Tag: CRYPTO

Report: Scammers Drain 0M From Crypto Wallets in a Year
Summary: In 2024, victims lost nearly $500 million due to wallet drainer attacks, marking a significant increase in thefts from crypto wallets. The report highlights the evolving tactics of cybercriminals and the importance of security awareness in the Web3 space.

Threat Actor: Wallet Drainers | wallet drainers Victim: Crypto Users | crypto users

Key Point :

Victims lost approximately $494 million from wallet drainers in 2024, a 67% increase from the previous year.…
Read More
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
This article discusses a malicious URL that exploits vulnerable PHP servers to download and execute malware, specifically targeting systems to mine cryptocurrency. The investigation reveals the use of various executables and their interactions, highlighting the importance of securing PHP servers against such attacks. Affected Platform: PHP servers

Keypoints :

The SANS DShield project collects logs from various participants.…
Read More
PEAKLIGHT: Illuminating the Shadows
PEAKLIGHT is a sophisticated PowerShell-based downloader identified by Mandiant that delivers malware-as-a-service infostealers through obfuscated scripts and various payloads. The initial infection vector involves Microsoft Shortcut Files (LNK) that execute PowerShell scripts to download malicious binaries. The campaign utilizes techniques like obfuscation and memory-only execution to evade detection.…
Read More

Summary: The cybersecurity landscape of 2025 is expected to be shaped by evolving threats, particularly from human vulnerabilities, cryptocurrency exchanges, state-sponsored attacks, supply chain vulnerabilities, and the adoption of cybersecurity mesh architecture. Organizations must adapt their strategies to bolster defenses and enhance resilience against these emerging challenges.…
Read More

Summary: Cybersecurity researchers have identified malicious npm packages impersonating the Nomic Foundation’s Hardhat tool, designed to steal sensitive data from developers. These packages exploit trust in open source plugins to exfiltrate critical information such as private keys and mnemonics.

Threat Actor: _lain | _lain Victim: Developers using npm packages | developers using npm packages

Key Point :

Malicious npm packages impersonating legitimate tools have been found, with one package attracting over 1,000 downloads.…
Read More

Summary: In 2024, scammers executed wallet drainer attacks resulting in $494 million in losses, primarily targeting Ethereum wallets. Despite a modest increase in the number of victims, the average loss per victim rose significantly, highlighting the growing sophistication of phishing tactics in the cryptocurrency space.

Threat Actor: Scammers | scammers Victim: Cryptocurrency Users | cryptocurrency users

Key Point :

Scammers stole $494 million from over 300,000 wallet addresses, marking a 67% increase from 2023.…
Read More

The “LummApp” threat campaign, identified by Team Axon, utilizes advanced adware and infostealing techniques to target users globally. Disguised as a legitimate application, it deploys malicious browser extensions to exfiltrate sensitive data, manipulate clipboard contents, and track user behavior. The campaign employs sophisticated evasion methods, making it a significant threat to individuals and organizations.…
Read More

Summary: A targeted campaign has been discovered involving twenty malicious npm packages that impersonate the Hardhat development environment, aimed at stealing sensitive data from Ethereum developers. These packages have collectively recorded over a thousand downloads and pose significant security risks to users.

Threat Actor: Unknown | unknown Victim: Ethereum Developers | Ethereum Developers

Key Point :

Twenty malicious packages were uploaded to npm, using typosquatting to impersonate legitimate Hardhat packages.…
Read More

LegionLoader is a sophisticated downloader malware that has evolved since its emergence in 2019. It delivers malicious Chrome extensions capable of altering user data and monitoring activities, while also employing advanced techniques for evasion and payload delivery. The malware’s recent adaptations include the use of DLL side-loading and encrypted communication with command and control servers.…
Read More

### #DoubleClickjacking #WebExploitation #UserDeception

Summary: A new attack method known as “DoubleClickjacking” leverages double-click actions to deceive users into authorizing sensitive actions on legitimate websites, bypassing existing security measures. This technique poses significant risks as it can affect nearly all web platforms and even browser extensions.…

Read More

In an increasingly connected digital era, macOS has become an enticing target for cybercriminals. From exploiting vulnerabilities that allow malicious applications to access sensitive data without user consent to sophisticated malware attacks targeting cryptocurrency assets, these threats underscore the importance of security awareness.

This article will explore recent incidents, including TCC-based vulnerabilities, attacks by APT groups, and malware specifically targeting macOS users, as well as essential protective measures that users should take to safeguard their personal data and devices from these emerging threats.…

Read More

### #DigitalDefense #ThreatIntelligence #CyberAwareness

Summary: This week’s cybersecurity update highlights significant threats and vulnerabilities impacting various sectors, emphasizing the need for vigilance and proactive measures to safeguard digital environments. Key developments include high-severity flaws, emerging malware, and notable cybercrime incidents involving threat actors.

Threat Actor: TraderTraitor | TraderTraitor Victim: DMM Bitcoin | DMM Bitcoin

Key Point :

High-severity PAN-OS flaw could lead to denial-of-service attacks on vulnerable devices.…
Read More

### #APT-C-26 #LazarusGroup #FinancialCyberThreats

Summary: The Lazarus group has launched a new campaign targeting financial institutions and cryptocurrency exchanges by weaponizing the IPMsg installer to deliver backdoors and steal sensitive information. This sophisticated attack showcases their advanced social engineering tactics and evasion techniques.

Threat Actor: APT-C-26 (Lazarus) | Lazarus Victim: Financial Institutions and Cryptocurrency Exchanges | financial institutions and cryptocurrency exchanges

Key Point :

The attack begins with a weaponized version of the IPMsg installer, which deploys both a legitimate installer and a malicious DLL file.…
Read More

The Hidden Risk campaign exploits the growing cryptocurrency market, using fake crypto news to distribute RustBucket malware. This malicious activity has been linked to numerous indicators of compromise (IoCs) and highlights the increasing need for cybersecurity awareness among crypto users. #CyberSecurity #Cryptocurrency #Malware

Keypoints :

Over 560 million people own cryptocurrencies, making them potential targets for cyber attacks.…
Read More

Lumma is a sophisticated Malware-as-a-Service (MaaS) that has evolved significantly in 2024, focusing on stealing sensitive information from various sectors. Its subscription-based plans cater to different user needs, and it employs advanced evasion techniques. The malware has garnered attention for its extensive distribution and operational strategies, particularly in targeting gamers and cryptocurrency users.…
Read More

### #TraderTraitor #JadeSleet #CryptoHeist

Summary: Authorities have linked the theft of $308 million in cryptocurrency from DMM Bitcoin to North Korean cyber actors known as TraderTraitor. This group employs social engineering tactics to compromise employees and facilitate theft in the Web3 sector.

Threat Actor: North Korean cyber actors | TraderTraitor Victim: DMM Bitcoin | DMM Bitcoin

Key Point :

The TraderTraitor group has a history of targeting Web3 companies and using social engineering to deploy malware.…
Read More