Tag: crypto
-
New Android Malware “TsarBot” Targeting 750 Banking, Finance Crypto Apps
by
in SecurityNews
Tags: android, attack, banking, credentials, credit-card, crypto, cyber, finance, intelligence, login, malware, threatA newly identified Android malware, dubbed TsarBot, has emerged as a potent cyber threat targeting over 750 applications across banking, finance, cryptocurrency, and e-commerce sectors. Discovered by Cyble Research and Intelligence Labs (CRIL), this banking Trojan employs sophisticated overlay attacks to steal sensitive user credentials, including banking details, login information, and credit card data. Global…
-
Inside Daisy Cloud: 30K Stolen Credentials Exposed
by
in SecurityNewsVeriti research recently analyzed stolen data that was published in a telegram group named “Daisy Cloud” (potentially associated with the RedLine Stealer), exposing the inner workings of a cybercrime marketplace. This group offers thousands of stolen credentials in an ongoing basis across a wide range of services, from crypto exchanges to government portals, at disturbingly……
-
Security Affairs newsletter Round 517 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme Experts warn of the new sophisticate…
-
New Crocodilus malware steals Android users’ crypto wallet keys
by
in SecurityNewsA newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-crocodilus-malware-steals-android-users-crypto-wallet-keys/
-
FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns. On February 27, 2025, the U.S. Attorney’s Office in Ohio filed a civil forfeiture complaint for $8.2M in USDT (Tether) linked to a ‘romance baiting’ scam. Fraudsters used anonymous messaging apps…
-
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
by
in SecurityNewsThe new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. >>Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from…
-
U.S. seized $8.2 million in crypto linked to ‘Romance Baiting’ scams
by
in SecurityNewsThe U.S. Department of Justice (DOJ) has seized over $8.2 million worth of USDT (Tether) cryptocurrency that was stolen via ‘romance baiting’ scams. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/cryptocurrency/us-seized-82-million-in-crypto-linked-to-romance-baiting-scams/
-
4 Tips For Crypto Wallet Security
by
in SecurityNewsCryptocurrency will be more popular in 2025 than it has ever been and this means that there is a greater need for wallet security. As the crypto sector becomes more profitable and popular, malicious actors will look to exploit investors and steal their funds through methods like phishing schemes, wallet hacks, and so on. Then…
-
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
by
in SecurityNewsCybersecurity researchers have discovered a new Android banking malware called Crocodilus that’s primarily designed to target users in Spain and Turkey.”Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,”…
-
9-Year-Old NPM Crypto Package Hijacked for Information Theft
by
in SecurityNewsNearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/9-year-old-npm-crypto-package-hijacked-to-steal-information/
-
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
by
in SecurityNewsCybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.”Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers,” Sonatype researcher Ax Sharma said. “However, […] the latest First seen…
-
DoJ Recovers $5M Lost in BEC Fraud Against Workers’ Union
by
in SecurityNewsThe union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/doj-secures-5m-bec-fraud-workers-union
-
Abracadabra.Finance loses $13M in crypto heist
by
in SecurityNews
Tags: cryptoFirst seen on scworld.com Jump to article: www.scworld.com/brief/abracadabra-finance-loses-13m-in-crypto-heist
-
Cryptohack Roundup: $13M Abracadabra Hack
by
in SecurityNewsAlso: The Treasury Department Lifts Tornado Cash Sanctions. This week, Abracadabra hack, updates on Tornado Cash and Bybit, $7M scam money recovery, man faces prison for stabbing crypto CEO, movie director charged for swindle, Ripple-SEC case wrap-up, Grinex is the new Garantex, Gotbit plea deal, Coinbase in supply chain hack and Binance insider risk threat.…
-
T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit
by
in SecurityNewsT-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft. The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/t-mobile-coughed-up-33-million-in-sim-swap-lawsuit/
-
Crypto Heist Suspect >>Wiz<< Arrested After $243 Million Theft
by
in SecurityNewsVeer Chetal, known online as “Wiz” and one of the key suspects in the massive $243 million cryptocurrency heist, has been apprehended by U.S. Marshals. First seen on hackread.com Jump to article: hackread.com/crypto-heist-suspect-wiz-arrested-243-million-theft/
-
Abracadabra Cyberattack: How Hackers Drained $13M from DeFi Platform
by
in SecurityNewsThe decentralized finance (DeFi), Abracadabra, is dealing with a cyberattack that resulted in the theft of nearly $13 million worth of cryptocurrency. The Abracadabra cyberattack, which targeted the platform’s “gmCauldrons,” has shaken the cryptocurrency market particularly those that rely on liquidity tokens from decentralized exchanges like GMX. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/abracadabra-cyberattack/
-
Nearly $13 million stolen from Abracadabra Finance in crypto heist
by
in SecurityNewsThe crypto lending platform said the issue was sourced back to a product it calls “cauldrons”, isolated lending markets that allow users to borrow against a variety of cryptocurrencies. First seen on therecord.media Jump to article: therecord.media/nearly-thirteen-million-stolen-abracadabra
-
Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users
by
in SecurityNewsRilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log passwords, and collect credentials for cryptocurrency wallets. It often disguises itself as a Google Drive…
-
Advanced Malware Targets Cryptocurrency Wallets
by
in SecurityNewsMore attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers. The malware targets many widely used cryptocurrency wallet browser extensions: 1. Bitget Wallet (Formerly BitKeep) 2. Trust Wallet 3. TronLink…
-
US Lifts Sanctions Against Crypto Mixer Tornado Cash
by
in SecurityNewsThe US Department of the Treasury has removed sanctions against the fully decentralized cryptocurrency mixer service Tornado Cash. The post US Lifts Sanctions Against Crypto Mixer Tornado Cash appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/us-lifts-sanctions-against-crypto-mixer-tornado-cash/
-
âš¡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
by
in SecurityNewsA quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the…
-
Security Affairs newsletter Round 516 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to…
-
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash
by
in SecurityNewsThe U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds. The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by…
-
U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe
by
in SecurityNewsThe U.S. Treasury Department has announced that it’s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.”Based on the Administration’s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity…
-
US Treasury removes sanctions on Tornado Cash after appellate court loss
by
in SecurityNews
Tags: cryptoTornado Cash, which the U.S. sanctioned in 2022, was dropped from that list by the Trump administration following a court decision favoring the cryptocurrency mixer in November. First seen on therecord.media Jump to article: therecord.media/treasury-drops-tornado-cash-sanctions
-
Threat Actors Leverage Reddit to Spread AMOS and Lumma Stealers
In a recent surge of cyber threats, threat actors have been exploiting Reddit to distribute two potent malware variants: AMOS (Atomic Stealer) and Lumma Stealer. These malware types are specifically designed to target cryptocurrency traders by offering cracked versions of popular trading software, such as TradingView. The attackers engage actively with potential victims on Reddit,…