Cryptocurrency, Data collection and Passwords

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

SecureList

OCTOBER 29, 2024

The purpose here is likely to generate further revenue for its operators by boosting views of these websites, similar to adware: Payload: Amadey Trojan We recently discovered that the same campaign is now spreading the Amadey Trojan as well.

Adware

Adware Malware Cryptocurrency Password Management

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

You just knew 2022 was going to be The Year of Crypto Grift when two of the world’s most popular antivirus makers — Norton and Avira — kicked things off by installing cryptocurrency mining programs on customer computers. A single bitcoin is trading at around $45,000.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. The Raccoon v.

Malware

Malware Identity Theft Cybercrime Accountability

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Outlaw cybergang attacking targets worldwide

SecureList

APRIL 29, 2025

Such accounts are often configured to have the same username as the password, which is a bad practice, making it easy for the attackers to exploit them. PasswordAuthentication no : disables password-based login. PermitEmptyPasswords no : prevents login with empty passwords. We were able to easily unpack the binary for analysis.

Passwords

Passwords Authentication System Administration Cryptocurrency

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). Under Christmas tree you can find great gifts such as significant improvements of user interface (panel), modal windows on loading and expansion of data collection objects.

Password Management

Password Management Cryptocurrency Passwords Authentication

Privacy Roundup: Week 12 of Year 2025

Security Boulevard

MARCH 24, 2025

Android Apps Use Bluetooth and WiFi Scanning to Track Users Without GPS Cyber Insider Researchers found that 86% of apps they analyzed collect sensitive data, including location data stemming from scanning Wi-Fi network details, and collecting device identifiers.

Surveillance

Surveillance Telecommunications Malware Data breaches

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

In the first half of 2018, researchers at Kaspersky Lab said that the most popular attack vector against IoT devices remains cracking Telnet passwords (75,40%), followed by cracking SSH passwords (11,59%). Top 10 countries from which Kaspersky traps were hit by Telnet password attacks is led by Brazil, China, and Japan.

IoT

IoT Passwords Malware Advertising

IT threat evolution Q3 2024

SecureList

NOVEMBER 29, 2024

CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. These documents are in fact password-protected ZIP or other archives. CloudSorcerer also employs GitHub as its initial C2 server.

Energy and Utilities

Energy and Utilities Ransomware Malware Government

Erbium stealer on the hunt for data

Malwarebytes

SEPTEMBER 29, 2022

A slick tool with its own fully functional dashboard, its sights are set on targets not entirely dissimilar to other data stealers. System data collection, drive enumeration, and loading processes and DLLs into memory are all tell-tale signs that bad things are afoot on the target computer.

Cryptocurrency

Cryptocurrency Malware Password Management Data collection

Good game, well played: an overview of gaming-related cyberthreats in 2022

SecureList

SEPTEMBER 6, 2022

When downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device; and in an attempt to download a desired game for free, find a cool mod or cheat, gamers can actually lose their accounts or even money.

Mobile

Mobile Passwords Software Accountability

Drawing the RedLine – Insider Threats in Cybersecurity

Security Boulevard

MARCH 31, 2022

RedLine Password Theft Malware. The RedLine password theft malware is a hot topic this month with Microsoft’s employee compromise. Passwords: An Easy Target. Let’s not mince words: passwords are difficult for most organizations to manage. Let’s not mince words: passwords are difficult for most organizations to manage.

Cybersecurity

Cybersecurity Social Engineering Passwords Malware

Security Affairs newsletter Round 304

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived.

Data breaches

Data breaches Data collection Ransomware Hacking

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

CERT-GIB’s report is based on data collected and analyzed by the Threat Detection System (TDS) Polygon as part of operations to prevent and detect threats distributed online in H1 2019 in more than 60 countries. In 2017, password-protected archives accounted for only 0.08% of all malicious objects. rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

Crypto-inspired Magecart skimmer surfaces via digital crime haven

Malwarebytes

JANUARY 9, 2023

From ransomware to password stealers, there are a number of toolkits available for purchase on various underground markets that allow just about anyone to get a jumpstart. We should note that the sites we found injected with this skimmer had nothing to do with cryptocurrencies themselves. mx, a service to mix cryptocurrencies.

DDOS

DDOS Scams Cryptocurrency Phishing

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

Introduction It’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. During that time, it had effectively evaded analysis and had previously been misclassified as a cryptocurrency miner.

Malware

Malware DNS Encryption Ransomware

What To Know About Privacy Data

Identity IQ

JANUARY 17, 2023

For example, some countries may use a singular set of data protection regulations, whereas the United States decided to divide the data protection law into multiple categories. Let’s take a closer look at the specific data privacy laws that have been implemented in the U.S.:

Data privacy

Data privacy Identity Theft Accountability Banking

Mystic Stealer

Security Boulevard

JUNE 15, 2023

Stealers" are a kind of malware designed to run on an endpoint post-compromise, while their primary features center on the theft of user data. Key Mystic Stealer functions include its ability to extract data from web browsers and cryptocurrency wallets. All data is encrypted with RC4. But it doesn't stop there.

Cryptocurrency

Cryptocurrency Password Management Malware DNS

The Future of Identity Verification: From Blockchain to Biometrics

Identity IQ

JUNE 17, 2024

Some may require biometric data (such as your face or fingerprint) to access, while others may only require a password. Lack of user control over data. Individual users have little control over the data collection practices of organizations and are at the mercy of the identity verification requirements those organizations enact.

Identity Theft

Identity Theft Authentication Data breaches Technology

Financial cyberthreats in 2022

SecureList

MARCH 29, 2023

Meanwhile, cryptocurrency became a prominent target for those seeking monetary gain. The amount of cryptocurrency-related phishing grew significantly in 2022, and with an endless array of new coins, NFT and other DeFi projects, scammers are continuously duping users. All data collected from Kaspersky Security Network was anonymized.

Banking

Banking Phishing Cryptocurrency Mobile

Raccoon Stealer returns with a new bag of tricks

Malwarebytes

JUNE 30, 2022

So much data, so little time. The popular tool, used for data theft, is ubiquitous where stealing credentials is concerned. Cryptocurrency wallets, cookies, passwords, browser autofill data, and credit card data: pretty much anything is up for grabs. Raccoon Stealer 2.0 Smash and grab.

Cryptocurrency

Cryptocurrency Malware Data collection Passwords

Consumer and privacy predictions for 2025

SecureList

NOVEMBER 27, 2024

Similarly, Kaspersky GReAT discovered a scheme devised by the Lazarus group, which developed a malicious decoy game disguised as a legitimate P2E platform containing sophisticated malware designed to steal cryptocurrency and sensitive user data.

Artificial Intelligence

Artificial Intelligence Scams Phishing Media

Spam and phishing in 2022

SecureList

FEBRUARY 16, 2023

These sites referenced public figures and humanitarian groups, offering to accept cash in cryptocurrency, something that should have raised a red flag in itself. By getting the user’s secret phrase, cybercriminals could get access to their cryptocurrency balance.

Phishing

Phishing Scams Accountability Energy and Utilities

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 2, 2025

from Bybit, it is the largest cryptocurrency heist ever International Press Newsletter Cybercrime Mining Company NioCorp Loses $500,000 in BEC Hack Inside Black Bastas Exposed Internal Chat Logs: A Firsthand Look The Bleeding Edge of Phishing: darcula-suite 3.0

Cybercrime

Cybercrime Hacking Ransomware Cryptocurrency

Cyber Security Informer

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Happy 13th Birthday, KrebsOnSecurity!

Webinars

Trending Sources

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Webinars

Outlaw cybergang attacking targets worldwide

New Version of Meduza Stealer Released in Dark Web

Privacy Roundup: Week 12 of Year 2025

Evolution of threat landscape for IoT devices – H1 2018

IT threat evolution Q3 2024

Erbium stealer on the hunt for data

Good game, well played: an overview of gaming-related cyberthreats in 2022

Drawing the RedLine – Insider Threats in Cybersecurity

Security Affairs newsletter Round 304

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Crypto-inspired Magecart skimmer surfaces via digital crime haven

StripedFly: Perennially flying under the radar

What To Know About Privacy Data

Mystic Stealer

The Future of Identity Verification: From Blockchain to Biometrics

Financial cyberthreats in 2022

Raccoon Stealer returns with a new bag of tricks

Consumer and privacy predictions for 2025

Spam and phishing in 2022

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected