Security News

New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency
2023-04-04 13:07

Chromium-based web browsers are the target of a new malware called Rilide that masquerades itself as a seemingly legitimate extension to harvest sensitive data and siphon cryptocurrency. "Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring."

DoJ cracks down on cryptocurrency fraud, seizes $112 million in linked funds
2023-04-04 08:41

The Department of Justice declared the confiscation of digital currency valued at approximately $112 million connected to fraudulent cryptocurrency investments. In these schemes, fraudsters cultivate long-term relationships with victims met online, eventually enticing them to make investments in fraudulent cryptocurrency trading platforms.

Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack
2023-04-04 03:54

The adversary behind the supply chain attack targeting 3CX deployed a second-stage implant specifically singling out a small number of cryptocurrency companies. The backdoor's links to North Korea stem from the fact that it "Co-existed on victim machines with AppleJeus, a backdoor attributed to the Korean-speaking threat actor Lazarus," detailing an attack on an unnamed crypto firm located in Southeast Asia in 2020.

US seizes $112 million from cryptocurrency investment scammers
2023-04-03 19:10

Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. The criminals behind these cryptocurrency fraud scams approach their victims via various dating platforms, messaging apps, or social media platforms, build trust, and introduce them to investment schemes which eventually allow them to empty the targets' crypto wallets.

Cryptocurrency companies backdoored in 3CX supply chain attack
2023-04-03 17:22

Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload. VoIP communications company 3CX was compromised by North Korean threat actors tracked as Lazarus Group to infect the company's customers with trojanized versions of its Windows and macOS desktop apps in a large-scale supply chain attack. Kaspersky has discovered that the Gopuram backdoor previously used by the Lazarus hacking group against cryptocurrency companies since at least 2020, was also deployed as a second-stage payload in the same incident into the systems of a limited number of affected 3CX customers.

Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
2023-03-17 10:22

Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strý?ek said in a new analysis.

FBI warns of cryptocurrency theft via “play-to-earn” games
2023-03-09 19:24

Cybercriminals are now using fake rewards in so-called "Play-to-earn" mobile and online games to steal millions worth of cryptocurrency, according to an FBI warning on Thursday. "Criminals contact victims online and build a relationship with victims over time," the FBI says in a public service announcement issued via the Internet Crime Complaint Center.

Nick Weaver on Regulating Cryptocurrency
2023-03-03 15:58

Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space-with all existing regulations. The cryptocurrency space has grown over the past decade with very little regulatory oversight.

Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
2023-03-01 06:11

Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "Uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report. Parallax RAT grants attackers remote access to victim machines.

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware
2023-02-23 16:49

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems. "This malware makes use of the Invisible Internet Project to download malicious components and send mined currency to the attacker's wallet," Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley said in a report shared with The Hacker News.