Antivirus, Cryptocurrency and Malware - Cyber Security Informer

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Image: FBI. APT41’s activities span from the mid-2000s to the present day.

Antivirus

Antivirus Hacking Software Government

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. The FBI urges reporting to IC3.gov.

Malware

Malware Scams Identity Theft Antivirus

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Security Affairs

MARCH 10, 2025

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. Common malware families include NJRat , XWorm, Phemedrone , and DCRat.

Cryptocurrency

Cryptocurrency Malware Social Engineering Antivirus

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. You are then guided to execute PowerShell code designed to “fix” the supposed problem, unwittingly allowing malware to infiltrate their systems.

Scams

Scams Malware Phishing Social Engineering

US Government Exposes North Korean Malware

Schneier on Security

MAY 14, 2020

US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. It's interesting to see the US government take a more aggressive stance on foreign malware. Me, I like reading the codenames.

Government

Government Malware Antivirus Cryptocurrency

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call.

Malware

Malware Cryptocurrency Software Phishing

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device. Technical Details Background In August 2024, we stumbled upon a massive infection caused by an unknown bundle consisting of miner and stealer malware. SteelFox.gen , Trojan.Win64.SteelFox.*. SteelFox.*.

Software

Software Cryptocurrency Malware DNS

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

That investigation detailed how the 38-year-old Shefel adopted the nickname Rescator while working as vice president of payments at ChronoPay , a Russian financial company that paid spammers to advertise fake antivirus scams, male enhancement drugs and knockoff pharmaceuticals. “I’m also godfather of his second son.”

Retail

Retail Advertising Cryptocurrency Cybercrime

New Triada Trojan comes preinstalled on Android devices

Security Affairs

APRIL 2, 2025

The malware was discovered on counterfeit Android devices mimicking popular smartphone models. “The malware has broad functionality and gives attackers almost unlimited control over the gadget” The malware, embedded in the system framework, provides attackers full control over the device. 231 banking malware.

Malware

Malware Cryptocurrency Mobile Firmware

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware

Malware Advertising Antivirus Cybercrime

Hackers hijack antivirus updates to drop GuptiMiner malware

Bleeping Computer

APRIL 23, 2024

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [.]

Antivirus

Antivirus Malware Cryptocurrency

AMOS and Lumma stealers actively spread to Reddit users

Malwarebytes

MARCH 18, 2025

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. These two malware families have wreaked havoc, pillaging victims’ personal data and enabling their distributors to make substantial gains, mostly by taking over cryptocurrency wallets.

Cryptocurrency

Cryptocurrency Malware Scams Antivirus

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

Security Affairs

APRIL 24, 2024

A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners.

Antivirus

Antivirus Malware DNS Cryptocurrency

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

The Hacker News

APRIL 24, 2024

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.

Antivirus

Antivirus Cryptocurrency Malware Hacking

US charged Dual Russian and Israeli National as LockBit Ransomware developer

Security Affairs

DECEMBER 22, 2024

Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024. ” reads the press release published by DoJ.

Ransomware

Ransomware Small Business Antivirus Malware

Computer Repair Technicians Are Stealing Your Data

Schneier on Security

NOVEMBER 28, 2022

In one, the researcher explained they had installed antivirus software and performed a disk cleanup to “remove multiple viruses on the device.” All were free of malware and other defects and in perfect working condition with one exception: the audio driver was disabled. The laptops were freshly imaged Windows 10 laptops.

Antivirus

Antivirus Cryptocurrency Accountability Malware

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Security Affairs

MARCH 28, 2019

The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. At the time, North Korea-linked Lazarus APT group leveraged for the first time on a MacOS variant of the Fallchill malware.

Cryptocurrency

Cryptocurrency Malware Advertising Antivirus

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

The Hacker News

NOVEMBER 26, 2021

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "[T]his

Malware

Malware Antivirus Cryptocurrency Ransomware

Fake AV websites used to distribute info-stealer malware

Security Affairs

MAY 25, 2024

Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. The fake websites were masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes. exe.zip), malwarebytes.pro (MBSetup.rar). bitdefender-app[.]com

Malware

Malware Antivirus Cryptocurrency Hacking

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

SecureList

MARCH 5, 2025

They started distributing malware under the guise of restriction bypass programs and injecting malicious code into existing programs. Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency.

Malware

Malware Cryptocurrency Antivirus Technology

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. Background of Latin American Trojans.

Antivirus

Antivirus Malware Banking Internet

Operation SyncHole: Lazarus APT goes back to the well

SecureList

APRIL 23, 2025

We found that the malware was running in the memory of a legitimate SyncHost. Although the exact method by which Cross EX was exploited to deliver malware remains unclear, we believe that the attackers escalated their privileges during the exploitation process as we confirmed the process was executed with high integrity level in most cases.

Malware

Malware Software Encryption Internet

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. WeSteal is a Python-based malware that uses regular expressions to search for strings related to wallet addresses that victims have copied to their clipboard. There is the name of the malware itself.

Cryptocurrency

Cryptocurrency Malware Advertising System Administration

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Researchers from Avast have spotted a strain of cryptocurrency miner, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. ” continues the report.

Antivirus

Antivirus Cryptocurrency Malware Software

Lumma Stealer – Tracking distribution channels

SecureList

APRIL 21, 2025

Introduction The evolution of Malware-as-a-Service (MaaS) has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Fake Telegram channels for pirated content and cryptocurrencies. Extracts the malware.

Malware

Malware Cryptocurrency Software Phishing

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

The Hacker News

APRIL 16, 2025

Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.

Antivirus

Antivirus Manufacturing Cryptocurrency Malware

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

SecureList

APRIL 8, 2025

Recently, we noticed a rather unique scheme for distributing malware that exploits SourceForge, a popular website providing software hosting, comparison, and distribution services. If not, the script checks for processes associated with antivirus software, security solutions, virtual environments, and research tools.

Passwords

Passwords Cryptocurrency Software Antivirus

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Security Affairs

FEBRUARY 22, 2021

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide.

Malware

Malware Antivirus Phishing Cryptocurrency

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools

eSecurity Planet

MARCH 10, 2025

A new wave of cyberattacks is sweeping through Russia as cybercriminals deploy the so-called SilentCryptoMiner a cryptocurrency miner masquerading as a legitimate internet bypass tool. Disguised as a legitimate bypass tool The malware campaign exploits users need to overcome online restrictions.

VPN

VPN Antivirus Cryptocurrency Malware

Crooks made more than $560K with a simple clipboard hijacker

Security Affairs

APRIL 19, 2021

Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K. The antivirus company Avast analyzed the case of a simple malware dubbed HackBoss and how it allowed its operators to earn more $560K worth of cryptocurrency since November 2018.

Cryptocurrency

Cryptocurrency Hacking Malware Banking

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious.

Hacking

Hacking Cybercrime DNS Internet

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

Experts warn of the KryptoCibule Windows malware that has been active since late 2018 and has targeted users in the Czech Republic and Slovakia. Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. ” reads the report. ” concludes ESET.

Cryptocurrency

Cryptocurrency Antivirus Malware Advertising

New Android BlackRock malware targets hundreds of apps

Security Affairs

JULY 16, 2020

Researchers spotted a new Android banking trojan dubbed BlackRock malware that steals credentials and credit card data from hundreds of apps. The BlackRock malware borrows the code from the Xerxes banking malware, which is a strain of the popular LokiBot Android trojan. Coinbase, BitPay, and Coinbase), and banks (i.e.

Malware

Malware Banking Mobile Advertising

Convicted: He Helped Cybercriminals Evade Antivirus

SecureWorld News

JUNE 16, 2021

DOJ prosecutors say Oleg Koshkin, a 41-year-old Russian national, operated a crypting service used to conceal Kelihos malware from antivirus software. In other words, it could fool antivirus into believing there was no threat and no security reason to deny the malware access to a particular system.

Antivirus

Antivirus Malware Software Ransomware

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Morphisec researchers spread cryptocurrency malware dubbed Babadeda in attacks aimed at crypto and NFT communities. Morphisec researchers spotted a new crypto-malware strain, tracked as Babadeda, targeting cryptocurrency, non-fungible token (NFT), and DeFi passionates through Discord channels.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Security Affairs

APRIL 27, 2021

Microsoft announced an improvement of its Defender antivirus that will leverage Intel’s Threat Detection Technology (TDT) to detect processes associated with crypto-miners. Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices.

Technology

Technology Malware Threat Detection Antivirus

Mobile malware evolution 2020

SecureList

MARCH 1, 2021

The mobile malware Trojan-Ransom.AndroidOS.Agent.aq Last year was notable for both malware and adware, the two very close in terms of capabilities. Interestingly enough, the share of adware attacks increased in relation to mobile malware in general. They typically work with malware developers to achieve this.

Mobile

Mobile Malware Adware Banking

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

Security Affairs

MARCH 14, 2025

Panev and other developers were tasked to create and maintain the malware and infrastructure, while affiliates executed attacks and extorted ransoms, splitting the proceeds. Panev received over $230,000 in laundered cryptocurrency from Khoroshev between 2022 and 2024. reads the press release published by DoJ.

Ransomware

Ransomware Cryptocurrency Small Business Malware

Windows Malware that Mines for Crypto ‘Crackonosh’ Used by Hackers to Infect Gamers’ PCs

Heimadal Security

JUNE 28, 2021

Security specialists have recently discovered that Crackonosh, a new strain of cryptocurrency-mining malware dispensed through pirated and cracked versions of popular online games is destroying antivirus solutions and secretively mining cryptocurrency in multiple countries.

Malware

Malware Cryptocurrency Antivirus Software

8 Tips to protect your devices from malware attacks

Webroot

OCTOBER 4, 2024

The most common form of cyberattack is malware , a type of software that’s used to break into your computer system. Last year alone, there were more than 6 billion malware attacks detected worldwide. Some of the many forms of malware include: Ransomware : Prevents you from accessing your files, devices or network unless you pay money.

Malware

Malware Backups Adware Ransomware

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

Backdoors and Miners Amid eScan Antivirus Backdoor Exploit

Security Boulevard

MAY 10, 2024

Recently, a wave of malware attacks has surfaced, exploiting vulnerabilities in the update mechanism of the eScan antivirus software. This eScan antivirus backdoor exploit distributes backdoors and cryptocurrency miners, such as XMRig, posing a significant threat to large corporate networks.

Antivirus

Antivirus Cryptocurrency Software Malware

New variant for Mac Malware XCSSET compiled for M1 Chips

Security Affairs

MARCH 13, 2021

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. The malware also allows attackers to capture screenshots and exfiltrate stolen documents to the attackers’ server. Recently experts spotted other malware specifically designed to infect Mac running on M1 chips.

Malware

Malware Adware Architecture Antivirus

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

FBI warns of malicious free online document converters spreading malware

Webinars

Trending Sources

Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Webinars

Deceptive Google Meet Invites Lures Users Into Malware Scams

US Government Exposes North Korean Malware

Calendar Meeting Links Used to Spread Mac Malware

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

An Interview With the Target & Home Depot Hacker

New Triada Trojan comes preinstalled on Android devices

Banshee macOS stealer supports new evasion mechanisms

Hackers hijack antivirus updates to drop GuptiMiner malware

AMOS and Lumma stealers actively spread to Reddit users

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

US charged Dual Russian and Israeli National as LockBit Ransomware developer

Computer Repair Technicians Are Stealing Your Data

Lazarus APT continues to target cryptocurrency businesses with Mac malware

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

Fake AV websites used to distribute info-stealer malware

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Operation SyncHole: Lazarus APT goes back to the well

WeSteal, a shameless commodity cryptocurrency stealer available for sale

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Lumma Stealer – Tracking distribution channels

Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Researchers uncovered a new Malware Builder dubbed APOMacroSploit

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools

Crooks made more than $560K with a simple clipboard hijacker

Happy 13th Birthday, KrebsOnSecurity!

No, I Did Not Hack Your MS Exchange Server

New KryptoCibule Windows Trojan spreads via malicious torrents

New Android BlackRock malware targets hundreds of apps

Convicted: He Helped Cybercriminals Evade Antivirus

Threat actors target crypto and NFT communities with Babadeda crypter

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Mobile malware evolution 2020

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

Windows Malware that Mines for Crypto ‘Crackonosh’ Used by Hackers to Infect Gamers’ PCs

8 Tips to protect your devices from malware attacks

Grandoreiro banking malware targets Mexico and Spain

Backdoors and Miners Amid eScan Antivirus Backdoor Exploit

New variant for Mac Malware XCSSET compiled for M1 Chips

Stay Connected