Security News

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in.NET, capable of exfiltrating wallet contents, passwords stored in the browser, and passphrases captured from the clipboard," Bitdefender researcher said in a technical report on Wednesday.

A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. The discovery and analysis of the new BHUNT malware come from Bitdefender, who shared their findings with Bleeping Computer before publishing.

Riot Games, the developer behind League of Legends, has filed a California lawsuit against scammers, whose identities aren't yet known, for ripping off job seekers with the promise of a gig with the company. Usually early in their careers and eager for a chance with a gaming company like Riot, job hunters are either targeted by a cybercriminal posing as a recruiter or with fake ads on popular employment sites like Indeed, Riot's filing explained.

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. Deployed via cracked software, the latest attack involves the malware masquerading as KMSPico.

Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services server to activate licenses fraudulently.

Ransomware is on the rise, and attackers are massing in never-before-seen numbers, lining up to find victims. According to its 2022 predictions, upcoming threats will target an expanding attack surface, meaning that 2022 is "Shaping up to be a banner year for cybercriminals. Attacks will continue to span the entire attack surface, leaving IT teams scrambling to cover every possible avenue of attack."

Threat actors are using advertisements in Google Search to promote fake cryptocurrency wallets and DEX platforms to steal user's cryptocurrency. These advertisements promote sites that install fake Phantom and MetaMask wallets used for Solana and Ethereum, and fake decentralized exchange platforms, such as PancakeSwap and Uniswap.

Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art. Details emerged today about an issue on the OpenSea platform that let hackers hijack user accounts and steal the associated cryptocurrency wallets.

Security researchers found that an attacker could leave OpenSea account owners with an empty cryptocurrency balance by luring them to click on malicious NFT art. Details emerged today about an issue on the OpenSea platform that let hackers hijack user accounts and steal the associated cryptocurrency wallets.

A now-patched critical vulnerability in OpenSea, the world's largest non-fungible token marketplace, could've been abused by malicious actors to drain cryptocurrency funds from a victim by sending a specially-crafted token, opening a new attack vector for exploitation. The findings come from cybersecurity firm Check Point Research, which began an investigation into the platform following public reports of stolen cryptocurrency wallets triggered by free airdropped NFTs. The issues were fixed in less than one hour of responsible disclosure on September 26, 2021.