Security News
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. Ledger is a hardware cryptocurrency wallet that allows you to store, manage, and sell cryptocurrency.
Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. Although it is unclear how many MetaMask users fell for the scam, some say they ended up with empty wallets after clicking on a fraudulent search ad being promoted as the MetaMask site.
Google has kicked 49 malicious Chrome browser extensions out of its Web Store that were posing as cryptocurrency wallets in order to drain the contents of bona fide wallets. On Tuesday, Harry Denley, MyCrypto Director of Security, said that malicious browser extensions aren't new, but the targets in this campaign are: they include the cryptocurrency wallets Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus, and KeepKey.
Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. "Essentially, the extensions are phishing for secrets - mnemonic phrases, private keys, and keystore files," explained Harry Denley, director of security at MyCrypto.
The popular digital wallet application Key Ring recently exposed information belonging to millions of its users, vpnMentor reports. Key Ring is an application that creates a digital wallet on the user's phone and allows them to upload scans and photos of membership and loyalty cards, but many also use it to store copies of IDs, driver's licenses, credit cards, and the like.
The fairly new malware, which has been dubbed Oski Stealer, is being advertised on underground cyber-forums, including several Russian forums, security researcher Aditya K Sood explained in a report shared with SecurityWeek. Oski Stealer is being distributed via drive-by downloads, phishing attacks, and other standard infection methods, and acts as a native piece of software that can be installed on various systems.
Trio of vulnerabilities made registry full of uncertain code even more of a risk On Wednesday, NPM, Inc, the California-based biz that has taken it upon itself to organize the world's JavaScript...
A newly discovered remote access Trojan can steal various types of data from the infected machines, including personal data and cryptocurrency wallet information, Zscaler security researchers...
What a wild ride, eh Komodo? Blockchain biz Komodo this week said it had used a vulnerability discovered by JavaScript package biz NPM to take control of some older Agama cryptocurrency wallets to...
Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts....