January 31, 2024 at 07:42AM The US Treasury Department imposed sanctions on two Egyptian cybersecurity experts accused of running a platform affiliated with the Islamic State group, offering cyber training and support for evading law enforcement and using cryptocurrencies. The individuals, Mu’min Al-Mawji Mahmud Salim and Sarah Jamal Muhammad Al-Sayyid, are wanted by the FBI … Read more
January 24, 2024 at 04:24AM Australia, the U.K., and the U.S. have imposed financial sanctions on Russian national Alexander Ermakov for his alleged involvement in the 2022 ransomware attack on Medibank. The attack resulted in the unauthorized access of 9.7 million customer records, leading the governments to criminalize dealing with his assets and call for … Read more
January 23, 2024 at 08:24AM Apple macOS users have been targeted by cracked software delivering a new stealer malware, capable of stealing cryptocurrency wallet data. The attack involves booby-trapped disk image files, prompting users to enter the system administrator password and execute a modified executable. The malware establishes contact with a command-and-control server to fetch … Read more
January 18, 2024 at 12:09PM A novel campaign is targeting vulnerable Docker services by deploying XMRig cryptocurrency miner and 9Hits Viewer software to generate revenue. The campaign uses various strategies to drive traffic to websites, breaching servers to deploy malicious containers via Docker API. The impact includes resource exhaustion and potential for a serious breach. … Read more
January 16, 2024 at 03:45AM The now-defunct Inferno Drainer created over 16,000 malicious domains, scamming over $87 million from 137,000 victims by spoofing Web3 protocols. Affiliates could use the malware for phishing, draining 30% of stolen assets in some cases. The cybercrime spoofed over 100 cryptocurrency brands with specially crafted pages and was active throughout … Read more
January 16, 2024 at 02:45AM Threat actors exploit a patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw, CVE-2023-36025, allows attackers to bypass Windows SmartScreen protection. Despite being patched, threat actors find ways to exploit the flaw, highlighting their flexibility in adapting attack … Read more
January 12, 2024 at 03:09AM Cybersecurity researchers have discovered a new attack using misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners and conceal them with rootkits. The attackers exploit flaws to run remote code on targeted systems and hide mining processes. Mitigations include deploying agent-based security solutions to detect and prevent such attacks. … Read more
January 11, 2024 at 04:01AM Mandiant’s X account was compromised by a brute-force attack, enabling the intruder to spread a cryptocurrency drainer called CLINKSINK. The attack targeted Solana cryptocurrency users and utilized phishing pages to redirect victims to approve fraudulent transactions. This incident reflects a growing trend of financially motivated threat actors targeting cryptocurrency assets … Read more
January 10, 2024 at 05:26PM Mandiant, a cybersecurity firm and Google subsidiary, had its Twitter account hijacked by a Drainer-as-a-Service gang. The attacker redirected over 123,000 followers to a phishing page to steal cryptocurrency, with an estimated minimum of $900,000 in assets stolen. Verified organizations like the U.S. Securities and Exchange Commission have also been … Read more
January 10, 2024 at 11:39AM The new Mirai-based botnet NoaBot is used by threat actors for a crypto mining campaign since 2023. It includes a wormable self-spreader and an SSH key backdoor, and has been linked to a Rust-based malware called P2PInfect. NoaBot’s unique features make it difficult to detect, and it has targeted 849 … Read more