SecureWorld News

APRIL 21, 2022

Treasury Department warning of a North Korean state-sponsored advanced persistent threat (APT) known as the Lazarus Group targeting cryptocurrency and blockchain companies. The threat actors use social engineering to encourage individuals to download trojanized cryptocurrency applications on Windows or macOS operating systems.

Cryptocurrency 98

Cryptocurrency Computers and Electronics Social Engineering System Administration 98

SecureList

MARCH 25, 2025

Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7 The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page. million detections compared to 5.84 million in 2023. on the previous year.

Phishing 82

Phishing Banking Scams Mobile 82

SecureList

JANUARY 13, 2022

Also, we have previously reported on cryptocurrency-focused BlueNoroff attacks. It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Note, this is no proof that the companies listed were compromised.

Cryptocurrency 145

Cryptocurrency Malware Accountability Banking 145

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. 12 blog post , the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance. 9, 2024, U.S.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. Microsoft Corp.

Malware 326

Malware Software Technology Accountability 326

Malwarebytes

JULY 19, 2022

Together with the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), the FBI has released a warning about cybercriminals creating fraudulent cryptocurrency investment apps in order to defraud cryptocurrency investors. Mitigation. Stay safe, everyone!

Cryptocurrency 98

Cryptocurrency Mobile Banking Internet 98

SecureList

APRIL 21, 2025

Lumma has also been observed using exploit kits, social engineering, and compromised websites to extend its reach and evade detection by security solutions. Fake Telegram channels for pirated content and cryptocurrencies. txt file contains aBase64-encoded PowerShell script that then downloads and runs theLumma Stealer.

Malware 87

Malware Cryptocurrency Software Phishing 87

Security Through Education

NOVEMBER 19, 2024

Social engineering scams frequently exploit our desire to help by using themes of sympathy and assistance to manipulate us. The victim is asked to wire money, transfer cryptocurrency, or share sensitive information like credit card details, to “help” them in their current situation.

Social Engineering 52

Social Engineering Engineering Scams Cryptocurrency 52

Security Through Education

NOVEMBER 19, 2024

Social engineering scams frequently exploit our desire to help by using themes of sympathy and assistance to manipulate us. The victim is asked to wire money, transfer cryptocurrency, or share sensitive information like credit card details, to “help” them in their current situation.

Social Engineering 52

Social Engineering Engineering Scams Cryptocurrency 52

SecureWorld News

FEBRUARY 14, 2025

But Machin warns: "Clicking on a seemingly innocent link within an e-card can lead to downloading malware or being redirected to a phishing website designed to capture personal or company details." Use secure payment methods Avoid wire transfers, prepaid gift cards, or cryptocurrency for online purchases for Valentine's Day.

Scams 77

Scams Cybercrime Social Engineering Phishing 77

Hacker Combat

AUGUST 8, 2022

North Korean hackers use phoney Coinbase job offers to target cryptocurrency professionals. The renowned North Korean hacking outfit Lazarus has uncovered a new social engineering scheme in which the hackers pose as Coinbase to lure workers into the fintech sector. Lazarus hackers go after cryptocurrency.

Social Engineering 105

Social Engineering Cryptocurrency Engineering Malware 105

SecureWorld News

DECEMBER 10, 2024

The research , released this morning, reveals how attackers are leveraging advanced social engineering, obfuscation techniques, and device exploitation to steal credentials and compromise financial and corporate applications. Key features include: Credential Theft: Targets banking, cryptocurrency, and financial apps.

Mobile 110

Mobile Social Engineering Banking Phishing 110

Krebs on Security

NOVEMBER 6, 2018

that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. SIM swapping attacks primarily target individuals who are visibly active in the cryptocurrency space.

Mobile 268

Mobile Cryptocurrency Accountability Passwords 268

Krebs on Security

AUGUST 30, 2022

4 it became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. On that last date, Twilio disclosed that on Aug. ” On July 28 and again on Aug. According to an Aug. In an Aug.

Mobile 337

Mobile Phishing Authentication Accountability 337

SecureList

AUGUST 10, 2022

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Malicious DOCX social engineering message. Example of a downloaded image upon macro execution. VileLoader: an evasive multi-stage implant downloader. xml version="1.0"

Cryptocurrency 117

Cryptocurrency Encryption Social Engineering Passwords 117

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. Social engineering scams leverage psychological manipulation to deceive individuals and exploit the victims’ trust.

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

Malwarebytes

SEPTEMBER 11, 2023

The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. Once active, the malware can be used for several malicious activities like remote access, cryptocurrency mining, keylogging, clipboard stealing, and information stealing. exe and a bundled script.

Malware 134

Malware Social Engineering Cryptocurrency Cybercrime 134

Security Affairs

APRIL 4, 2022

During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The company was the victim of a social engineering attack aimed at its employees. Trezor WARNING: Elaborate Phishing attack. Pierluigi Paganini.

Phishing 135

Phishing Data breaches Cryptocurrency Social Engineering 135

SecureWorld News

JULY 11, 2022

Axie Infinity, a video game that utilizes NFTs and Ethereum-based cryptocurrencies, lost $540 million in March of this year after a senior engineer was tricked into opening a PDF of a fake job application, according to a story from The Block. The employee who fell for the social engineering scheme no longer works for Sky Mavis.

Social Engineering 98

Social Engineering Hacking Cryptocurrency Cybercrime 98

Responsible Cyber

JULY 13, 2024

Introduction Cryptocurrency represents a groundbreaking innovation in the financial sector, offering decentralized, peer-to-peer digital transactions through blockchain technology. However, the allure of these digital assets also attracts malicious actors, making cryptocurrency security paramount.

Cryptocurrency 52

Cryptocurrency Cyber Attacks Social Engineering Scams 52

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The malware landing page is disguised as a software download URL that was sent via email or a PDF on Google Drive, or via Google documents containing the phishing links. .

Accountability 144

Accountability Malware Phishing Social Engineering 144

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Cryptocurrency 134

Cryptocurrency Media Social Engineering Phishing 134

SecureList

NOVEMBER 29, 2024

The malware, which received commands via the Dropbox cloud service, was used to download additional payloads. The sub-campaigns imitate legitimate projects, with slight modifications to names and branding, and using multiple social media accounts to enhance their credibility.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

Malwarebytes

DECEMBER 6, 2022

Nicholas Truglia (25) from Florida was sentenced to 18 months on Thursday for his involvement in a digital heist that cost Michael Terpin ( @michaelterpin ), a renowned personality in the cryptocurrency space, $23.8M. According to El Reg , Terpin's cryptocurrency of choice was TRIG, which was worth $7 then.

Cryptocurrency 98

Cryptocurrency Social Engineering Accountability Media 98

Malwarebytes

JANUARY 20, 2023

The unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack." Keep threats off your devices by downloading Malwarebytes today.

Social Engineering 98

Social Engineering Accountability Cryptocurrency Engineering 98

SecureList

JULY 5, 2023

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. This story covers two fundamentally different methods of email attacks on the two most popular ways of storing cryptocurrency: hot and cold wallets.

Scams 130

Scams Phishing Cryptocurrency Social Engineering 130

Approachable Cyber Threats

JULY 7, 2022

It also serves as an easy access point for more advanced hackers and scammers to target specific organizations, or even harvest cryptocurrency. Earlier Raccoon Stealer campaigns allowed criminals to steal $13,200 worth of cryptocurrency and mine another $2,900 worth over a six month period, all for the cost of around $1,250. “So

Social Engineering 97

Social Engineering Cryptocurrency Malware Antivirus 97

Malwarebytes

MARCH 5, 2024

Separately, in September 2023, Malwarebytes discovered a cybercriminal campaign that tricked Mac users into accidentally installing a type of malware that can steal passwords, browser data, cookies, files, and cryptocurrency. But users who clicked the Mac download button instead received AMOS.

Malware 141

Malware Adware Ransomware Social Engineering 141

Security Affairs

AUGUST 31, 2024

Microsoft researchers linked with medium confidence the attacks to Citrine Sleet , a North Korean threat actor targeting the cryptocurrency sector for financial gain. While we cannot confirm at this time how the targets were directed, social engineering is a common tactic used by Citrine Sleet. ” Microsoft said.

Social Engineering 129

Social Engineering Malware Cryptocurrency Engineering 129

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing 133

Phishing Banking Mobile Scams 133

Malwarebytes

MARCH 1, 2024

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. Scammers, impersonating cryptocurrency investors, are active on Telegram channels to get interested people to attend a meeting about a future partnership. Topics are cryptocurrency investment opportunities.

Cryptocurrency 126

Cryptocurrency Malware Authentication Banking 126

Malwarebytes

AUGUST 13, 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Fake Elon Musk cryptocurrency scams. Another social media shenanigan involving cryptocurrency? The FTC estimates at least $2 million has been stolen from cryptocurrency investors. 30 malicious images downloaded roughly 20 million times(!)

Scams 112

Scams Cryptocurrency Social Engineering Media 112

Security Affairs

JANUARY 23, 2022

Never download an app from a QR code, avoid making any payment requested through unsolicited email that uses social engineering techniques to trick recipients into scanning the embedded QR code. If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.

Cryptocurrency 109

Cryptocurrency Social Engineering Malware Scams 109

Webroot

FEBRUARY 13, 2024

Rise in Cryptocurrency Payments : Fraudsters are increasingly asking for payments in cryptocurrency, exploiting its semi-anonymous nature. In 2021, losses to romance scams involving cryptocurrency were reported at $139 million ​​. Expect this to avenue of fraud to consistently escalate as crypto prices and adoption increase.

Scams 121

Scams Cryptocurrency Media Education 121

Security Affairs

MAY 19, 2023

TurkoRat is an information-stealing malware that can obtain a broad range of data from the infected machine, including account login credentials, cryptocurrency wallets, and website cookies. was not accidental, because agent-base is the name of a legitimate npm package with tens of million downloads.

Encryption 98

Encryption Social Engineering Malware Cryptocurrency 98

eSecurity Planet

SEPTEMBER 15, 2022

The Shikitega attack consists of a “multistage infection chain where each module responds to a part of the payload and downloads and executes the next one,” the AT&T researchers wrote. Once the CRONs are set, there’s no need to keep downloaded files, so the malware deletes them to evade detection. Multistage Infection Chain.

Malware 117

Malware Social Engineering System Administration Antivirus 117

Krebs on Security

JULY 22, 2020

Voku’s cooperation with authorities led them to bust up a conspiracy involving at least nine individuals who stole millions of dollars worth of cryptocurrency and other items of value from their targets. CONSPIRACY.

Hacking 333

Hacking Accountability Scams Media 333