Tag: CRYPTO

Microsoft Trust Signing service abused to code-sign malware
Summary: Cybercriminals are exploiting Microsoft’s Trusted Signing platform by using it to sign malware executables with short-lived three-day certificates. This tactic allows signed malware to bypass security filters, as it appears legitimate. Threat actors find this method more accessible compared to obtaining Extended Validation (EV) code-signing certificates, which are harder to acquire and often revoked after use.…
Read More
US Treasury removes sanctions on Tornado Cash after appellate court loss
Summary: Tornado Cash, a cryptocurrency mixer accused of laundering funds for North Korean hackers, has been removed from the U.S. sanctions list following a court ruling that the Treasury Department exceeded its authority. The decision acknowledges complex legal challenges associated with regulating digital assets. Despite the sanctions removal, concerns remain regarding the use of cryptocurrency for cybercrime.…
Read More
Steam pulls game demo infecting Windows with info-stealing malware
Summary: Valve has removed the game ‘Sniper: Phantom’s Resolution’ from its Steam store after users reported that its demo installer contained information-stealing malware. Originally intended as a preview from ‘Sierra Six Studios,’ the game raised suspicions due to its stolen assets and external installation method. Users are advised to uninstall the game and scan their systems for malware following the incident.…
Read More
Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline Operations
Trend Research has identified new versions of the Albabat ransomware targeting Windows, Linux, and macOS platforms. The group is utilizing GitHub to facilitate their ransomware operations. Organizations are advised to enhance security protocols and implement preventive measures to mitigate potential ransomware attacks. Affected: Windows, Linux, macOS

Keypoints :

New versions of Albabat ransomware have been discovered, indicating a potential expansion of targets.…
Read More

Summary: The video discusses a clipboard monitoring tool known as “Clipper,” which specifically targets cryptocurrency transactions. It detects when a user copies a crypto wallet address and replaces it with the attacker’s address without the user’s knowledge, posing a significant security threat to cryptocurrency transactions.

Keypoints:

The Clipper tool monitors clipboard contents for cryptocurrency wallet addresses.…
Read More
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
Summary: A new stealer malware called Arcane is being distributed through YouTube videos promoting game cheats, targeting Russian-speaking users. This malware gathers a wide range of sensitive information from various applications, including VPNs, messaging apps, and gaming clients. It utilizes various techniques, including a batch file that activates PowerShell to initiate its malicious activities, while also evading security measures like Windows SmartScreen.…
Read More
GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams
The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…
Read More
Fake Cloudflare Verification Results in LummaStealer Trojan Infections
This article describes an ongoing malware campaign utilizing malicious WordPress plugins to spread the LummaStealer trojan. The malware trick users into running harmful PowerShell commands, thus collecting sensitive data from infected PCs. The campaign exploits fake human verification prompts primarily targeting Windows users. Affected: WordPress websites, Windows operating system users

Keypoints :

LummaStealer is an infostealer malware designed to collect sensitive data.…
Read More
Malware campaign ‘DollyWay’ breached 20,000 WordPress sites
Summary: The ‘DollyWay’ malware operation has targeted over 20,000 WordPress sites since 2016, evolving into a sophisticated redirection scam that generates millions of fraudulent impressions monthly. It employs complex tactics including dynamic script injection and auto-reinfection to maintain persistent control over compromised sites. GoDaddy researchers link various malware campaigns under the ‘DollyWay World Domination’ umbrella, emphasizing a notable escalation in risk for affected organizations.…
Read More

Summary: The video discusses the latest episode of “Security Now” with Steve Gibson, covering a range of topics, including an in-depth analysis of the cryptography used in Telegram’s messenger, updates on the Rowhammer vulnerability, and the implications of recent security incidents involving Twitter and Firefox. It also encourages listeners to participate in a study on Rowhammer, providing detailed instructions on how to assess their own systems for vulnerabilities.…
Read More
Summary: Two critical vulnerabilities have been discovered in the xml-crypto library, affecting its ability to securely verify XML signatures. Identified as CVE-2025-29774 and CVE-2025-29775, both vulnerabilities carry a CVSSv4 score of 9.3, posing serious risks for applications utilizing this library. Users are urged to upgrade to version 6.0.1 or the appropriate patch versions to mitigate these security threats.…
Read More
FBI Issues Warning Over Free Online File Converters That Actually Install Malware
Summary: The FBI Denver Field Office has issued a warning regarding an increase in scam websites that masquerade as free online file converters but instead load malware onto users’ systems. This malware can lead to ransomware attacks and the theft of sensitive personal information. Users are advised to remain vigilant and protect their devices with anti-malware solutions.…
Read More
Microsoft identifies new RAT targeting cryptocurrency wallets and more
Summary: Microsoft has discovered a new remote access trojan named StilachiRAT, which utilizes sophisticated evasion techniques to maintain persistence on compromised systems while exfiltrating sensitive data. The malware targets several cryptocurrency wallet extensions and can manipulate system settings and steal credentials. Although the origin of StilachiRAT remains unknown, its capabilities warrant serious attention due to its stealth and extensive data collection functions.…
Read More
Thousands of Fake Crypto Investment Platforms Uncovered in Widespread Scam Campaign
Summary: Researchers from Unit 42 have uncovered a complex network of fraudulent cryptocurrency investment platforms that employ tactics akin to Ponzi and pyramid schemes. These scams leverage popular brands and current events to gain users’ trust while promising unrealistic returns. The campaign, which is actively targeting users chiefly in East Africa and Asia, relies on impersonation and multi-level marketing to recruit affiliates, raising significant concerns about the extensive reach and impact of these fraudulent activities.…
Read More
Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds
Summary: OKX, a Seychelles-based cryptocurrency exchange, has temporarily suspended its decentralized finance services after detecting attempts by the North Korean Lazarus Group to launder stolen funds. The exchange aims to implement upgrades to prevent future misuse while addressing ongoing scrutiny from regulators regarding its compliance practices.…
Read More