Malware
13,655 προβολές
12 Δημοσιεύσεις
Δημοφιλές
Πιο πρόσφατα
🚨 Crypto Security Alert: Major Hacks and Malware Threats You Need to Know About!
🔐 The crypto space is buzzing with security concerns this week, from the bizarre ‘null address’ hack on iVest Finance to the widespread vulnerability known as Sinkclose, affecting millions of PCs. Here’s what you need to know:
DeFi Exploit: iVest Finance Hit Hard
On August 12, iVest Finance suffered a $156,000 exploit. The attacker drained funds by exploiting a flaw in the protocol, where transfers to a null address triggered a donation function, reducing balances by double the intended amount. This shows how even seemingly minor coding issues can lead to major losses. 🛡️ Stay vigilant, DeFi users!
Malware Alert: Sinkclose Threatens Millions of AMD Devices
Discovered on August 9, the Sinkclose vulnerability affects millions of AMD processors, posing a severe risk to crypto users. This malware is nearly impossible to remove, even with a full system reformat. If you’re using an AMD-powered device, make sure your firmware is updated, or consider switching to a hardware wallet for added security. 🖥️⚠️
Phishing Scam: Web3 Gamer Loses $69K in USDT
A Web3 gamer fell victim to a phishing scam, losing over $69,000 in Tether. The attacker tricked the user into approving a malicious contract, draining their wallet in minutes. Always double-check URLs and contract addresses when approving transactions to avoid falling prey to these scams. 💸🚨
Protect your assets by staying informed and cautious in this ever-evolving digital landscape. Share this post to spread the word and help others stay secure! 🔒🌐
#Binance #DeFi #Malware #PhishingScam #StaySafe
🔐 The crypto space is buzzing with security concerns this week, from the bizarre ‘null address’ hack on iVest Finance to the widespread vulnerability known as Sinkclose, affecting millions of PCs. Here’s what you need to know:
DeFi Exploit: iVest Finance Hit Hard
On August 12, iVest Finance suffered a $156,000 exploit. The attacker drained funds by exploiting a flaw in the protocol, where transfers to a null address triggered a donation function, reducing balances by double the intended amount. This shows how even seemingly minor coding issues can lead to major losses. 🛡️ Stay vigilant, DeFi users!
Malware Alert: Sinkclose Threatens Millions of AMD Devices
Discovered on August 9, the Sinkclose vulnerability affects millions of AMD processors, posing a severe risk to crypto users. This malware is nearly impossible to remove, even with a full system reformat. If you’re using an AMD-powered device, make sure your firmware is updated, or consider switching to a hardware wallet for added security. 🖥️⚠️
Phishing Scam: Web3 Gamer Loses $69K in USDT
A Web3 gamer fell victim to a phishing scam, losing over $69,000 in Tether. The attacker tricked the user into approving a malicious contract, draining their wallet in minutes. Always double-check URLs and contract addresses when approving transactions to avoid falling prey to these scams. 💸🚨
Protect your assets by staying informed and cautious in this ever-evolving digital landscape. Share this post to spread the word and help others stay secure! 🔒🌐
#Binance #DeFi #Malware #PhishingScam #StaySafe
(@sell9000 )
PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.
Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.
PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.
Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.
Crypto firms beware: Lazarus’ new malware can now bypass detection
Lazarus Group, a North Korean hacking collective, has been using a new type of malware as part of its fake employment scams. This malware, dubbed LightlessCan, is far more challenging to detect than its predecessor, BlindingCan.
LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions. This approach offers a significant advantage in terms of stealthiness, both in evading real-time monitoring solutions like EDRs, and postmortem digital forensic tools.
The new payload also uses what researchers call "execution guardrails," ensuring that the payload can only be decrypted on the intended victim's machine, thereby avoiding unintended decryption by security researchers.
In one case, Lazarus Group used LightlessCan to attack a Spanish aerospace firm. The hackers sent a fake job offer to an employee, and when the employee clicked on a link in the email, their computer was infected with the malware.
Lazarus Group's attack on the aerospace firm was motivated by cyberespionage. The hackers were likely trying to steal sensitive data from the company.
#YasinCoder
#Malware
#Attack
Lazarus Group, a North Korean hacking collective, has been using a new type of malware as part of its fake employment scams. This malware, dubbed LightlessCan, is far more challenging to detect than its predecessor, BlindingCan.
LightlessCan mimics the functionalities of a wide range of native Windows commands, enabling discreet execution within the RAT itself instead of noisy console executions. This approach offers a significant advantage in terms of stealthiness, both in evading real-time monitoring solutions like EDRs, and postmortem digital forensic tools.
The new payload also uses what researchers call "execution guardrails," ensuring that the payload can only be decrypted on the intended victim's machine, thereby avoiding unintended decryption by security researchers.
In one case, Lazarus Group used LightlessCan to attack a Spanish aerospace firm. The hackers sent a fake job offer to an employee, and when the employee clicked on a link in the email, their computer was infected with the malware.
Lazarus Group's attack on the aerospace firm was motivated by cyberespionage. The hackers were likely trying to steal sensitive data from the company.
#YasinCoder
#Malware
#Attack
A new malware for macOS, called "KandyKorn", has been discovered attacking members of the crypto community. The malware spreads through social engineering attacks, which trick victims into downloading a malicious ZIP file.
The malicious ZIP file is called "Cross-platform Bridges.zip" and poses as an arbitrage bot designed for automatic profit generation. However, the file actually contains malware that can steal data such as passwords, private keys, and wallet addresses.
Social engineering attacks target members of the crypto community through Discord channels, Twitter, and other forums. The attackers pose as legitimate members of the community and offer the malicious ZIP file as a free or paid tool.
macOS users should be aware of social engineering attacks and avoid downloading ZIP files from unknown sources. They should also keep their software updated to protect themselves from the latest threats.
Here are some tips to protect yourself from macOS malware:
🔸Don't click on links or open attachments from people you don't know.
🔸Keep your software up to date.
🔸Use reputable antivirus software.
🔸Be wary of offers that seem too good to be true.}
If you think your macOS device may be infected with malware, you should run a full antivirus scan. You should also change your passwords for all online services you use.
macOS malware attacks are a growing threat to macOS users. By staying alert for threats and taking steps to protect yourself, you can help keep your device secure.
#macOS #Malware
The malicious ZIP file is called "Cross-platform Bridges.zip" and poses as an arbitrage bot designed for automatic profit generation. However, the file actually contains malware that can steal data such as passwords, private keys, and wallet addresses.
Social engineering attacks target members of the crypto community through Discord channels, Twitter, and other forums. The attackers pose as legitimate members of the community and offer the malicious ZIP file as a free or paid tool.
macOS users should be aware of social engineering attacks and avoid downloading ZIP files from unknown sources. They should also keep their software updated to protect themselves from the latest threats.
Here are some tips to protect yourself from macOS malware:
🔸Don't click on links or open attachments from people you don't know.
🔸Keep your software up to date.
🔸Use reputable antivirus software.
🔸Be wary of offers that seem too good to be true.}
If you think your macOS device may be infected with malware, you should run a full antivirus scan. You should also change your passwords for all online services you use.
macOS malware attacks are a growing threat to macOS users. By staying alert for threats and taking steps to protect yourself, you can help keep your device secure.
#macOS #Malware
FBI Report Issues Warning About New 'Infamous Chisel' Malware Targeting Cryptocurrency Wallets.
#WebGTR #FBI #InfamousChisel #Malware #cryptocurrency
#WebGTR #FBI #InfamousChisel #Malware #cryptocurrency
#Malware that mines #cryptocurrency on #Apple devices could be the beginning of a wave of viruses.
A company spread the information about the malware and Apple responded immediately.
#crypto2023
A company spread the information about the malware and Apple responded immediately.
#crypto2023
A rogue #messenger to steal cryptocurrencies has appeared online
Recorded Future researchers have examined large-scale attacks on cryptocurrency #holders via Vortax malware masquerading as an online conferencing application.
Vortax spreads multiple infostealers at once, exploiting macOS vulnerabilities. Once on the victim's system, the #Malware not only empties cryptocurrency addresses, but also steals available credentials for resale.
#CryptoTradingGuide #LayerZero
Recorded Future researchers have examined large-scale attacks on cryptocurrency #holders via Vortax malware masquerading as an online conferencing application.
Vortax spreads multiple infostealers at once, exploiting macOS vulnerabilities. Once on the victim's system, the #Malware not only empties cryptocurrency addresses, but also steals available credentials for resale.
#CryptoTradingGuide #LayerZero
