Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

By Deeba Ahmed A Chinese-speaking, technically skilled threat actor distributes backdoored applications to extract cash from victims in a newly discovered… This is a post from HackRead.com Read the original post: Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users...

Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, t...

call() should be used instead or transfer() on an address payable

Lines of code Vulnerability details This is a classic Code4rena issue: code-423n4/2021-04-meebits-findings2 code-423n4/2021-10-tally-findings20 code-423n4/2022-01-openleverage-findings75 Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail...

Utilizing the Adaptive Defense Model Against Information Stealers

Trellix Global Defenders: Utilizing the Adaptive Defense Model Against Information Stealers By Taylor Mullins · May 23, 2022 Trellix is continuing to observe the continued growth in usage and general availability of Information Stealers that have the functionality to collect passwords, cookies,...

Microsoft Warns of "Cryware" Info-Stealing Malware Targeting Crypto Wallets

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of...

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, and t...

In hot pursuit of ‘cryware’: Defending hot wallets from attacks

The steep rise in cryptocurrency market capitalization, not surprisingly, mirrors a marked increase in threats and attacks that target or leverage cryptocurrencies. But Microsoft researchers are observing an even more interesting trend: the evolution of related malware and their techniques, and t...

C4-004 : Centralization Risk

112 comment Warden: defsec Impact - LOW The system is heavily relies on the ExecutorManager. Therefore, It contains centralization risk If the execution manager is EOA and captured. Proof of Concept 1. Navigate to the following contract...

“Chemical attack” email warnings deliver Jester Stealer malware

Jester Stealer, a malicious file capable of large amounts of data theft, is on the prowl again. The Ukrainian Computer Emergency Response Team CERT-UA has warned of a large distribution campaign abusing a "chemical attack" theme. Receiving an email like this in the invasion-affected regions of...

Beware of Fake Windows 11 Update Delivering Malware

By Deeba Ahmed According to researchers, the fake upgrade injects malware onto Windows-based devices and steals crypto wallets and browsing data.… This is a post from HackRead.com Read the original post: Beware of Fake Windows 11 Update Delivering Malware...

Researchers warn of FFDroider and Lightning info-stealers targeting users in the wild

Cybersecurity researchers are warning of two different information-stealing malware, named FFDroider and Lightning Stealer, that are capable of siphoning data and launching further attacks. "Designed to send stolen credentials and cookies to a Command & Control server, FFDroider disguises itself ...

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP...

Researchers Expose Mars Stealer Malware Campaign Using Google Ads to Spread

A nascent information stealer called Mars has been observed in campaigns that take advantage of cracked versions of the malware to steal information stored in web browsers and cryptocurrency wallets. "Mars Stealer is being distributed via social engineering techniques, malspam campaigns, maliciou...

Enforced Owner Can Extract Funds From The Contract

Lines of code Vulnerability details Impact During the code review, It has been observed that access control mechanisms are checked with the following line. LibDiamond.enforceIsContractOwner; The withdraw gaves abilitiy to contract owner extract all funds are sent to contract. This poses...

Security Tips For Trading Cryptocurrency Online

By Owais Sultan Cybercriminals are always ready to hack cryptocurrency accounts/wallets these days. The popularity and rise in prices of leading… This is a post from HackRead.com Read the original post: Security Tips For Trading Cryptocurrency Online...

Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators

There’s a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It’s using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report. Though its name may soun...

Researchers Warn of a New Golang-based Botnet Under Continuous Development

Cybersecurity researchers have unpacked a nascent Golang-based botnet called Kraken that's under active development and features an array of backdoor capabilities to siphon sensitive information from compromised Windows hosts. "Kraken already features the ability to download and execute secondary...

‘Ice phishing’ on the blockchain

The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables huma...

‘Ice phishing’ on the blockchain

The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables huma...

GSD-2022-1000070 Reliance on improperly secured communications channel (Discord) in Grape Network version unknown

In Grape Network Grape Network version unknown a Reliance on improperly secured communications channel Discord exists in the Discord community "announcement" channels for multiple NFTs that can be attacked via unknown resulting in access Grape Network tokens was used to send Discord server messag...