Security News
The FBI, CISA, and US Department of Treasury shared detailed info on malicious and fake crypto-trading applications used by North Korean-backed state hackers to steal cryptocurrency from individuals and companies worldwide in a joint advisory published on Wednesday. "It is likely that these actors view modified cryptocurrency trading applications as a means to circumvent international sanctions on North Korea-the applications enable them to gain entry into companies that conduct cryptocurrency transactions and steal cryptocurrency from victim accounts."
The U.S. Department of Justice on Wednesday indicted three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. Accusing them of creating and deploying multiple malicious cryptocurrency applications, developing and fraudulently marketing a blockchain platform, the indictment expands on the 2018 charges brought against Park, one of the alleged nation-state hackers previously charged in connection with the 2014 cyberattack on Sony Pictures Entertainment.
The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service attack. "We are currently experiencing a DDoS attack on our platform," the exchange said in a notification published earlier today.
These applications, which were promoted on cryptocurrency and blockchain-related forums such as bitcointalk and SteemCoinPan, relate directly to cryptocurrency. They purport to be "Jamm" and "eTrade," which are cryptocurrency trade management applications, and "DaoPoker," a cryptocurrency poker app.
Security researchers have discovered a new remote access trojan used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users. Named ElectroRAT after being discovered in December, the cross-platform RAT malware is written in Golang and it was used as part of a campaign that has been targeting cryptocurrency users since the start of 2020.
Cybersecurity researchers today revealed a wide-ranging scam targeting cryptocurrency users that began as early as January last year to distribute trojanized applications to install a previously undetected remote access tool on target systems. Called ElectroRAT by Intezer, the RAT is written from ground-up in Golang and designed to target multiple operating systems such as Windows, Linux, and macOS. The apps are developed using the open-source Electron cross-platform desktop app framework.
The Voyager cryptocurrency brokerage platform halted trading yesterday after suffering a cyberattack targeting their DNS configuration. Voyager Digital LLC is a cryptocurrency broker that allows investors to trade assets using the Voyager mobile app.
British cryptocurrency exchange EXMO has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets. Hot wallets are Internet-connected and are used by exchanges to temporarily store assets for ongoing transactions and transfers unlike cold wallets which have no Internet connection.
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency.