New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework calledUI AutomationUIA to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banki...

U.S. Sanctions 3 Cryptocurrency Exchanges for Helping Russia Evade Sanctions

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia following its invasion of Ukraine in early 2022. This includes Bitpapa IC FZC LLC, Crypto Explorer DMCC...

Here’s Some Bitcoin: Oh, and You’ve Been Served!

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...

CISA issues alert with South Korean government about DPRK's ransomware antics

CISA and other federal agencies were joined by the National Intelligence Service NIS and the Defense Security Agency of the Republic of Korea ROK in releasing the latest cybersecurity advisory in the US government's ongoing StopRansomware effort. This alert highlights continuous state-sponsored...

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Russian-language group Void Balaur, also tracked under the name Rockethack, has been identified as a prolific cyber-mercenary group, available for hire to break into the email and social-media accounts of high-profile, high-stakes targets around the world. After monitoring Void Balaur for more th...

Researchers Uncover Hacker-for-Hire Group That's Active Since 2015

A new cyber mercenary hacker-for-hire group dubbed "Void Balaur" has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain...

New Anti Anti-Money Laundering Services for Crooks

A new dark web service is marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed "Antinalysis," the service purports to offer a glimpse into how ones payment activity might be flagged by law...

Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "medium-high" likelihood to the Lazarus Group aka APT38 or Hidden Cobra, researchers from Israeli...

DoJ Task Force: Taking Down the Ransomware Economy

Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” ...

AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation FBI,...

Two Russians Charged in $17M Cryptocurrency Phishing Spree

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges...

U.S. Defense Warns of 3 New Malware Used by North Korean Hackers

Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the...

Cryptocurrency businesses still being targeted by Lazarus

It's hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection...

Razy Malware Attacks Browser Extensions to Steal Cryptocurrency

UPDATE A Windows malware dubbed “Razy” has been uncovered that sports a toolbox of cryptocurrency theft and fraud tools. Razy works by weaponizing browser extensions in order to perpetrate a range of online scams on unwitting victims. According to researchers at Kaspersky Lab, the trojan targets...

IT threat evolution Q3 2018

Targeted attacks and malware campaigns Lazarus targets cryptocurrency exchange Lazarus is a well-established threat actor that has conducted cyber-espionage and cybersabotage campaigns since at least 2009. In recent years, the group has launched campaigns against financial organizations around th...

Lazarus Group’s AppleJeus MacOS malware targeting cryptocurrency exchanges

By Waqas Lazarus Group is believed to be backed by the North Korean government and now it is using AppleJeus MacOS Malware. Security researchers from the Global Research and Analysis Team at Kaspersky Lab have discovered the first-ever Lazarus deployed malware for MacOS. It is reported that Lazar...

Watch: An Account Takeover Attack Using Credential Stuffing, and How to Protect Against It [Video]

As cryptocurrencies continue to grow in diversity, so too do the threats they face, specifically those targeting the cryptocurrency exchange. Now, more than ever, cryptocurrency exchanges are facing security threats in the form of volumetric and application layer DDoS and account takeover ATO...

Safe as houses: 5 security measures adopted by cryptocurrency exchanges

By Waqas Cryptocurrencies rely on the blockchain, a decentralized ledger that records all transactions ever made within it. The blockchain network consists of multiple nodes that maintain it. To gain control over the network and tamper with transaction data a hacker should compromise most of the...

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and...

New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11397, CVE-2018-11398)

Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow1, proxyOverflow2, transferFlaw3, ownerAnyone4, multiOverflow5, burnOverflow6, ceoAnyone7. Some of them could be used by attackers to generate tokens out of nowhere ...