Security News

Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack - an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea. The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime has called the seizure among the largest ever money seizures - and the largest-ever related to crypto - made by Norway.

A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021.

Having contacted Shams after reading his story in The Register, Hunter quickly learned that there are more victims out there. "Everything seemed to check out," Hunter told The Register.

Figure C. FTC: Crypto scams posted small numbers but lucrative in aggregate. In a June 2022 note, the U.S. Federal Trade Commission said that crypto is proving a lucrative scam channel, with more than 46,000 people reportedly having lost a total of over $1 billion in crypto to scams since 2021.

A new set of 16 malicious NPM packages are pretending to be internet speed testers but are, in reality, coinminers that hijack the compromised computer's resources to mine cryptocurrency for the threat actors. The packages were uploaded onto NPM, an online repository containing over 2.2 million open-source JavaScript packages shared among software developers to speed up the coding process.

Over 450 malicious PyPI python packages were found installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites. This discovery is a continuation of a campaign initially launched in November 2022, which initially started with only twenty-seven malicious PyPi packages, and now greatly expanding over the past few months.

The Lazarus Group, as the threat actor is typically referred to, has laundered about $100 million in stolen Bitcoin since October 2022 through a single crypto-mixing service called Sinbad. Lazarus behind major crypto heists. Last year, the U.S. Treasury's Office of Foreign Assets Control announced sanctions against the cryptocurrency mixing services Blender and Tornado Cash, which Lazarus had used to launder close to $500 million in illicitly obtained cryptocurrency.

A campaign operated by Russian threat actors uses fake job offers to target Eastern Europeans working in the cryptocurrency industry, aiming to infect them with a modified version of the Stealerium malware named 'Enigma. The attacks start with an email pretending to be a job offer with fake cryptocurrency interviews to lure their targets.

The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms suitable for systems at both ends of that spectrum - the very great and the very small. The lightweight cryptography algorithms for IoT need to be powerful enough to offer high security and efficient enough to do so with limited electronic resources.

Ahad Shams, the co-founder of Web3 metaverse gaming engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency - during a real world interaction. What made this case different is that the scammers stole the funds from a newly created Trust Wallet account when Shams and a Webaverse colleague met in the lobby of a Rome hotel.