Cybercriminals could exploit a security flaw in a web version of Everscale's Ever Surf cryptocurrency wallet to obtain complete control of targets' cryptowallets, according to The Hacker News.
Check Point researchers noted that abusing the vulnerability would enable attackers to conduct private key decryption and seed local browser storage-stored phrases, allowing full cryptowallet control.
Malicious browser add-ons and infostealer malware could be leveraged by attackers to access unencrypted local storage data.
Everscale has already introduced a new desktop app that addresses the vulnerability.
"When working with cryptocurrencies, you always need to be careful, ensure your device is free of malware, do not open suspicious links, keep OS and anti-virus software updated. Despite the fact that the vulnerability we found has been patched in the new desktop version of the Ever Surf wallet, users may encounter other threats such as vulnerabilities in decentralized applications, or general threats like fraud, [and] phishing," said Alexander Chailytko of Check Point.
Ten malicious Python Package Index packages have been discovered by Check Point researchers to deploy info-stealers enabling the exfiltration of personal credentials and private data from software developers, reports The Hacker News.
Bitter APT has been leveraging a trojanized iteration of the Signal messaging app to deploy the Android spyware Dracarys in cyberespionage campaigns against individuals in India, New Zealand, Pakistan, and the U.K., BleepingComputer reports.