Security News

US cryptocurrency coder gets 5 years for North Korea sanctions busting
2022-04-13 18:52

You may recall the late cryptocurrency trading hamster, Mr Goxx, who went viral during his brief and colourful life as a rodentine coinhodler. Sadly, given how this particular story ends, US cryptocurrency developer Virgil Griffith has provided another episode in the never-a-dull-moment world of cryptocurrencies.

Cryptocurrency-mining AWS Lambda-specific malware spotted
2022-04-07 07:28

Cado Security says it has discovered a strain of malware specifically designed to run in AWS Lambda serverless environments and mine cryptocurrency. While the security firm has only seen the malware running in AWS Lambda, it can be made to run in other Linux-flavored environments, Cado Security CTO and co-founder Chris Doman told The Register this week.

Malicious actors targeting the cloud for cryptocurrency-mining activities
2022-04-06 04:00

"Just a few hours of compromise could result in profits for the perpetrators. That's why we're seeing a continuous fight for cloud CPU resources. It's akin to a real-life capture-the-flag, with the victim's cloud infrastructure the battleground," said Stephen Hilt, Senior Threat Researcher at Trend Micro. Threat actors are increasingly scanning for and exploiting these exposed instances, as well as brute-forcing SecureShell credentials, in order to compromise cloud assets for cryptocurrency mining, the report reveals.

Mailchimp: Crook stole cryptocurrency clients' mailing-list subscriber info
2022-04-05 01:11

We're told the fraudster accessed some 319 Mailchimp accounts, and exfiltrated "Audience data" from 102 of them. According to Smyth, Mailchimp's security engineers became aware of the break-in on March 26 after a cybercriminal gained accessed to a tool that the Mailchimp customer-facing teams use for customer support and account administration.

Fake Trezor data breach emails used to steal cryptocurrency wallets
2022-04-03 16:03

A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them. Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.

New Malware Loader 'Verblecon' Infects Hacked PCs with Cryptocurrency Miners
2022-03-29 08:02

An unidentified threat actor has been observed employing a "Complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," researchers from the Symantec Threat Hunter Team, part of Broadcom Software, said in a report shared with The Hacker News.

Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users
2022-03-25 02:31

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. The wallet services are said to have been distributed through a network of over 40 counterfeit wallet websites that are promoted with the help of misleading articles posted on legitimate Chinese websites, as well as by means of recruiting intermediaries through Telegram and Facebook groups, in an attempt to trick unsuspecting visitors into downloading the malicious apps.

Biden legitimizes cryptocurrency with regulatory exploration
2022-03-16 05:00

Biden's executive order is the first step in a government-wide addressing of cryptocurrency risk, and the starting block from which cryptocurrency could become safer, more accessible, and more accepted. While there may be a few cryptocurrency purists who will shun this and any subsequent regulation for cryptocurrency in protection of its original, libertarian roots, most of the cryptocurrency community will no doubt be pleased to see it being legitimized and deemed worthy of regulatory scrutiny.

Justice Department Appoints First Director of National Cryptocurrency Enforcement Team
2022-02-19 21:51

The U.S. Department of Justice earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team it established last year. "The NCET will serve as the focal point for the department's efforts to tackle the growth of crime involving technologies," said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department's Criminal Division.

New Golang botnet empties Windows users’ cryptocurrency wallets
2022-02-18 20:27

A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control server. First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems.