, the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like…
-
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-tclbanker-malware-self-spreads-over-whatsapp-and-outlook/
-
$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets
20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/07/crypto-theft-home-burglary-scheme/
-
Crypto gang member gets 6.5 years for role in $230 million heist
Tags: cryptoA 20-year-old California man was sentenced to 78 months in prison for serving as a home invader and money launderer in a criminal ring that stole over $250 million in cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/crypto-gang-member-gets-65-years-for-role-in-230-million-heist/
-
Malicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto Wallets
Malicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI and infrastructure libraries with a heavily protected infostealer payload, making it hard for developers and traditional security tools to spot. Packages IR.DantUI, IR.OscarUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core,…
-
Darkhub HackingHire Portal Promotes Crypto Fraud and Spyware Services
A newly identified dark web platform, Darkhub, is advertising a wide range of hacking-for-hire services, including account compromise, surveillance, and financial manipulation. The service, accessible via the Tor network, presents itself as a centralized hub for offensive cyber capabilities targeting both individuals and organizations. Many similar services historically function as advance-fee scams rather than delivering…
-
Masterclass Quantum: Hybrid Crypto Gains Ground for Security
Applied Quantum’s Kawin Boonyapredee, SpeQtral’s Cyril Tan on Hybrid Security. Hybrid cryptography is emerging as a practical path to quantum safety. Kawin Boonyapredee from Applied Quantum and Cyril Tan from SpeQtral said combining QKD and PQC builds resilience against future threats while balancing performance and security needs. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/masterclass-quantum-hybrid-crypto-gains-ground-for-security-a-31595
-
FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and… First seen on hackread.com Jump to article: hackread.com/femitbot-telegram-mini-apps-crypto-scam-android-malware/
-
Grinex Collapse Won’t Dent Russian Sanctions Busting
Cryptocurrency Exchange Traded A7A5 Token. Russian sanctions busters won’t be too fazed by the collapse of a cryptocurrency platform that facilitated billions of dollars’ worth of transactions and whose main attraction was a ruble-pegged stablecoin. Experts say transactions fueling Russia’s shadow economy and its war machine will persist. First seen on govinfosecurity.com Jump to article:…
-
Telegram Mini Apps Abused for Crypto Scams and Android Malware Delivery
What happened CTM360 researchers have uncovered a large-scale fraud operation using Telegram’s Mini App feature to run cryptocurrency scams, impersonate major brands, and distribute Android malware. The platform behind the operation, dubbed FEMITBOT based on a string found in API responses, uses Telegram bots and embedded Mini Apps to create convincing app-like experiences within the…The…
-
276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting Americans
In an unprecedented international law enforcement operation, authorities have dismantled at least nine overseas cryptocurrency scam centers, resulting in the arrest of 276 individuals. The coordinated effort, led by the FBI, Dubai Police, and the Chinese Ministry of Public Security, targeted transnational criminal networks running sophisticated >>pig butchering<< investment fraud schemes against American citizens. Threat…