Security News

From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors - often with dubious understanding of how they really work - have become prime targets for crypto scammers. North Korean-backed cybercrime groups, including APT 38/Lazarus Group, have turned their talents and resources exclusively toward ripping off crypto markets, according to a new report from Chainalysis.

The North Korean threat actor group known as 'BlueNoroff' has been spotted targeting cryptocurrency startups with malicious documents and fake MetaMask browser extensions. BlueNoroff uses these real discussions to name laced documents accordingly and send them to the target employee at the right time.

Arbix Finance, an audited and supposedly trustworthy yield farming platform, has been flagged as a 'rugpull,' deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency. Rugpulls, otherwise known as "Exist scams," are when pseudo-anonymous platforms or cryptocurrencies are created twith the ultimate goal of collecting funds for an allegedly legitimate "Service" and then disappear with deposited funds.

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers.

Attackers use the Telegram handle "Smokes Night" to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found.

Cryptocurrency exchange BitMart has pledged to dig into its own pocket to pay back users affected in a cyberattack that drained it of about $150 million worth of cryptocurrencies, according to a tweet put out by BitMart CEO Sheldon Xia on Monday.2/4 BitMart will use our own funding to cover the incident and compensate affected users.

BadgerDAO, maker of a decentralized finance protocol, said on Wednesday that it is investigating reports that millions in user funds have been stolen. The DAO in BadgerDAO stands for Decentralized Autonomous Organization, which means the company is "Run by our users - not VCs, whales, or institutions".

Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a heap overflow vulnerability when verifying digital signatures such as DSA and RSA-PSS algorithms that are encoded using the DER binary format.

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token, and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware," Morphisec researchers said in a report published this week.

A new malware campaign on Discord uses the Babadeda crypter to hide malware that targets the crypto, NFT, and DeFi communities. Starting in May 2021, threat actors have been distributing remote access trojans obfuscated by Babadeda as a legitimate app on crypto-themed Discord channels.