Krebs on Security

FEBRUARY 28, 2024

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. capital).

Malware 326

Malware Cryptocurrency Software Phishing 326

Krebs on Security

MARCH 26, 2024

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. Parth Patel is an entrepreneur who is trying to build a startup in the cryptocurrency space. Some of the many notifications Patel says he received from Apple all at once.

Passwords 357

Passwords Accountability Engineering Phishing 357

Krebs on Security

JANUARY 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies. federal court.”

Cryptocurrency 335

Cryptocurrency Government Cybercrime Accountability 335

Krebs on Security

FEBRUARY 1, 2024

government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022.

Cryptocurrency 298

Cryptocurrency Ransomware Retail Government 298

Krebs on Security

MARCH 17, 2019

Illegal SIM swaps allow fraudsters to hijack a target’s phone’s number and use it to steal financial data, passwords, cryptocurrencies and other items of value from victims. “But from that site’s side, when they see a password reset come in via that phone number, they have no way to know if that’s me. .

Accountability 278

Accountability Passwords Mobile Banking 278

Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. A WORRIED MOM.

Mobile 246

Mobile Cryptocurrency Computers and Electronics Scams 246

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. 9, 2024, U.S. According to an Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” T-Mobile has not yet responded to requests for comment. Why do I suggest this?

Mobile 238

Mobile Cyber Risk Data breaches Cryptocurrency 238

Krebs on Security

SEPTEMBER 17, 2020

Charging documents say the seven men are part of a hacking group known variously as “ APT41 ,” “ Barium ,” “ Winnti ,” “ Wicked Panda ,” and “ Wicked Spider.” One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. Image: FBI.

Antivirus 363

Antivirus Hacking Software Government 363

Krebs on Security

MARCH 9, 2023

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. Constella also shows the email address zankomario@gmail.com used the password “dugidox2407.” ” Mr.

DNS 307

DNS Cybercrime Passwords Accountability 307

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 269

Mobile Cryptocurrency Accountability Passwords 269

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. stolen with the help of Raccoon.

Malware 337

Malware Identity Theft Cybercrime Accountability 337

Krebs on Security

APRIL 20, 2023

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of the malware compromise — a password stealing program dubbed ICONICSTEALER. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC.

Malware 326

Malware Software Technology Accountability 326

SecureList

AUGUST 10, 2022

In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns ( PowerPepper was later documented in 2020). We discovered it in Q2 2020 as part of an update of the Evilnum modus operandi, and attributed it to DeathStalker.

Cryptocurrency 117

Cryptocurrency Encryption Social Engineering Passwords 117

Security Boulevard

FEBRUARY 5, 2025

By Kelly Kaoudis and Evan Sultanik This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes.

Cryptocurrency 59

Cryptocurrency Accountability Passwords Risk 59

Krebs on Security

AUGUST 29, 2023

Working with law enforcement partners in France, Germany, Latvia, the Netherlands, Romania and the United Kingdom, the DOJ said it was able to seize more than 50 Internet servers tied to the malware network, and nearly $9 million in ill-gotten cryptocurrency from QakBot’s cybercriminal overlords.

Hacking 307

Hacking Malware Ransomware Government 307

Security Affairs

JANUARY 31, 2024

Direct Trading Technologies (DTT) is an international fintech company offering trading platforms for stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies. Source: Cybernews Users holding the company’s email addresses, potentially the employees, had their passwords exposed in plaintext.

Technology 138

Technology Identity Theft Backups Passwords 138

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “These guys were not leet , just damn persistent.” ” HOW DID WE GET HERE?

Social Engineering 288

Social Engineering Phishing Engineering Accountability 288

Security Affairs

JANUARY 14, 2022

The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The North Korea-linked APT group BlueNoroff has been spotted targeting cryptocurrency startups with fake MetaMask browser extensions. The researchers are not aware of the compromise of these companies.

Cryptocurrency 119

Cryptocurrency Banking Malware Hacking 119

SecureList

DECEMBER 27, 2022

We have published technical details of how this notorious group steals cryptocurrency before. The group usually takes advantage of Word documents and uses shortcut files for the initial intrusion. Based on our telemetry, we observed that one victim in the UAE was attacked using a malicious Word document. Remote URL: [link].

Malware 145

Malware Banking Passwords Antivirus 145

Security Affairs

MARCH 11, 2019

Experts observed the STOP ransomware installing the Azorult password-stealing Trojan to steal account credentials, cryptocurrency wallets, and more. The STOP ransomware made the headlines because it is installing password-stealing Trojans on the victims’ machines. ” reads a blog post published by Bleepingcomputer.

Encryption 109

Encryption Ransomware Cryptocurrency Passwords 109

SecureList

FEBRUARY 21, 2025

Bait document from spear-phishing email inviting the victim to join a videoconference The content of this document is almost identical to the body of the phishing email. Last year, we documented Angry Likho attacks that used image files containing malicious code. averageorganicfallfaw[.]shop shop distincttangyflippan[.]shop

Phishing 90

Phishing Encryption Banking Malware 90

Security Affairs

DECEMBER 15, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users. GokuMarket, a cryptocurrency exchange, was recently acquired by Canada-based crypto exchange ByteX.

Passwords 130

Passwords Cryptocurrency Scams Mobile 130

Security Affairs

MARCH 15, 2024

“Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer. ” reads the press release published by DoJ.

Cybercrime 130

Cybercrime Cryptocurrency Advertising Passwords 130

Malwarebytes

JUNE 3, 2022

By focusing on this context, we hope that you’ll come away with a stronger understanding about, for instance, why you should use a password manager rather than that you should use a password manager. By selling fake raffle tickets for the promotion, the scammers raked in $438,000 worth of cryptocurrency.

Internet 133

Internet Internet Scams Passwords 133

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 Victims are directed to a counterfeit page resembling platforms like eBay, where entering data (for example, credentials, payment data or documents) hands them over to scammers. million detections compared to 5.84 million in 2023.

Phishing 82

Phishing Banking Scams Mobile 82

Krebs on Security

DECEMBER 5, 2022

Glupteba is a rootkit that steals passwords and other access credentials, disables security software, and tries to compromise other devices on the victim network — such as Internet routers and media storage servers — for use in relaying spam or other malicious traffic. attorney to pay Google’s legal fees.

Cybercrime 295

Cybercrime Malware Internet Internet 295

Security Affairs

JANUARY 28, 2021

Once the victim entered its password, LogoKit performs an AJAX request, sending the recipient’s credentials to an external source, and, finally, redirecting it to their corporate web site. Threat actors targeted multiple services including MS SharePoint, Adobe Document Cloud, OneDrive, Office 365, and Cryptocurrency exchanges.

Phishing 144

Phishing Cryptocurrency Passwords Hacking 144

Krebs on Security

MAY 13, 2024

A search at the breach-tracking service Constella Intelligence on the phone number in Tkaner’s registration records — 7.9521020220 — brings up multiple official Russian government documents listing the number’s owner as Dmitri Yurievich Khoroshev. used the password 225948. and admin@stairwell.ru

Ransomware 299

Ransomware Cybercrime Accountability Malware 299

Security Affairs

MAY 13, 2024

Subject lines included “your document” and “photo of you???”. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes. ” states the report published by the NJCCIC. 177 and 185[.]215[.]113[.]66.

Phishing 130

Phishing Ransomware Security Awareness Authentication 130

SecureList

DECEMBER 13, 2023

The initial version, written in Go, had typical stealer features, such as stealing passwords, files, browser data and so on. It also created fake password prompts in an attempt to obtain the system password. At that time it was leased to cybercriminals via Telegram for 1000$ per month. AMOS is now written in C instead of Go.

Ransomware 138

Ransomware Malware Passwords Encryption 138

Security Affairs

FEBRUARY 10, 2022

Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts. The crooks were able to falsify official documents of the victims and use them to trick telephone store employees into providing them a duplicate of SIM cards.

Banking 123

Banking Accountability Mobile Cryptocurrency 123

SecureList

FEBRUARY 5, 2025

It must be noted that the malware is flexible enough to steal not just these phrases but also other sensitive data from the gallery, such as messages or passwords that might have been captured in screenshots. You can store passwords, confidential documents and other sensitive information in special apps. com api.aliyung[.]com

Malware 144

Malware Encryption Mobile Cryptocurrency 144

Security Affairs

APRIL 20, 2025

infrastructure International Press Newsletter Cybercrime Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks Threat actors misuse Node.js infrastructure International Press Newsletter Cybercrime Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks Threat actors misuse Node.js

Data breaches 60

Data breaches Malware Phishing Hacking 60

Security Affairs

NOVEMBER 26, 2023

million patients in the U.S.

Data breaches 127

Data breaches Surveillance Ransomware Cryptocurrency 127

Security Affairs

MAY 9, 2022

Upon opening the Office documents and activating the embedded macro, the infection process starts. “The government’s team for responding to computer emergencies in Ukraine CERT-UA revealed the fact of mass distribution of e-mails on the topic of “chemical attack” and a link to an XLS-document with a macro.”

Password Management 98

Password Management VPN Cryptocurrency Government 98

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The malware landing page is disguised as a software download URL that was sent via email or a PDF on Google Drive, or via Google documents containing the phishing links.

Accountability 144

Accountability Malware Phishing Social Engineering 144