Threat actors have launched global attacks leveraging malicious Tor browser installers to facilitate the distribution of a clipboard-hijacking malware aimed at exfiltrating cryptocurrency assets, reports BleepingComputer.
Most of the trojanized Tor installers have been targeted at Russia and Eastern Europe but attacks were also observed in the U.S., France, Germany, China, the Netherlands, and the U.K., according to a Kaspersky report.
Researchers found that clipboards are being tracked by the malware for crypto wallet addresses, with detected addresses being replaced with ones belonging to the attackers. Nearly $400,000 worth of cryptocurrency has been stolen in the attacks, which were found to be a part of a single campaign.
Users have been urged to download software only from the Tor Project website to avoid clipboard hijackers.
Meanwhile, possible infections could be checked by pasting the "bc1heymalwarehowaboutyoureplacethisaddress" address to their Notepads, with a replacement indicating system compromise.
Vulnerable Apache NiFi implementations are being targeted in new attacks deploying the Kinsing cryptomining malware, as indicated by the significant increase in HTTP requests for "/nifi" on May 19, according to The Hacker News.
Numerous fraudulent websites masquerading as legitimate software, including ChatGPT, Gimp, AstraChat, and Go To Meeting, have been used in a new RomCom malware campaign by Cuba ransomware affiliate Void Rabisu, also known as Tropical Scorpius, from December 2022 to April 2023, which was mostly targeted at Eastern Europe, according to BleepingComputer.
Scandinavian Airlines has been demanded to pay $3 million by the Anonymous Sudan threat operation to put an end to distributed denial-of-service attacks against the airline's websites that began in February, reports The Record, a news site by cybersecurity firm Recorded Future.