Security News

Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could. Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched.

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions under the name "SnatchCrypto," noted that the campaign has been running since at 2017, adding the attacks are aimed at startups in the FinTech sector located in China, Hong Kong, India, Poland, Russia, Singapore, Slovenia, the Czech Republic, the U.A.E., the U.S., Ukraine, and Vietnam.

Cybersecurity software company NortonLifeLock is coming under fire for its decision late last year to begin installing Ethereum mining software on its Norton 360 customers' PCs without their permission or knowledge. Norton Crypto, the new Norton 360 mining component, isn't enabled without the user opting in, but that hasn't stopped users from taking to Norton's Crypto forum to register their discontent, and they aren't all upset about the sneaky installation.

Cryptocurrency users in Ethiopia, Nigeria, India, Guatemala, and the Philippines are being targeted by a new variant of the Phorpiex botnet called Twizt that has resulted in the theft of virtual coins amounting to $500,000 over the last one year. Israeli security firm Check Point Research, which detailed the attacks, said the latest evolutionary version "Enables the botnet to operate successfully without active servers," adding it supports no less than 35 wallets associated with different blockchains, including Bitcoin, Ethereum, Dash, Dogecoin, Litecoin, Monero, Ripple, and Zilliqa, to facilitate crypto theft.

The botnet uses a tactic called crypto clipping, which relies on malware to steal cryptocurrency during a transaction, says Check Point Research. A new botnet variant discovered by cyber threat intelligence provider Check Point Research employs a unique method to steal cryptocurrency from its victims.

If those phrases are present, these same programs will direct Twitter bots under the scammer's control to automatically reply to the tweets as fake support agents with links to scams that steal cryptocurrency wallets. In tests conducted by BleepingComputer, tweets containing the words 'support,' 'help,' or 'assistance' along with the keywords like 'MetaMask,' 'Phantom,' 'Yoroi,' and 'Trust Wallet' will result in almost instantaneous replies from Twitter bots with fake support forms or accounts.

Cryptocurrency trading platform BitMart has disclosed a "Large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. " Hot wallets, as opposed to their cold counterparts, are connected to the internet and allow cryptocurrency owners to receive and send tokens.

Two weeks ago, after three software audits and three months of live testing, a cryptocurrency startup called MonoX introduced what it described as "The premier bootstrap decentralized exchange, Monoswap". Despite the audits and the testing, MonoX seems to have made an interesting blunder in how it handled balance changes during transactions.

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico.

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services server to activate licenses fraudulently.