Collecting Cyber-News from over 60 sources

Tag: crypto

North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

Apr 28, 2026 10:39 AM

Tags: ai, crypto, group, hacker, lazarus, north-korea, phishing, spear-phishing

Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bluenoroff-dprk-hackers-target/
Crypto-Targeting North Koreans Wield Fake Zoom Meetings

Apr 27, 2026 11:39 PM

Tags: crypto, hacker, macOS, north-korea, social-engineering, windows

Video of Industry Figures Harvested During Meetings and Used to Lure Future Victims. North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people…
Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns

Apr 27, 2026 10:39 PM

Tags: crypto, government, scam

State officials said they observed overseas criminals carrying out government impersonation or tech support cons, as well as romance and pig butchering scams using cryptocurrency ATMs. First seen on therecord.media Jump to article: therecord.media/tennessee-bans-cryptocurrency-atms-over-scams
Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns

Apr 27, 2026 10:39 PM

Tags: crypto, government, scam

State officials said they observed overseas criminals carrying out government impersonation or tech support cons, as well as romance and pig butchering scams using cryptocurrency ATMs. First seen on therecord.media Jump to article: therecord.media/tennessee-bans-cryptocurrency-atms-over-scams
Money launderer for crypto thieves given 5-year sentence

Apr 27, 2026 9:39 PM

Tags: crypto, cybercrime

A California man was sentenced to more than five years in prison for his role in supporting a cybercriminal organization that stole about $260 million worth of cryptocurrency from victims. First seen on therecord.media Jump to article: therecord.media/cryptocurrency-launderer-sentenced-californai
PyPI package with 1.1M monthly downloads hacked to push infostealer

Apr 27, 2026 6:39 PM

Tags: crypto, data, malicious, pypi

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pypi-package-with-11m-monthly-downloads-hacked-to-push-infostealer/
US Sanctions Target Cambodian Scam Network Leaders

Apr 27, 2026 5:39 PM

Tags: crypto, fraud, network, scam

US sanctions target Cambodian scam networks tied to crypto fraud and trafficking First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-sanctions-cambodian-scam-network/
Money launderer linked to $230M crypto heist gets 70 months in prison

Apr 27, 2026 3:39 PM

Tags: breach, crypto

22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive $230 million cryptocurrency heist. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/money-launderer-linked-to-230m-crypto-heist-gets-70-months-in-prison/
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

Apr 27, 2026 12:39 PM

Tags: attack, captcha, crypto

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data. First seen on hackread.com Jump to article: hackread.com/vidar-infostealer-fake-captchas-jpeg-txt-files/
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Apr 27, 2026 11:38 AM

Tags: captcha, crypto, cybersecurity, fraud, international, mobile, phone, scam, threat

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers.According to a new report published by Infoblox, the operation is believed…
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Apr 24, 2026 2:39 PM

Tags: apple, crypto, cybersecurity, kaspersky, malicious

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025.”Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions of…
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews

Apr 24, 2026 12:39 PM

Tags: ai, crypto, cyber, hacker, jobs, malware

Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Developers are invited to complete coding tests that require cloning and running seemingly legitimate repositories from platforms…
Warnung vor neuen Android-Trojanern: 800 Apps betroffen

Apr 24, 2026 5:39 AM

Tags: android, banking, crypto

Zimperium identifiziert vier neue Android-Banking-Trojaner. Über 800 Finanz- und Krypto-Apps weltweit sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-800-apps-betroffen
Cryptohack Roundup: US-Sanctioned Grinex Hacked

Apr 23, 2026 9:39 PM

Tags: crypto, exploit, finance, hacker, scam, theft, update

Also: Updates in KelpDAO, Drift, Hyperbridge Hacks. This week, Grinex was exploited, a hacker laundered KelpDAO funds, Circle was sued over $280M Drift hack, Rhea Finance and Volo Protocol were exploited, update in Hyperbridge hack, sentencing in art scam case, a French home invasion for crypto theft and eth.limo hijack thwarted. First seen on govinfosecurity.com…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Lazarus Lures Developers With Backdoored Coding Tests

Apr 23, 2026 11:39 AM

Tags: ai, crypto, cyber, data, group, hacker, korea, lazarus, malware, north-korea

North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations before pivoting fully to malware-driven theft. In just three months, the group exfiltrated data from…
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions

Apr 23, 2026 11:39 AM

Tags: crypto, cyber, infrastructure, international, north-korea, tactics, threat

North Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher ZachXBT, sheds light on the infrastructure and tactics behind this evolving campaign. ZachXBT identified the domain luckyguys[.]site as being…
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware

Apr 23, 2026 10:39 AM

Tags: crypto, cyber, hacker, macOS, malware

Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdings above 10,000 USD and using polished lures that closely mimic legitimate apps and workflows.…
KI-Agent betreibt im Modelltraining autonomes Krypto-Mining

Apr 23, 2026 10:39 AM

Tags: ai, crypto

Was auf den ersten Blick wie ein kurioser Einzelfall wirkt, legt ein strukturelles Problem offen. Der KI-Agent nutzte eine simple, aber wirkungsvolle Technik. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-agent-betreibt-im-modelltraining-autonomes-krypto-mining/a44727/
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Apr 23, 2026 12:39 AM

Tags: crypto, iran, scam

Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Apr 23, 2026 12:39 AM

Tags: crypto, iran, scam

Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage

Apr 23, 2026 12:39 AM

Tags: crypto, iran, scam

Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign

Apr 22, 2026 11:39 PM

Tags: attack, crypto, group, hacker, malware, north-korea

Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
North Korea Blamed for $290m KelpDAO Crypto Heist

Apr 22, 2026 5:39 PM

Tags: crypto, group, korea, lazarus, north-korea, theft

North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/
Malicious Google Ads Hit Crypto Users With Wallet Drainers

Apr 22, 2026 3:39 PM

Tags: crypto, cyber, defense, google, malicious

Malicious Google Ads are increasingly being used to steal cryptocurrency by draining wallets and harvesting seed phrases from unsuspecting users searching for legitimate DeFi apps and wallet services. Recent campaigns tracked by SEAL show a sustained, technically advanced operation that actively evades Google’s automated defenses while directly targeting both retail users and crypto organizations. In…
French Fintech Accounts Used to Launder Stolen Funds Before Detection

Apr 22, 2026 2:39 PM

Tags: access, breach, crypto, cyber, cybercrime, detection, finance, fintech

Cybercriminals are turning French freelancer fintech accounts into high-speed money laundering channels, moving stolen funds within minutes often before banks or victims realise anything is wrong. Fintech platforms like Revolut, Wise and N26 allow fast, remote account opening, light-touch digital KYC, and access to SEPA instant transfers, invoicing, cards, and sometimes crypto all packaged for…
26 gefälschte Krypto-Wallets im Apple App Store entdeckt

Apr 22, 2026 11:39 AM

Tags: apple, crypto, malware

Die unter dem Namen ‘FakeWallet” bekannte Malware nutzt raffinierte Täuschungen, um sowohl digitale als auch physische Wallets im Apple App Store zu plündern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apple-app-store-gefaelschte-wallets