Security News

The advanced persistent threat actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News.

FBI warns of phony cryptocurrency apps aiming to steal money from investors. The FBI is urging cryptocurrency investors and investment firms to beware of fraudulent cryptocurrency apps that try to steal money from unsuspecting victims.

The U.S. Federal Bureau of Investigation has warned of cyber criminals building rogue cryptocurrency-themed apps to defraud investors in the virtual assets space. "The FBI has observed cyber criminals contacting U.S. investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the agency said [PDF].

Cybercriminals posing as legitimate investment firms and cryptocurrency exchanges have stolen tens of millions of dollars from more than 200 people by convincing them to download mobile apps and deposit cryptocurrency into wallets owned by the perpetrators. According to an alert [PDF] sent out on Monday by the FBI, the cyber-thieves are contacting US investors, fraudulently claiming to be legitimate organizations offering cryptocurrency services and mobile apps.

The FBI has warned today that cybercriminals use fraudulent cryptocurrency investment applications to steal funds from US investors. "The FBI has observed cyber criminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency," the FBI said in an alert published Monday.

GitHub Actions and Azure virtual machines are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency miners to gain profit easily," Trend Micro researcher Magno Logan said in a report last week.

The malware pretends to be a free Bitcoin mining application, which advertises and can be downloaded via a Youtube video. In an additional attempt to appear more legitimate, the threat actor adds a link to VirusTotal which shows antivirus results for a clean file that is not the malware.

Blockchain venture Harmony offers bridge services for transferring crypto coins across different blockchains, but something has gone badly wrong. The Horizon Ethereum Bridge, one of the firm's ostensibly secure bridges, was compromised on Thursday, resulting in the loss of 85,867 ETH tokens optimistically worth more than $100 million, the organization said via Twitter.

A clipper malware is a piece of software that once running on a computer will constantly check the content of the user's clipboard and look for cryptocurrency wallets. This way, if an unsuspecting user uses any interface to send a cryptocurrency payment to a wallet, which is generally done by copying and pasting a legitimate destination wallet, it gets replaced by the fraudulent one.

"The rise and proliferation of cryptocurrency has also provided attackers with a new method of financial extraction." The targeting of sensitive cryptocurrency data by threat actors was recently echoed by the Microsoft 365 Defender Research Team, which warned about the emerging threat of cryware wherein private keys, seed phrases, and wallet addresses are plundered with the goal of siphoning virtual currencies by means of fraudulent transfers.