⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Rough Monday
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. [...]
Several users of the Trust Wallet Chrome extension report having their cryptocurrency wallets drained after installing a compromised extension update released on December 24, prompting an urgent response from the company and warnings to affected users. Simultaneously, BleepingComputer observed a phishing domain launched by hackers. [...]
Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets
A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America
Report Finds North Koreans Embedded in Top Blockchain and Web3 ProjectsA new report details how North Korea’s cybercrime network is infiltrating global tech firms with fake IT workers who exploit trusted access to steal millions in cryptocurrency, launder funds through international fronts and channel proceeds into weapons development and espionage missions.
A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee
North Korean hackers have stolen $1.34 billion worth of cryptocurrency across 47 cyberattacks that occurred in 2024, according to a new report by blockchain analysis company Chainalysis. [...]
Crime Syndicates Too Powerful for Regional Governments to Police, UN Report WarnsCybercrime syndicates across Southeast Asia have teamed up with human traffickers, money launderers and cryptocurrency services to build an increasingly effective cybercrime ecosystem that can survive law enforcement crackdowns, according to a new United Nations report.
Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software
Elderly people report the greatest losses The FBI just dropped its annual report examining the costs of crypto-related cybercrime, painting a predictably grim picture as total losses in the US exceeded $5.6 billion in 2023 – a 45 percent year-on-year increase.…
Victims Reported $5.6 Billion in Financial Losses Associated With Crypto SchemesThe FBI's Internet Crime Complaint Center on Monday issued a report revealing victims filed more than 69,000 public complaints related to cryptocurrency fraud and $5.6 billion in financial losses in 2023, while investment scams made up the bulk of losses throughout the year.
Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams
A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks
Numerous Impediments Remain, Should Administrators Attempt to Reboot OperationThe notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being disrupted, security researchers report. Even so, experts say it's unlikely the group would be able to successfully reboot.