Security News

These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets
2022-10-28 13:30

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. Targets of these droppers include 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands.

Purpleurchin cryptocurrency miners spotted scouring free GitHub, Heroku accounts
2022-10-27 07:27

A stealthy cryptocurrency mining operation has been spotted using thousands of free accounts on GitHub, Heroku and other DevOps outfits to craft digital tokens. Sysdig estimated each of those 30 free GitHub accounts cost the Microsoft-owned giant $15 per month, and the free tier accounts from Heroku, Buddy and others cost providers between $7 and $10 per month.

Cybercriminals jailed for cryptocurrency theft, death threats
2022-10-20 12:05

Harrington and Meiggs were charged in November 2019 for targeting at least ten victims in SIM swapping attacks and, in some cases, with death threats. According to the court documents, they allegedly stole $200,000 worth of cryptocurrency in one go from an Arizona resident who "Publicly communicated with cryptocurrency experts online," while $100,000 were swiped from a victim in California with close ties to someone who "Operated a blockchain-based business."

Hackers Steal $100 Million Cryptocurrency from Binance Bridge
2022-10-10 08:59

BNB Chain, a blockchain linked to the Binance cryptocurrency exchange, disclosed an exploit on a cross-chain bridge that drained around $100 million in digital assets. According to Binance CEO Changpeng Zhao, the exploit on the cross-chain bridge "Resulted in extra BNB," prompting a temporary suspension of the Binance Smart Chain.

FBI warns of "Pig Butchering" cryptocurrency investment schemes
2022-10-04 13:59

The Federal Bureau of Investigation warns of a rise in 'Pig Butchering' cryptocurrency scams used to steal ever-increasing amounts of crypto from unsuspecting investors. Pig Butchering is a relatively new social engineering scam where fraudsters contact people on social media and build trust by engaging in long-term communication, establishing the idea of a fabricated friendship or romantic partnership.

Fake cryptocurrency giveaway sites have tripled this year
2022-09-16 09:03

The number of websites promoting cryptocurrency giveaway scams to lure gullible victims has increased by more than 300% in the first half of this year, targeting mostly English and Spanish speakers using celebrity deepfakes. Group-IB explains that the primary reason behind the sudden surge of cryptocurrency scams this year is the significant rise in the broader availability of tools that help in their making.

Feds freeze $30m in cryptocurrency stolen from Axie Infinity
2022-09-09 22:08

Federal investigators and private companies seized $30 million in cryptocurrency stolen in March by North Korean-linked APT gang Lazarus Group from a video game developer, the latest example of the growing skills of government and cybersecurity experts to track and recover such ill-gotten gains. Plante also said she expects more stolen cash to be clawed back from North Korean groups.

Responsible Disclosure for Cryptocurrency Security
2022-09-09 13:33

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can't the cryptocurrency industry solve the problem the way the software and hardware industries do, by patching and updating security as flaws are found? Two reasons: First, many customers don't have an ongoing relationship with the hardware and software providers that protect their funds­-nor do they have an incentive to update security on a regular basis.

U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers
2022-09-09 11:36

More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity, and demonstrate that it is becoming more difficult for bad actors to successfully cash out their ill-gotten crypto gains," Erin Plante, senior director of investigations at Chainalysis, said.

FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year
2022-09-01 02:32

The FBI has urged people to be cautious and heavily research a DeFi - decentralized finance - provider before putting your money into it, after more than a billion dollars was stolen from these providers in three months. The FBI wants folks to realize the risks, get professional financial advice if in doubt, and do their homework on the security and general practices of DeFi providers.