Security News

The nation-state threat operator Lazarus Group is being tied to a recent phishing campaign that targeted admins at a cryptocurrency firm via LinkedIn messages. Researchers say that the recently identified a series of incident that were part of a broader campaign targeting businesses worldwide through LinkedIn messages sent to targets' personal LinkedIn accounts.

Infosec biz F-Secure has uncovered a North Korean phishing campaign that targeted a sysadmin with a fake Linkedin job advert using a General Data Protection Regulation themed lure. The sysadmin worked for a cryptocurrency business, said the threat intel firm, which made him a ripe target for the money-hungry state hackers Lazarus Group, aka APT38, supposedly backed by North Korea.

Mac users are being targeted by trojanized cryptocurrency trading apps, which once downloaded actually drain victims' cryptocurrency wallets, researchers warn. The actors behind the campaign used websites that copy Kattana's legitimate website to convince unwitting cryptocurrency enthusiasts to download the fake apps.

Security researchers at ESET have identified a new campaign targeting Mac users with trojanized cryptocurrency trading apps designed to deliver the GMERA malware. Previous attacks involving this malware family were observed leveraging malicious versions of the trading app Stockfolio, and security researchers also associated the GMERA Trojan with the activities of North Korean hackers.

The Twitter accounts of Bill Gates, Elon Musk, Joe Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts. Twitter locked down thousands of verified accounts belonging to elite Twitter users and high-profile companies Wednesday afternoon in an effort to prevent hackers from perpetrating a massive cryptocurrency scam.

Really interesting research: "An examination of the cryptocurrency pump and dump ecosystem": Abstract: The surge of interest in cryptocurrencies has been accompanied by a proliferation of fraud....

In the first five months of 2020, cryptocurrency crimes have totaled $1.4 billion, indicating that the year 2020 could see the second-highest value in cryptocurrency crimes, outside 2019's whopping $4.5 billion, a CipherTrace report found. The Spring 2020 Cryptocurrency Anti-Money Laundering and Crime report assessed the different tactics cybercriminals are using to commit cryptocurrency offenses.

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. "Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.

Cryptocurrency security company Ledger has warned users about a rogue Chrome extension that dupes its victims into giving up the keys to their crypto wallets. Cryptocurrency owners need a wallet just like users of regular cash do.

Two Chinese nationals have been indicted by the U.S. Justice Department for allegedly laundering $100 million in cryptocurrency stolen from exchanges by North Korean hackers in 2018, according to a federal indictment unsealed Monday. The North Korean-linked group also apparently has been involved in numerous banking thefts, including the 2016 Bangladesh Bank heist, and it has recently begun targeting cryptocurrency exchanges to help illegally fund the government, U.S. authorities say.