Security Affairs

MARCH 29, 2025

“The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware. “Already observed targeting banks in Spain and Turkey and popular cryptocurrency wallets, Crocodilus is clearly engineered to go after high-value assets.”

Banking 68

Banking Mobile Identity Theft Malware 68

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. 9, 2024, U.S.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. 14, 2021, by executing an unauthorized SIM-swap that involved an employee at his mobile phone provider who switched Dellone’s phone number over to a new device the attackers controlled.

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

Security Affairs

JANUARY 25, 2021

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web.

Cryptocurrency 144

Cryptocurrency Hacking InfoSec Data breaches 144

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Samy Tarazi is a sergeant with the Santa Clara County Sheriff’s office and a REACT supervisor.

Mobile 267

Mobile Cryptocurrency Accountability Passwords 267

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” T-Mobile has not yet responded to requests for comment. .

Mobile 235

Mobile Cyber Risk Data breaches Cryptocurrency 235

Security Affairs

JULY 4, 2022

The hacker is offering the database on a popular cybercrime forum for 10 bitcoins. The Chief Executive Officer of cryptocurrency exchange Binance , Zhao Changpeng, on July 3rd, announced that the threat intelligence team of his company has detected 1 billion resident records available for sale in a cybercrime forum.

Cybercrime 145

Cybercrime Data breaches Internet Internet 145

Threatpost

SEPTEMBER 9, 2021

John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.

Cryptocurrency 111

Cryptocurrency Cybercrime InfoSec Mobile 111

Security Affairs

SEPTEMBER 12, 2024

The Singapore Police Force (SPF) has arrested six individuals for their role in the operations of a cybercrime ring in the country. The six men are believed to be linked to a global cybercrime syndicate. Police seized a laptop, nine mobile phones, and S$465,000 in cash. We will deal severely with perpetrators.”

Cybercrime 122

Cybercrime Computers and Electronics Mobile Cryptocurrency 122

Krebs on Security

SEPTEMBER 26, 2024

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. A screenshot of a website reviewing PM2BTC.

Cryptocurrency 295

Cryptocurrency Cybercrime Retail Government 295

Krebs on Security

SEPTEMBER 13, 2024

The security firm CrowdStrike dubbed the group “ Scattered Spider ,” a recognition that the MGM hackers came from different hacker cliques scattered across an ocean of Telegram and Discord servers dedicated to financially-oriented cybercrime.

Cybercrime 322

Cybercrime Accountability Mobile Hacking 322

Security Affairs

OCTOBER 30, 2023

A man from Orlando was sentenced to prison for SIM Swapping conspiracy that led to the theft of approximately $1M in cryptocurrency. The man was sentenced for his role in a hacking scheme that led to the theft of approximately $1M worth of cryptocurrency from dozens of victims. ” reads the press release published by DoJ.

Cryptocurrency 136

Cryptocurrency Accountability Hacking Cybercrime 136

Krebs on Security

DECEMBER 29, 2022

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere. Super Bowl Sunday watchers are treated to no fewer than a half-dozen commercials for cryptocurrency investing. I will also continue to post on LinkedIn about new stories in 2023. agencies]. .”

Cryptocurrency 292

Cryptocurrency Cybercrime Computers and Electronics Scams 292

Krebs on Security

SEPTEMBER 30, 2024

A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, the government alleges. cryptocurrency holdings online. attorney general.

Cryptocurrency 313

Cryptocurrency Government Internet Internet 313

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. A DIRECT QUOT The domain quot[.]pw

Scams 303

Scams DDOS Cryptocurrency Accountability 303

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 Mobile malware Nearly 248,000 users encountered mobile banking malware in 2024 almost 3.6 of all mobile banker attacks.

Phishing 74

Phishing Banking Scams Mobile 74

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). ” Mr.

DNS 310

DNS Cybercrime Passwords Accountability 310

Krebs on Security

SEPTEMBER 22, 2022

A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The youth is now reportedly cooperating with U.S. The youth is now reportedly cooperating with U.S. 15 in the backseat of a moving car. I got you, for real.

Mobile 58

Mobile Cryptocurrency Scams Cybercrime 58

Security Affairs

FEBRUARY 1, 2024

Daniel James Junk (22) of Portland was sentenced to 72 months in federal prison for his role in a scheme that resulted in the theft of millions of dollars of cryptocurrency using a SIM swapping. Once hijacked a SIM, the attacker can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Cryptocurrency 137

Cryptocurrency Computers and Electronics Accountability Scams 137

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. The malicious code combines features from different families of malware such as ransomware, cryptocurrency miners, botnets, and worms. Pierluigi Paganini.

Cryptocurrency 111

Cryptocurrency Malware Ransomware Cybercrime 111

Security Affairs

NOVEMBER 15, 2019

On Thursday, US authorities arrested two crooks charging them with stealing $550,000 in cryptocurrency from at least 10 victims using SIM swapping. American law enforcement has declared war to sim swapping scammers and announced the arrest of two individuals for stealing $550,000 in Cryptocurrency. In May, the U.S. Pierluigi Paganini.

Cryptocurrency 106

Cryptocurrency Identity Theft Accountability Media 106

Security Affairs

MARCH 10, 2025

“Working with dozens of victims, security researchers Nick Bax and Taylor Monahan found that none of the six-figure cyberheist victims appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto theft, such as the compromise of ones email and/or mobile phone accounts, or SIM-swapping attacks.”

Password Management 85

Password Management Cryptocurrency Passwords Data breaches 85

Security Affairs

MARCH 28, 2019

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported.

Banking 111

Banking Cryptocurrency Mobile Advertising 111

SecureList

NOVEMBER 23, 2021

The COVID-19 pandemic is likely to cause a massive wave of poverty, and that invariably translates into more people resorting to crime, including cybercrime. We should expect more fraud, targeting mostly BTC , because this cryptocurrency is the most popular. Cracking down hard on the cybercrime world.

Cryptocurrency 141

Cryptocurrency Banking Ransomware Cybercrime 141

SecureList

OCTOBER 20, 2021

Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that have happened in the past five years. Conclusion: cybersecurity and cybercrime have matured.

Cybercrime 145

Cybercrime Banking Malware Ransomware 145

Krebs on Security

JULY 21, 2022

“It’s run by a fraud ring of cryptocurrency scammers who mine dating apps and other social media for victims and the scam is becoming alarmingly popular.” Many of these platforms include extensive study materials and tutorials on cryptocurrency investing. com, a scam cryptocurrency platform tied to a pig butchering scheme.

Scams 332

Scams Cryptocurrency Marketing Internet 332

Krebs on Security

MARCH 14, 2023

Ceraolo is a self-described security researcher who has been credited in many news stories over the years with discovering security vulnerabilities at AT&T , T-Mobile , Comcast and Cox Communications. .” Image: USDOJ.

Hacking 302

Hacking Government Media Accountability 302

Security Affairs

MARCH 16, 2025

CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies Elon Musk blames a massive cyberattack for the X outages Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577 RansomHouse gang claims the hack of (..)

Spyware 73

Spyware Cybercrime Ransomware IoT 73

Security Affairs

MARCH 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer PlaybookThen a Second Hacker Strikes ClearFakes (..)

Malware 64

Malware Threat Detection Cryptocurrency Ransomware 64

Bleeping Computer

FEBRUARY 1, 2023

A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from banking, cryptocurrency exchange, and e-commerce apps [.]

Cybercrime 79

Cybercrime Phishing Marketing Cryptocurrency 79

SecureList

FEBRUARY 5, 2025

The malware, which we dubbed “SparkCat”, used an unidentified protocol implemented in Rust, a language untypical of mobile apps, to communicate with the C2. That being said, we have insufficient data to attribute the campaign to a known cybercrime gang. Some of the apps apparently operate in several countries.

Malware 141

Malware Encryption Mobile Cryptocurrency 141

Security Affairs

MARCH 13, 2020

European authorities dismantled two cybercrime organizations responsible for stealing millions through SIM hijacking. European authorities managed to dismantle the operations of two cybercrime gangs responsible for stealing millions through SIM hijacking. SecurityAffairs – SIM Hijacking, cybercrime). ”continues Europol.

Banking 144

Banking Cybercrime Mobile Accountability 144

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022. of attacks.

Phishing 134

Phishing Banking Mobile Scams 134

Security Affairs

MAY 11, 2019

DoJ announced charges against nine individuals, 6 members of a hacking group known as ‘The Community’ and 3 former employees of mobile phone providers. million worth of the cryptocurrency through SIM Swapping attacks. The latter group helped the hackers to steal roughly $2.5 ” continues the DoJ.

Identity Theft 108

Identity Theft Mobile Cryptocurrency Advertising 108

Krebs on Security

JULY 8, 2019

“In one year, people who worked with us have earned over US $2 billion,” read the farewell post by the eponymous GandCrab identity on the cybercrime forum Exploit[.]in That email address and nickname had been used since 2009 to register multiple identities on more than a half dozen cybercrime forums. Vpn-service[.]us

Ransomware 277

Ransomware Accountability Cybercrime Passwords 277

Krebs on Security

AUGUST 19, 2020

Time is of the essence in these attacks because many companies that rely on VPNs for remote employee access also require employees to supply some type of multi-factor authentication in addition to a username and password — such as a one-time numeric code generated by a mobile app or text message. Image: urlscan.io.

Phishing 363

Phishing VPN Social Engineering Media 363