BHUNT password stealer targets crypto wallets through cracked software

By Deeba Ahmed BHUNT is being regarded as an evasive crypto wallet stealer, just like previously identified Redline Stealer and CryptBot.… This is a post from HackRead.com Read the original post: BHUNT password stealer targets crypto wallets through cracked software...

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet Exodus,...

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean...

Anubis malware resurfaces targeting crypto wallets and banking apps

By Waqas So far, 394 malicious apps have been identified that are spreading Anubis malware to steal financial and personal data from Android users. This is a post from HackRead.com Read the original post: Anubis malware resurfaces targeting crypto wallets and banking apps...

400 Banks’ Customers Targeted with Anubis Trojan

Customers of Chase, Wells Fargo, Bank of America and Capital One, along with nearly 400 other financial institutions, are being targeted by a malicious app disguised to look like the official account management platform for French telecom company Orange S.A. Researchers say this is just the...

The vulnerability of MasterCard, Visa, and American Express payment services lies in the insufficient authorization of ARQC cryptographic algorithms generated by Apple Pay, Samsung Pay, and GPay mobile wallets. This allows attackers to use AAC cryptographic algorithms on payment services, thereby enabling them to intercept transactions when the wallet or payment terminal decides to reject a transaction.

The vulnerability of MasterCard, Visa, and American Express tokenization services is related to the insufficient authorization of ARQC cryptographic keys generated by Apple Pay, Samsung Pay, and GPay mobile wallets. Exploiting this vulnerability could allow attackers to use AAC cryptographic keys...

Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange

Cryptocurrency trading platform BitMart has disclosed a "large-scale security breach" that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum ETH blockchain and...

BitMart Exchange hacked as hackers steal $150 million

By Waqas BitMart Exchange has confirmed that the security breach involves one of its ETH hot wallets and one of BSC hot wallets. This is a post from HackRead.com Read the original post: BitMart Exchange hacked as hackers steal $150 million...

Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast

Ransomware is on the rise, and attackers are massing in never-before-seen numbers, lining up to find victims. Could the new year possibly get any worse? According to FortiGuard Labs, the answer is yes. According to its 2022 predictions, upcoming threats will target an expanding attack surface,...

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication MFA. According to a notification letter PDF – seen and posted by BleepingComputer, which first reported the story – that Coinbase sent to...

Cold wallet, hot wallet, or empty wallet? What is the safest way to store cryptocurrency?

In August of 2021, a thief stole about $600 million in cryptocurrencies from The Poly Network. They ended up giving it back, but not because they were forced to. Slightly more than one week later, Japanese cryptocurrency exchange Liquid was hacked and lost $97 million worth of digital coins. Thes...

Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse...

Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the...

Bizarro Banking Trojan

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways­ -- either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the...

Bizarro Banking Trojan Sports Sophisticated Backdoor

A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentia...

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites...

This Week in Security News May 7, 2021

New Panda Stealer Targets Cryptocurrency Wallets and Apple Releases Urgent Security Patches for Zero-Day Bugs...

New Panda Stealer Targets Cryptocurrency Wallets

In early April, we observed a new information stealer called Panda Stealer being delivered via spam emails. Based on Trend Micro's telemetry, United States, Australia, Japan, and Germany were among the most affected countries during a recent spam wave...

DoJ Task Force: Taking Down the Ransomware Economy

Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” ...

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrati...