Security News
You may recall the late cryptocurrency trading hamster, Mr Goxx, who went viral during his brief and colourful life as a rodentine coinhodler. Sadly, given how this particular story ends, US cryptocurrency developer Virgil Griffith has provided another episode in the never-a-dull-moment world of cryptocurrencies.
Cado Security says it has discovered a strain of malware specifically designed to run in AWS Lambda serverless environments and mine cryptocurrency. While the security firm has only seen the malware running in AWS Lambda, it can be made to run in other Linux-flavored environments, Cado Security CTO and co-founder Chris Doman told The Register this week.
"Just a few hours of compromise could result in profits for the perpetrators. That's why we're seeing a continuous fight for cloud CPU resources. It's akin to a real-life capture-the-flag, with the victim's cloud infrastructure the battleground," said Stephen Hilt, Senior Threat Researcher at Trend Micro. Threat actors are increasingly scanning for and exploiting these exposed instances, as well as brute-forcing SecureShell credentials, in order to compromise cloud assets for cryptocurrency mining, the report reveals.
We're told the fraudster accessed some 319 Mailchimp accounts, and exfiltrated "Audience data" from 102 of them. According to Smyth, Mailchimp's security engineers became aware of the break-in on March 26 after a cybercriminal gained accessed to a tool that the Mailchimp customer-facing teams use for customer support and account administration.
A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them. Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.
An unidentified threat actor has been observed employing a "Complex and powerful" malware loader with the ultimate objective of deploying cryptocurrency miners on compromised systems and potentially facilitating the theft of Discord tokens. "The evidence found on victim networks appears to indicate that the goal of the attacker was to install cryptocurrency mining software on victim machines," researchers from the Symantec Threat Hunter Team, part of Broadcom Software, said in a report shared with The Hacker News.
Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. The wallet services are said to have been distributed through a network of over 40 counterfeit wallet websites that are promoted with the help of misleading articles posted on legitimate Chinese websites, as well as by means of recruiting intermediaries through Telegram and Facebook groups, in an attempt to trick unsuspecting visitors into downloading the malicious apps.
Biden's executive order is the first step in a government-wide addressing of cryptocurrency risk, and the starting block from which cryptocurrency could become safer, more accessible, and more accepted. While there may be a few cryptocurrency purists who will shun this and any subsequent regulation for cryptocurrency in protection of its original, libertarian roots, most of the cryptocurrency community will no doubt be pleased to see it being legitimized and deemed worthy of regulatory scrutiny.
The U.S. Department of Justice earlier this week appointed Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team it established last year. "The NCET will serve as the focal point for the department's efforts to tackle the growth of crime involving technologies," said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department's Criminal Division.
A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control server. First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems.