cryptocurrency, digital currency


Two Romanians convicted for roles in Bayrob malware operation


Two Romanian nationals were convicted in an Ohio federal court on Thursday for their roles in the Bayrob group, an organization that launched a multi-million-dollar cybercriminal operation fueled by its own proprietary malware. Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty on separate 21 counts for developing and spreading the Bayrob trojan, which…

Upgraded Cardinal RAT malware targets Israeli fintech firms


A pair of Israeli financial technology companies were recently the target of a malware campaign featuring an updated version of the rarely seen Cardinal remote access trojan, researchers from Palo Alto Networks’ Unit 42 team are reporting. And in a possibly related incident, one of the two unnamed companies was similarly attacked with EVILNUM, a…

Persistence and scale signature moves of new Monero miner campaign


A new Monero cryptomining campaign has been detected in the wild being spread and operating in a manner more consistent with ransomware and other attacks that retain a level of persistence than has been seen before. Check Point researchers said these mining operations have been on-going since mid-January using two specific trojans, Trojan.Win32.Fsysna and an…

‘Clipper’ malware that alters crypto wallet addresses slips into Play Store


Google’s Play Store unknowingly hosted a fake cryptocurrency app that actually modifies users’ crypto wallet addresses once they’re copied to the clipboard, researchers are reporting. This Android-based “clipper” malware, as it’s called, secretly changes the wallet address to one hosted by the attackers, allowing them to steal victims’ digital coin transactions, explains ESET researcher Lukas…

California SIM swapping conviction reportedly may be a legal first


Prosecutors in California have reportedly won what they believe to be the first-ever conviction for the act of SIM hijacking. Joel Ortiz, a 20-year-old college student from Boston, pleaded guilty in a Santa Clara County courtroom last month to stealing over $5 million in cryptocurrency after taking over the phone numbers of roughly 40 individuals…

Mac and Chrome info stealer and cryptomining malware in the wild


Cybercriminals are using a new malware targeting Macs and the Chrome browser designed to steal all the information necessary to break into cryptocurrency exchanges and their victim’s digital wallets. This malware, an offshoot of OSX.DarthMiner, has a wide range of abilities, reported Palo Alto’s Unit 42. These skills include the ability to steal browser cookies…

New Mac malware ‘DarthMiner’ joins the dark side


Researchers last week detected a fake Adobe piracy app that infects Mac users with a one-two combination of the EmPyre backdoor/post-exploitation agent and the XMRig cryptominer. The app pretends to be Adobe Zii, a software program that facilitates the cracking and digital piracy of Adobe products, reports Thomas Reed, director of Mac and mobile at Malwarebytes,…

Cryptomining campaign pulls new ‘Linux Rabbit’ malware out of its black hat


A two-month Monero cryptomining campaign targeted both Linux-based servers and Internet of Things devices with a newly discovered malware family called “Linux Rabbit,” researchers have reported. The operation occurred in two phases, each of which used a distinct version of Linux Rabbit that shares the same code base as the other iteration, according to a Dec. 6…


Hacker takes over JavaScript library, injects malware to steal Bitcoin


An open-source code stored in a popular JavaScript library was poisoned by its latest administrator with a malicious code allowing an attacker to swipe Bitcoin from Bitpay and Copay wallets. The attacker injected a malicious code, called Event-Stream, into a NodeJS package that is used by the Copay and BitPay apps enabling an attacker to…

New cryptominer seeks out root permissions on Linux machines


Researchers at antivirus company Dr.Web have discovered a malicious Monero cryptominer specifically designed for Linux machines, with additional functionality that also allows it to operate as a backdoor. Named Linux.BtcMine.174, the trojan is described as a shell script containing over 1,000 lines of code. To receive its malicious commands from the attackers, the malware downloads and runs…

Next post in Security News