Security News

The YouTube takeover replaced the legit account with regalia that faked that used by an investment management firm and filled with more crypto boosterism, namely a video that cut an old chat between Elon Musk and Twitter founder Jack Dorsey into a new and misleading narrative. We are aware of a breach of the Army's Twitter and YouTube accounts and an investigation is underway.

Investigators at a blockchain analysis outfit have linked the theft of $100 million in crypto assets last week to the notorious North Korean-based cybercrime group Lazarus. Blockchain startup Harmony announced June 23 that its Horizon Bridge - a cross-chain bridge service used to transfer assets between Harmony's blockchain and other blockchains - had been attacked and crypto assets like Ethereum, Wrapped Bitcoin, Binance Coin, and Tether stolen.

In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority has warned crypto cowboys they face a rough ride in the island nation. Singapore's sovereign wealth fund has invested in Mojaloop, and MAS chief fintech officer Sopnendu Mohanty serves as a board advisor and the authority provides representatives to the Foundation's working group, alongside folks from the Bill & Melinda Gates Foundation, Google, and more.

While tracking the mobile banking malware FluBot, the F5 Labs researchers discovered the new Malibot threat targeting Android phones. The second distribution channel is via smishing, directly hitting Android phones: Malibot has the ability to send SMS messages on-demand, and once it receives such a command it sends texts on a phone list provided by the Malibot command and control server.

A recently patched critical security flaw in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a crypto miner called z0miner on victim networks.

Cybersecurity researchers have discovered a new Android banking malware named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. MaliBot focuses on stealing financial information such as e-banking service credentials, crypto wallet passwords, and personal details, while it's also capable of snatching two-factor authentication codes from notifications.

MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. Anyone who gains access to a wallet's recovery phrase can import the wallet onto their own devices, allowing them to steal all the cryptocurrency and NFTS stored within it.

In a recent report, Confiant notes that the malicious cryptocurrency apps are identical to the real ones but they come with a backdoor that can steal the users' security phrase for accessing the digital assets. Confiant analysts reversed engineer the apps to figure out how SeaFlower authors had planted the backdoors and found similar code in all of them.

A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency. They also observed that there are several design similarities between Clipminer and KryptoCibule - another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. According to researchers from Symantec, a Broadcom company, Clipminer is based on the KryptoCibule malware.