Security News

A flaw detected in the browser version of the Ever Surf cryptocurrency wallet could have given hackers who exploited it full control over a targeted user's wallet, say threat hunters at Check Point Research. "Despite the fact that Surf uses reliable cryptographic libraries for the key derivation and the encryption, the sensitive data in the web version of Surf doesn't appear to have adequate protection."

Cybersecurity researchers have disclosed a now-fixed security flaw in the Rarible non-fungible token marketplace that, if successfully exploited, could have led to account takeover and theft of cryptocurrency assets. Rarible, an NFT marketplace that enables users to create, buy, and sell digital NFT art like photographs, games, and memes, has over 2.1 million active users.

Trezor recently published a warning against a new phishing campaign targeting its users. Figure A. Once in possession of a list of email addresses belonging only to real Trezor customers, the attackers moved to the next step.

A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them. Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.

A new Golang-based botnet under active development has been ensnaring hundreds of Windows devices each time its operators deploy a new command and control server. First spotted in October 2021 by ZeroFox researchers who dubbed it Kraken, this previously unknown botnet uses the SmokeLoader backdoor and malware downloader to spread to new Windows systems.

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in.NET, capable of exfiltrating wallet contents, passwords stored in the browser, and passphrases captured from the clipboard," Bitdefender researcher said in a technical report on Wednesday.

A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. The discovery and analysis of the new BHUNT malware come from Bitdefender, who shared their findings with Bleeping Computer before publishing.

Riot Games, the developer behind League of Legends, has filed a California lawsuit against scammers, whose identities aren't yet known, for ripping off job seekers with the promise of a gig with the company. Usually early in their careers and eager for a chance with a gaming company like Riot, job hunters are either targeted by a cybercriminal posing as a recruiter or with fake ads on popular employment sites like Indeed, Riot's filing explained.

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico.

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services server to activate licenses fraudulently.