#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

cryptocurrency | Breaking Cybersecurity News | The Hacker News

Category — cryptocurrency
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Dec 17, 2024 Malvertising / Cryptocurrency
Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker . "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday. The attacks make use of fake update alerts that employ various deceptive entry points such as software update notifications on compromised WordPress sites, malvertising redirects, phishing emails that link to spoofed update pages, fake CAPTCHA verification prompts , direct downloads from phoney or infected sites, and links shared via social media and messaging apps. Regardless of the method utilized to initiate the infection chain, the software update prompts make use of Microsoft Edge Webview2 to trigger the execution of the payload. "Webview2's dependency on pre-installed components and user interaction complicates dynami...
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Dec 16, 2024 Cryptocurrency / Phishing Attack
Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in its H2 2024 Threat Report shared with The Hacker News. The Slovak cybersecurity company is tracking the threat under the name Nomani , a play on the phrase "no money." It said the scam grew by over 335% between H1 and H2 2024, with more than 100 new URLs detected daily on average between May and November 2024. The attacks play out through fraudulent ads on social media platforms, in several cases targeting people who have previously been scammed by making use of Europol- and INTERPOL-related lures about contacting them for help ...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

Dec 13, 2024 Cybercrime / Cryptocurrency
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. "The conspirators, who worked for DPRK-controlled companies Yanbian Silverstar and Volasys Silver Star, located in the People's Republic of China (PRC) and the Russian Federation (Russia), respectively, conspired to use false, stolen, and borrowed identities of U.S. and other persons to conceal their North Korean identities and foreign locations and obtain employment as remote information technology (IT) workers," the DoJ said . The IT worker scheme generated at least $88 million for the North Korean regime over a span of six years, it's been alleged. In addition, the remote workers engaged in information th...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

Dec 13, 2024 Cybercrime / Financial Fraud
The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox ("rydox[.]ru" and "rydox[.]cc") for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested. Ardit Kutleshi and Jetmir Kutleshi are expected to be extradited to the U.S. Sokoli, who was apprehended on December 12, 2024, in Albania, will be charged and prosecuted in the nation. "The Rydox marketplace has conducted over 7,600 sales of personally identifiable information (PII), stolen access devices, and cybercrime tools, which generated at least $230,000 in revenue since its inception in or around February 2016," the DoJ said in a statement. This included credit card information and login credentials stolen from thousands of victims residing in the United S...
Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Dec 10, 2024 Mobile Security / Cryptocurrency
Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing ) campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report. "As part of their fraudulent hiring process, the phishing campaign tricks victims into downloading a malicious application that acts as a dropper, eventually installing the updated variant of Antidot Banker in the victim's device." The new version of the Android malware has been codenamed AppLite Banker by the mobile security company, highlighting its abilities to siphon unlock PIN (or pattern or password) and remotely take control of infected devices, a feature recently also observed in TrickMo . The attacks employ a variety of social engineering strategies, often luring targets with the prospect of a job opp...
Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

Dec 07, 2024 Malware / Web3 Security
Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said . "The company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst infostealer." The activity has been codenamed Meeten by the security company, owing to the use of names such as Clusee, Cuesee, Meeten, Meetone, and Meetio for the bogus sites. The attacks entail approaching prospective targets on Telegram to discuss a potential investment opportunity, urging them to join a video call hosted on one of the dubious platforms. Users who end up on the site are prompted to download a Windows or macOS version dep...
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

Dec 05, 2024 Cryptocurrency / Mobile Security
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot . "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro Strino, and Federico Valentini said . "Moreover, it leverages dual-channel communication, transmitting outbound data through MQTT and receiving inbound commands via HTTPS, providing enhanced operation flexibility and resilience." The Italian fraud prevention company said it discovered the malware in late October 2024, although there is evidence to suggest that it has been active since at least June, operating under a malware-as-a-service (MaaS) model for a monthly fee of $3,000. No less than 17 affiliate groups have been identified as paying for access to the offering. ...
NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions

Dec 05, 2024 Cryptocurrency / Financial Crime
The U.K. National Crime Agency (NCA) on Wednesday announced that it led an international investigation to disrupt Russian money laundering networks that were found to facilitate serious and organized crime across the U.K., the Middle East, Russia, and South America. The effort, codenamed Operation Destabilise , has resulted in the arrest of 84 suspects linked to two Russian-speaking networks Smart and TGR. In addition, £20 million ($25.4 million) in cash and cryptocurrency has been seized. Both the businesses are based in Moscow's Federation Tower, per The Telegraph , which is known to act as a hub for money laundering firms . Concurrent with the takedown and arrests, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned five individuals and four entities associated with the TGR Group. "Through the TGR Group, Russian elites sought to exploit digital assets – in particular U.S. dollar-backed stablecoins – to evade U.S. and in...
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Dec 04, 2024 Encryption / Cybercrime
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower , comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries . This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering.  It's worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name ("matrix[.]org"). Also known by other names such as Mactrix, Totalsec, X-quantum...
Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library

Dec 04, 2024 Supply Chain Attack
Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm registry. The package is widely used, attracting over 400,000 weekly downloads. "These compromised versions contain injected malicious code that is designed to steal private keys from unsuspecting developers and users, potentially enabling attackers to drain cryptocurrency wallets," Socket said in a report. @solana/web3.js is an npm package that can be used to interact with the Solana JavaScript software development kit (SDK) for building Node.js and web apps. According to Datadog security researcher Christophe Tafani-Dereeper , "the backdoor inserted in v1.95.7 adds an ...
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million

Dec 02, 2024 Financial Fraud / Cryptocurrency
A global law enforcement operation has led to the arrest of more than 5,500 suspects involved in financial crimes and the seizure of more than $400 million in virtual assets and government-backed currencies. The coordinated exercise saw the participation of authorities from 40 countries, territories, and regions as part of the latest wave of Operation HAECHI-V , which took place between July and November 2024, INTERPOL said. "The effects of cyber-enabled crime can be devastating – people losing their life savings, businesses crippled, and trust in digital and financial systems undermined," INTERPOL Secretary General Valdecy Urquiza said in a statement. "The borderless nature of cybercrime means international police cooperation is essential, and the success of this operation supported by INTERPOL shows what results can be achieved when countries work together. It's only through united efforts that we can make the real and digital worlds safer." As part of H...
XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

Nov 28, 2024 Software Security / Data Breach
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package, named @0xengine/xmlrpc , was originally published on October 2, 2023 as a JavaScript-based XML-RPC server and client for Node.js. It has been downloaded 1,790 times to date and remains available for download from the repository. Checkmarx , which discovered the package, said the malicious code was strategically introduced in version 1.3.4 a day later, harboring functionality to harvest valuable information such as SSH keys, bash history, system metadata, and environment variables every 12 hours, and exfiltrate it via services like Dropbox and file.io. "The attack achieved distribution through multiple vectors: direct npm installation and as a hidden dependency in a legitimate-looking ...
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Nov 23, 2024 Artificial Intelligence / Cryptocurrency
The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the country have been observed creating fake profiles on LinkedIn, posing as both recruiters and job seekers to generate illicit revenue for the sanction-hit nation. Sapphire Sleet, which is known to be active since at least 2020, overlaps with hacking groups tracked as APT38 and BlueNoroff. In November 2023, the tech giant revealed that the threat actor had established infrastructure that impersonated skills assessment portals to carry out its social engineering campaigns. One of the main methods adopted by the group for over a year is to pose as a venture capitalist, deceptively claiming an interest in a target user's company in order to set up an online meeting. Targ...
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

Nov 22, 2024 Financial Fraud / Cybercrime
Meta Platforms, Microsoft, and the U.S. Department of Justice (DoJ) have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit (DCU) said it seized 240 fraudulent websites associated with an Egypt-based cybercrime facilitator named Abanoub Nady (aka MRxC0DER and mrxc0derii), who advertised for sale a phishing kit called ONNX. Nady's criminal operation is said to date as far back as 2017. "Numerous cybercriminal and online threat actors purchased these kits and used them in widespread phishing campaigns to bypass additional security measures and break into Microsoft customer accounts," Microsoft DCU's Steven Masada said . "While all sectors are at risk, the financial services industry has been heavily targeted given the sensitive data and transactions they handle. In these instances, a successful phish can have devastating real-world consequences...
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin

Nov 15, 2024 Financial Fraud / Blockchain
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange. Heather Rhiannon Morgan, his wife, also pleaded guilty to the same crimes last year. They were both arrested in February 2022. Morgan is scheduled to be sentenced on November 18. "Lichtenstein, 35, hacked into Bitfinex's network in 2016, using advanced hacking tools and techniques," the DoJ said in a press statement. "Once inside the network, Lichtenstein fraudulently authorized more than 2,000 transactions transferring 119,754 bitcoin from Bitfinex to a cryptocurrency wallet in Lichtenstein's control." TRM Labs said Lichtenstein exploited a vulnerability in Bit...
Expert Insights / Articles Videos
Cybersecurity Resources