Security News

The illicit market for crypto giveaway scams has expanded, offering various services to facilitate fraudulent activity. The proliferation of fake crypto giveaways can be attributed to the increased availability of tools for scammers, even those with limited technical skills.

Security researchers discovered a new malicious browser extension called Rilide, that targets Chromium-based products like Google Chrome, Brave, Opera, and Microsoft Edge. Researchers at Trustwave SpiderLabs found that Rilide mimicked benign Google Drive extensions to hide in plain sight while abusing built-in Chrome functionalities.

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro researchers Jaromir Horejsi and Joseph C. Chen said.

Google Cloud's recently acquired security outfit Mandiant has named a new nasty from North Korea: a cyber crime gang it calls APT43 and accuses of a five-year rampage. "Mandiant assesses with high confidence that APT43 is a moderately sophisticated cyber operator that supports the interests of the North Korean regime," states a report on the gang released on Wednesday.

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of global research and analysis team for APAC at Kaspersky, said.

A surge of trojanized Tor Browser installers targets Russians and Eastern Europeans with clipboard-hijacking malware that steals infected users' cryptocurrency transactions. While these malicious Tor installers target countries worldwide, Kaspersky says that most are targeting Russia and Eastern Europe.

A new variant of the BlackGuard stealer has been spotted in the wild, featuring new capabilities like USB propagation, persistence mechanisms, loading additional payloads in memory, and targeting additional crypto wallets. BlackGuard was first spotted by Zscaler in March 2022, who reported that the malware was sold to cyber criminals on Russian-speaking forums as a MaaS for $200/month or a lifetime price of $700. The new stealer appeared shortly after the original Raccoon Stealer MaaS operation shut down, enjoying good adoption rates while offering extensive app-targeting capabilities.

According to General Bytes, the outfit that sold the ATMs and had managed some of them with a cloud service, the attackers used an interface designed to upload videos to instead inject a malicious Java application, and then subverted ATM user privileges. "The entire team has been working around the clock to collect all data regarding the security breach and is continuously working to resolve all cases to help clients back online and continue to operate their ATMs as soon as possible," General Bytes explained in a statement.

According to the United States Securities and Exchange Commission, entities controlled by Sun sold crypto asset securities called Tronix and BitTorrent - but were not registered to do so. The SEC alleges it detected Sun "Fraudulently manipulating the secondary market for TRX through extensive wash trading, which involves the simultaneous or near-simultaneous purchase and sale of a security to make it appear actively traded without an actual change in beneficial ownership."

"The packages contained a PowerShell script that would execute upon installation and trigger a download of a 'second stage' payload, which could be remotely executed," JFrog researchers Natan Nehorai and Brian Moussalli said. While NuGet packages have been in the past found to contain vulnerabilities and be abused to propagate phishing links, the development marks the first-ever discovery of packages with malicious code.