Security News

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. In an email to BleepingComputer, MailChimp has confirmed that the breach was more significant than just Trezor's account being accessed by threat actors.

Members of the European Parliament from the Committee on Economic and Monetary Affairs and the Committee on Civil Liberties have agreed on adopting draft legislation for more transparent crypto asset transactions. The new rules will cover transactions from private-held cryptocurrency wallets without considering transaction thresholds, which erases any limits for anonymous transactions - previous proposal allowed up to €1000 to be transferred without giving any details about the sender and the recipient.

The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed to trigger the launch of the implant that can take control of the infected host.

Hackers associated with the North Korean government have been distributing a trojanized version of the DeFi Wallet for storing cryptocurrency assets to gain access to the systems of cryptocurrency users and investors. Researchers at cybersecurity company Kaspersky discovered recently a malicious variant of the DeFi Wallet app, which installed the legitimate application along with a backdoor disguised as the executable for the Google Chrome web browser.

A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history. Ronin is an Ethereum sidechain created by Sky Mavis to faciliate transactions for the Axie Infinity game, with the bridge acting as a way to transfer ERC-20 tokens between the Ethereum and Ronin blockchains.

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January last year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

The Satoshi Island we're talking about isn't a tale of fiction, but a real-life private island dedicated to the crypto community. Located in the tropical paradise of Vanuatu, between Australia and Fiji, the island is owned by Satoshi Island Holdings Ltd., which intends to turn it into "The crypto capital of the world"- a place where crypto enthusiasts and professionals can thrive.

As the war in Ukraine unfolded, one way of helping was to donate cryptocurrency which resulted in over $50 million in crypto donations. Cybercriminals were quick to move and take advantage of this lucrative situation and inattentive victims.

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. "This style of cyber-fraud, known as sha zhu pan - literally 'pig butchering plate' - is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week.

They're leveraging new iOS features - TestFlight and WebClips - to get fake apps onto victims' phones without being subject to the rigorous app store approval process. According to a Sophos report last fall, the attackers' M.O. is to begin there, then move the conversation to messaging apps.