Antivirus, Cryptocurrency and Information Security

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. The discovered infected archives contained an additional executable, with a modified start script tricking victims into disabling antivirus protections. in a temporary folder. ” reads the report published by Kaspersky.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload. The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. The FBI urges reporting to IC3.gov.

Malware

Malware Scams Identity Theft Antivirus

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

Judging by the analysis of transactions, they were able to transfer about $270,000 in various cryptocurrencies to their crypto wallets.” “However, in reality, this amount may be larger; the attackers also targeted Monero, a cryptocurrency that is untraceable.” 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware

Malware Advertising Antivirus Cybercrime

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” reads the analysis published by Avast.

Antivirus

Antivirus Cryptocurrency Malware Software

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. The title of the accessed web-pages are collected and compared with the target organizations and services hardcoded and defined by crooks, generally the name of the banking portals, cryptocurrency portals, and financial firms.

Antivirus

Antivirus Malware Banking Internet

Fake AV websites used to distribute info-stealer malware

Security Affairs

MAY 25, 2024

Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. The fake websites were masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes. exe.zip”) that was used to deploy the Lumma information stealer.

Malware

Malware Antivirus Cryptocurrency Hacking

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018.

Cryptocurrency

Cryptocurrency Hacking Malware Banking

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Security Boulevard

JANUARY 16, 2022

Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers’ computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate […].

Accountability

Accountability Antivirus Cryptocurrency Scams

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels. ” concludes the report.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

Cryptocurrency miners infected more than 50% of the European airport workstations

Security Affairs

OCTOBER 17, 2019

European airport systems were infected with a Monero cryptocurrency miner that was linked to the Anti-CoinMiner campaign discovered this summer by Zscaler researchers. . Experts pointed out that the Monero miners were installed on the European airport systems, even if they were running an industry-standard antivirus.

Cryptocurrency

Cryptocurrency Antivirus Advertising Malware

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

Security Affairs

MARCH 14, 2025

Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024. He developed the code to disable antivirus software, deploy malware, and print ransom notes to all printers connected to a victim network.

Ransomware

Ransomware Cryptocurrency Small Business Malware

Ryuk ransomware operations already made over $150M

Security Affairs

JANUARY 7, 2021

Both exchanges are structured in a way that probably wouldn’t obligate them to comply with law enforcement requests and both were founded by Chinese nationals that moved their business to countries that are more friendly to cryptocurrency exchanges. ” concludes the report.

Ransomware

Ransomware Cryptocurrency Antivirus Banking

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns.

Cryptocurrency

Cryptocurrency Antivirus Manufacturing Government

Norton Crypto, the controversial cryptomining feature of Norton 360

Security Affairs

JANUARY 7, 2022

Experts warn that the popular antivirus product Norton 360 has installed a cryptocurrency miner on its customers’ computers. Many users ignore that Norton 360 comes with a cryptomining feature, dubbed Norton Crypto, that could allow them to earn money mining Ethereum (ETH) cryptocurrency while the customer’s computer is idle.

Energy and Utilities

Energy and Utilities Cryptocurrency Antivirus Hacking

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

DNS

DNS Internet Internet Malware

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

Security Affairs

JUNE 17, 2021

Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. ”The websites promised to render malicious software fully undetectable by nearly every major provider of antivirus software. .”The ” reads the press release published by DoJ.”The

Antivirus

Antivirus Malware Software Cryptocurrency

SharkBot, the new generation banking Trojan distributed via Play Store

Security Affairs

MARCH 7, 2022

SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. The malware was spotted at the end of October by researchers from cyber security firms Cleafy and ThreatFabric, the name comes after one of the domains used for its command and control servers.

Banking

Banking Antivirus Mobile Malware

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

SEPTEMBER 14, 2019

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. . Researchers at Z s caler have discovered a new Trojan dubbed InnfiRAT that implements many standard Trojan capabilities along with the ability to steal cryptocurrency wallet data. .

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Report: how cybercriminals abuse API keys to steal millions

Security Affairs

MAY 21, 2021

CyberNews researchers found that crooks could abuse cryptocurrency exchange API keys and steal cryptocurrencies. CyberNews researchers found that cybercriminals are able to abuse cryptocurrency exchange API keys and steal cryptocurrencies from their victims’ accounts without being granted withdrawal rights.

Cryptocurrency

Cryptocurrency Accountability Marketing Passwords

SharkBot, a new Android Trojan targets banks in Europe

Security Affairs

NOVEMBER 15, 2021

The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts. Once the banking Trojan is installed on the victim’s device, threat actors can steal sensitive banking information through the abuse of Accessibility Services (i.e.

Banking

Banking Mobile Social Engineering Malware

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Excel documents created with the APOMacroSploit builder are capable of bypassing antivirus software, Windows Antimalware Scan Interface (AMSI), and even Gmail and other email-based phishing detection. BitRAT implements multiple features, including mining cryptocurrencies and RAT features.

Malware

Malware Antivirus Phishing Cryptocurrency

Security Affairs newsletter Round 261

Security Affairs

APRIL 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Hacking

Hacking Advertising Spyware Antivirus

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

.” The malicious code supports multiple commands, it could launch overlay attacks, log keystrokes, send spam the victims’ contact lists with SMS messages, and prevent victims from using antivirus software. The list of targeted apps includes cryptocurrency wallet applications (i.e.

Malware

Malware Banking Mobile Advertising

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Researchers at Intezer have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining botnet, that also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep vulnerability (CVE-2019-0708). ” reads a blog post published by Intezer.

Cryptocurrency

Cryptocurrency Internet Internet Malware

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

The loader is also designed to gather system information, retrieve a list of installed antivirus solutions, cryptocurrency wallets, banking, and mail apps, and exfiltrate the information to a remote server. That’s not all. ” concludes the report.

Banking

Banking Malware Antivirus Phishing

Security Affairs newsletter Round 407 by Pierluigi Paganini

Security Affairs

FEBRUARY 19, 2023

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers GoDaddy discloses a new data breach Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb German airport websites hit by DDos attacks once again Cisco fixed critical RCE bug in ClamAV Open-Source Antivirus engine CISA adds Cacti, Office, Windows (..)

DDOS

DDOS Data breaches Ransomware Hacking

New Windows Meduza Stealer targets tens of crypto wallets and password managers

Security Affairs

JULY 3, 2023

“What’s more concerning is that a large portion of antivirus software has proven ineffective against the Meduza stealer binary, either failing to detect it statically or dynamically” reads the analysis published by Uptycs. ” The administrator offers access to the stolen data through a management console.

Password Management

Password Management Passwords Malware Marketing

QwixxRAT, a new Windows RAT appears in the threat landscape

Security Affairs

AUGUST 15, 2023

. “Once installed on the victim’s Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker’s Telegram bot, providing them with unauthorized access to the victim’s sensitive information.” ” reads a new report published by security firm Uptycs.

Malware

Malware Antivirus Cryptocurrency Advertising

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs

AUGUST 21, 2022

The scripts will also infect the victim’s computer with the Raccoon Stealer info-stealing trojan which allows operators to steal login credentials, cookies, auto-fill data, and credit cards saved on web browsers, along with cryptocurrency wallets.

DDOS

DDOS Malware Antivirus Firewall

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

If you want to also receive for free the newsletter with the international press subscribe here.

IoT

IoT DNS Antivirus Malware

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Another technique used by cybercriminals to bypass antivirus systems is a targeted attack, in which malicious email are delivered outside regular working hours. More than 80% of all malicious files were disguised as .zip

Ransomware

Ransomware Antivirus Malware Banking

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. About the author: Salvatore Lombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

Glupteba botnet is back after Google disrupted it in December 2021

Security Affairs

DECEMBER 19, 2022

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. .

DNS

DNS Antivirus Cryptocurrency Software

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) and cryptocurrency stealer that was first analyzed by Fortinet in February 2020. ViperSoftX also checks for active antivirus products running on the machine. ” reads the analysis published by Trend Micro. ” concludes the report.

Encryption

Encryption Malware Cryptocurrency Software

Clipper attacks use Trojanized TOR Browser installers

Security Affairs

MARCH 29, 2023

The experts were not able to determine the amount of Monero cryptocurrencies stolen by the threat actors due to the privacy features supported by the cryptocurrency scheme. “A mistake likely made by all victims of this malware was to download and run Tor Browser from a third-party resource. ” concludes the report.

Malware

Malware Passwords Cryptocurrency Antivirus

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

This behavior allows the malicious code to replace cryptocurrency addresses, and steal credentials for online services (amoCRM, Apple ID, Google, Paypal, SIPMarket, and Yandex) and payment card information from the Apple Store. Experts believe that this malware is the result of advanced and sophisticated adversaries.

Malware

Malware Adware Architecture Antivirus

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The malicious code is used by the hackers to deliver a Moner (XMR) crypto miner that is not detected by almost any antivirus solution. ” reads the analysis published by the security firm Anomaly. ” Technical details, including Indicators of Compromise, are reported in the analysis published by Anomali.

Cybercrime

Cybercrime DNS Malware Advertising

Dutch police arrested the author of Dryad and Rubella Macro Builders

Security Affairs

JULY 19, 2019

The macro might also purposely attempt to bypass endpoint security defenses. . The Rubella Macro Builder is cheap, fast and easy to use, the malware it generated can evade antivirus detection. The police also seized around 20,000 Euro (around $22,000) in cryptocurrency such as Bitcoins. .

Malware

Malware Social Engineering Advertising Antivirus

A new SharkBot variant bypassed Google Play checks again

Security Affairs

SEPTEMBER 5, 2022

While previous variants of the dropper relied on Accessibility permissions to automatically install the Sharkbot malware, this new one asks the victim to install the malware as a fake update for the antivirus. The trojan allows to hijack users’ mobile devices and steal funds from online banking and cryptocurrency accounts.

Banking

Banking Malware Mobile Accountability

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

But, with the amount of security and freedom you get with the VPN, it is worth investing your money. Secure Your Router. Your router is needed to be secured in the same way your device requires security. It is essential to install firewall and antivirus software on your routers and keep them up-to-date.

Hacking

Hacking VPN Internet Internet

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

The Retadup bot has been around since at least 2015, it was involved in several malicious campaigns aimed at delivering malware such as information stealers, ransomware and miners. In recent campaigns, the Retadup worm was observed delivering Monero cryptocurrency miners in Latin America.

Malware

Malware Advertising Antivirus Cryptocurrency

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

FBI warns of malicious free online document converters spreading malware

Webinars

Trending Sources

New Triada Trojan comes preinstalled on Android devices

Webinars

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Banshee macOS stealer supports new evasion mechanisms

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Fake AV websites used to distribute info-stealer malware

Crooks made more than $560K with a simple clipboard hijacker

Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation

Threat actors target crypto and NFT communities with Babadeda crypter

Cryptocurrency miners infected more than 50% of the European airport workstations

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

Ryuk ransomware operations already made over $150M

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Norton Crypto, the controversial cryptomining feature of Norton 360

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet

SharkBot, the new generation banking Trojan distributed via Play Store

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Report: how cybercriminals abuse API keys to steal millions

SharkBot, a new Android Trojan targets banks in Europe

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs newsletter Round 261

New Android BlackRock malware targets hundreds of apps

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Grandoreiro banking malware targets Mexico and Spain

Security Affairs newsletter Round 407 by Pierluigi Paganini

New Windows Meduza Stealer targets tens of crypto wallets and password managers

QwixxRAT, a new Windows RAT appears in the threat landscape

Fake DDoS protection pages on compromised WordPress sites lead to malware infections

Security Affairs newsletter Round 364 by Pierluigi Paganini

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Wannacry, the hybrid malware that brought the world to its knees

Glupteba botnet is back after Google disrupted it in December 2021

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Clipper attacks use Trojanized TOR Browser installers

New variant for Mac Malware XCSSET compiled for M1 Chips

Chinese-speaking cybercrime gang Rocke changes tactics

Dutch police arrested the author of Dryad and Rubella Macro Builders

A new SharkBot variant bypassed Google Play checks again

5 Ways to Protect Yourself from IP Address Hacking

French Police remotely disinfected 850,000 PCs from RETADUP bot

Stay Connected