Malwareattack
27,052 views
15 Discussing
Hot
Latest
Hello everyone.
I want to address an issue that I haven't seen anyone online even mention.
And that is the USTC Miner.
Now, I am not sure if this a scam or not, but judging off of their page it could pose as malware who are trying to leech off of people for their money whilst advertising itself as a miner.
Basically, the way it works is you get into that website through a referral and then with a SINGLE click it mines for you. You can transfer USTC to USDT and make an insane amount of money.
The website itself doesn't explain a lot on how they actually profit or even work, as USTC, USDT and USDC is directly linked to the US Dollar.
Ergo, this lead me to believe that this specific miner IS malware.
But I would like to hear from some of you who have used it before to maybe explain more, as I haven't really delved too deep into it.
#ustcwarning #Malwareattack
I want to address an issue that I haven't seen anyone online even mention.
And that is the USTC Miner.
Now, I am not sure if this a scam or not, but judging off of their page it could pose as malware who are trying to leech off of people for their money whilst advertising itself as a miner.
Basically, the way it works is you get into that website through a referral and then with a SINGLE click it mines for you. You can transfer USTC to USDT and make an insane amount of money.
The website itself doesn't explain a lot on how they actually profit or even work, as USTC, USDT and USDC is directly linked to the US Dollar.
Ergo, this lead me to believe that this specific miner IS malware.
But I would like to hear from some of you who have used it before to maybe explain more, as I haven't really delved too deep into it.
#ustcwarning #Malwareattack
See original
The theft of cryptocurrencies has increased as hackers sell fake phones equipped with malware
Kaspersky Cybersecurity has revealed that hackers are using malicious software installed on Android devices to steal cryptocurrencies.
The company advised users to exercise caution.
As the world of cryptocurrencies evolves, hackers are innovating new ways to steal users' digital assets. Kaspersky Lab experts revealed that hackers are using fake Android smartphones to steal cryptocurrencies.
According to Kaspersky Cybersecurity, thousands of infected Android devices have been discovered, specifically developed to steal user data and cryptocurrencies. These devices are often sold at low prices to attract buyers.
The latest malware is a modified version of Triada, a Trojan remote access malware used to compromise Android devices. Security companies reported finding over 2,600 users affected by the new version of Triada. These users belong to various regions around the world, but the majority are from Russia.
#russia #HackerAlert #hackers #Malwareattack
#kaspersky
Kaspersky Cybersecurity has revealed that hackers are using malicious software installed on Android devices to steal cryptocurrencies.
The company advised users to exercise caution.
As the world of cryptocurrencies evolves, hackers are innovating new ways to steal users' digital assets. Kaspersky Lab experts revealed that hackers are using fake Android smartphones to steal cryptocurrencies.
According to Kaspersky Cybersecurity, thousands of infected Android devices have been discovered, specifically developed to steal user data and cryptocurrencies. These devices are often sold at low prices to attract buyers.
The latest malware is a modified version of Triada, a Trojan remote access malware used to compromise Android devices. Security companies reported finding over 2,600 users affected by the new version of Triada. These users belong to various regions around the world, but the majority are from Russia.
#russia #HackerAlert #hackers #Malwareattack
#kaspersky
See original
The "Lazarus" group turns into a Bitcoin whale, owning Bitcoin worth 1 billion dollars: details
The āLazarusā group, responsible for the recent $1.5 billion hack of āBybit,ā has become one of the largest Bitcoin whales, after acquiring 13,518 Bitcoin worth $1.13 billion, according to āArkham Intelligence.ā
These holdings make North Korea the fifth largest country in terms of Bitcoin ownership after the United States, China, the United Kingdom, and Ukraine, surpassing the holdings of Bhutan (13,029 Bitcoin) and El Salvador (6,089 Bitcoin).
Additionally, the āLazarusā wallets contain 13,702 Ethereum ($26 million), 5,022 BNB ($3 million), and $2.2 million in DAI, along with other stablecoins.
āCertiKā also reported that the group deposited 400 Ethereum ($750,000) into the āTornado Cashā mixing service.
In another context, āSocketā revealed that Lazarus has deployed new malware targeting cryptocurrency wallets, such as Solana and Exodus, through fake JavaScript libraries to steal credentials.
In a related development, OKX suspended its decentralized Web3 DEX platform after discovering Lazarus's attempt to exploit decentralized finance (DeFi) services.
Bloomberg reported that the collective was used to launder $100 million in cryptocurrencies associated with the group.
#bybit
#WhaleManipulation #JavaScript #Malwareattack
#LazarusGroup
$ETH
The āLazarusā group, responsible for the recent $1.5 billion hack of āBybit,ā has become one of the largest Bitcoin whales, after acquiring 13,518 Bitcoin worth $1.13 billion, according to āArkham Intelligence.ā
These holdings make North Korea the fifth largest country in terms of Bitcoin ownership after the United States, China, the United Kingdom, and Ukraine, surpassing the holdings of Bhutan (13,029 Bitcoin) and El Salvador (6,089 Bitcoin).
Additionally, the āLazarusā wallets contain 13,702 Ethereum ($26 million), 5,022 BNB ($3 million), and $2.2 million in DAI, along with other stablecoins.
āCertiKā also reported that the group deposited 400 Ethereum ($750,000) into the āTornado Cashā mixing service.
In another context, āSocketā revealed that Lazarus has deployed new malware targeting cryptocurrency wallets, such as Solana and Exodus, through fake JavaScript libraries to steal credentials.
In a related development, OKX suspended its decentralized Web3 DEX platform after discovering Lazarus's attempt to exploit decentralized finance (DeFi) services.
Bloomberg reported that the collective was used to launder $100 million in cryptocurrencies associated with the group.
#bybit
#WhaleManipulation #JavaScript #Malwareattack
#LazarusGroup
$ETH
See original
The Crocodilus malware has expanded globally with new crypto and banking theft features
The Crocodilus banking trojan is expanding globally with new campaigns targeting crypto wallets and banking applications, now reaching Europe and South America.
The Android banking trojan Crocodilus has launched new campaigns aimed at cryptocurrency users and banking customers in Europe and South America.
First detected in March 2025, the initial samples of Crocodilus were largely confined to Turkey, where the malware masqueraded as online casino applications or counterfeit banking apps to steal login credentials.
Recent campaigns show that it is now targeting victims in Poland, Spain, Argentina, Brazil, Indonesia, India, and the United States, according to findings from ThreatFabric's Mobile Threat Intelligence (MTI) team.
A campaign targeting Polish users used Facebook ads to promote fake loyalty applications. By clicking on the ad, users were redirected to malicious sites, where a Crocodilus dropper was installed, evading Android 13+ restrictions.
Facebook's transparency data revealed that these ads reached thousands of users in just one or two hours, focusing on the audience over 35 years old.
In a report from April 22, the forensic analysis and regulatory compliance company in cryptocurrency AMLBot revealed that "crypto drainers," malicious programs designed to steal cryptocurrencies, have become easier to access as the ecosystem evolves towards a software-as-a-service business model.
The report revealed that malware distributors can rent a drainer for as little as 100-300 USDt (USDT).
On May 19, it was revealed that the Chinese printer manufacturer Procolored had distributed malware to steal bitcoins along with its official drivers.
#Malwareattack $BTC
The Crocodilus banking trojan is expanding globally with new campaigns targeting crypto wallets and banking applications, now reaching Europe and South America.
The Android banking trojan Crocodilus has launched new campaigns aimed at cryptocurrency users and banking customers in Europe and South America.
First detected in March 2025, the initial samples of Crocodilus were largely confined to Turkey, where the malware masqueraded as online casino applications or counterfeit banking apps to steal login credentials.
Recent campaigns show that it is now targeting victims in Poland, Spain, Argentina, Brazil, Indonesia, India, and the United States, according to findings from ThreatFabric's Mobile Threat Intelligence (MTI) team.
A campaign targeting Polish users used Facebook ads to promote fake loyalty applications. By clicking on the ad, users were redirected to malicious sites, where a Crocodilus dropper was installed, evading Android 13+ restrictions.
Facebook's transparency data revealed that these ads reached thousands of users in just one or two hours, focusing on the audience over 35 years old.
In a report from April 22, the forensic analysis and regulatory compliance company in cryptocurrency AMLBot revealed that "crypto drainers," malicious programs designed to steal cryptocurrencies, have become easier to access as the ecosystem evolves towards a software-as-a-service business model.
The report revealed that malware distributors can rent a drainer for as little as 100-300 USDt (USDT).
On May 19, it was revealed that the Chinese printer manufacturer Procolored had distributed malware to steal bitcoins along with its official drivers.
#Malwareattack $BTC
See original
ā ļø It has been reported that data from over 100,000 users of the Gemini platform and possibly Binance has been sold on the dark web, including full names, email addresses, phone numbers, and geographical locations šÆ
For its part, Binance confirmed that this breach did not occur from its platform, but may have resulted from malware on users' devices.
#scam #scamriskwarning #Malwareattack #Binance #bitcoin
$BTC
For its part, Binance confirmed that this breach did not occur from its platform, but may have resulted from malware on users' devices.
#scam #scamriskwarning #Malwareattack #Binance #bitcoin
$BTC
A new crypto-stealing malware is targeting iPhones and Android smartphones
#Alertš“ #Malwareattack
A new cybersecurity threat is targeting users of both Android and iOS devices. According to a Kaspersky report, a malicious software development kit (SDK) has been spotted embedded in several apps available on Google Play and the Apple App Store. This SDK, dubbed SparkCat, is designed to steal cryptocurrency wallet recovery phrases using optical character recognition (OCR) technology. The campaign has already affected hundreds of thousands of users, with over 242,000 downloads recorded on the Google Play Store alone.
The malicious SDK operates differently on Android and iOS devices. On Android, it uses a Java component called Spark, which serves as an analytics module. This component retrieves encrypted configuration files from GitLab, which contain commands and updates for the malware. On iOS, the framework goes by various names, such as Gzip, googleappsdk, or stat, and uses a Rust-based networking module called im_net_sys to communicate with C2 servers.
The primary function of this malware is to scan images on a userās device for cryptocurrency wallet recovery phrases. These phrases, often stored as screenshots or photos, are used to restore access to cryptocurrency wallets. The malware uses Google ML Kit OCR to extract text from images, targeting specific keywords in multiple languages, including Latin, Korean, Chinese, and Japanese. Once it identifies a recovery phrase, the stolen data is sent to the attackersā servers, allowing them to access the victimās cryptocurrency funds without needing a password.
Kasperskyās investigation revealed that the malware is region-specific, with different keywords and targeting strategies for areas like Europe and Asia. However, the researchers caution that the apps could still function outside their intended regions, posing a risk to a broader audience.
So far, 18 Android apps and 10 iOS apps have been identified as infected. You can find the list of affected apps in Kaspersky's report here. One notable example is the Android app Ć¢ā¬ā ChatAi Ć¢ā¬ā which had been downloaded more than 50,000 times before being removed from the Google Play Store. However, many of the other infected apps remain available on both platforms, which is still a matter of concern.
If you suspect youāve installed any of the malware-infected apps, you must uninstall them immediately. According to experts, it is also recommended to install a reputable mobile antivirus tool to scan your device for any lingering traces of the malware. In severe cases, a factory reset may be necessary to ensure complete removal. Self-hosted, offline password managers with vault features can also provide an additional layer of security.
$BTC
A new cybersecurity threat is targeting users of both Android and iOS devices. According to a Kaspersky report, a malicious software development kit (SDK) has been spotted embedded in several apps available on Google Play and the Apple App Store. This SDK, dubbed SparkCat, is designed to steal cryptocurrency wallet recovery phrases using optical character recognition (OCR) technology. The campaign has already affected hundreds of thousands of users, with over 242,000 downloads recorded on the Google Play Store alone.
The malicious SDK operates differently on Android and iOS devices. On Android, it uses a Java component called Spark, which serves as an analytics module. This component retrieves encrypted configuration files from GitLab, which contain commands and updates for the malware. On iOS, the framework goes by various names, such as Gzip, googleappsdk, or stat, and uses a Rust-based networking module called im_net_sys to communicate with C2 servers.
The primary function of this malware is to scan images on a userās device for cryptocurrency wallet recovery phrases. These phrases, often stored as screenshots or photos, are used to restore access to cryptocurrency wallets. The malware uses Google ML Kit OCR to extract text from images, targeting specific keywords in multiple languages, including Latin, Korean, Chinese, and Japanese. Once it identifies a recovery phrase, the stolen data is sent to the attackersā servers, allowing them to access the victimās cryptocurrency funds without needing a password.
Kasperskyās investigation revealed that the malware is region-specific, with different keywords and targeting strategies for areas like Europe and Asia. However, the researchers caution that the apps could still function outside their intended regions, posing a risk to a broader audience.
So far, 18 Android apps and 10 iOS apps have been identified as infected. You can find the list of affected apps in Kaspersky's report here. One notable example is the Android app Ć¢ā¬ā ChatAi Ć¢ā¬ā which had been downloaded more than 50,000 times before being removed from the Google Play Store. However, many of the other infected apps remain available on both platforms, which is still a matter of concern.
If you suspect youāve installed any of the malware-infected apps, you must uninstall them immediately. According to experts, it is also recommended to install a reputable mobile antivirus tool to scan your device for any lingering traces of the malware. In severe cases, a factory reset may be necessary to ensure complete removal. Self-hosted, offline password managers with vault features can also provide an additional layer of security.
$BTC
šØWhoa, thatās a serious red flag ā malware hiding in printer drivers is next-level sneaky.
Hereās the TL;DR and what to do:
What Happened:
Malware was bundled with official-looking drivers from Procolored (UV printers).
It quietly hijacks copied crypto wallet addresses ā when you paste yours, it pastes theirs instead.
Nearly $1M in BTC stolen this way.
Whoās at Risk:
Anyone who downloaded Procolored drivers from MEGA since Oct 2023.
What You Should Do:
Check your clipboard history (if available) for suspicious address replacements.
Run a full malware scan (Malwarebytes, Windows Defender, etc.).
If youāre exposed: Wipe & reinstall your OS (seriously).
Always double-check wallet addresses after pasting.
Lesson: Even "harmless" things like printers can be Trojan horses. Trust, but verify ā especially when money's involved.
#bitcoin #Malwareattack #Cybersecurity
Hereās the TL;DR and what to do:
What Happened:
Malware was bundled with official-looking drivers from Procolored (UV printers).
It quietly hijacks copied crypto wallet addresses ā when you paste yours, it pastes theirs instead.
Nearly $1M in BTC stolen this way.
Whoās at Risk:
Anyone who downloaded Procolored drivers from MEGA since Oct 2023.
What You Should Do:
Check your clipboard history (if available) for suspicious address replacements.
Run a full malware scan (Malwarebytes, Windows Defender, etc.).
If youāre exposed: Wipe & reinstall your OS (seriously).
Always double-check wallet addresses after pasting.
Lesson: Even "harmless" things like printers can be Trojan horses. Trust, but verify ā especially when money's involved.
#bitcoin #Malwareattack #Cybersecurity
š Crocodilus Dangerous Android Trojan Hunting Cryptocurrency
š Cybersecurity researchers at Threat Fabric have discovered a new family of mobile malware that can trick Android users into revealing their cryptocurrency wallet seed phrases.
š According to a report from March 28, the Crocodilus malware uses fake screens on top of legitimate apps and displays a warning about the need to back up your crypto wallet key within a certain period of time.
š£ļø āAfter the victim enters the app password, a message appears on the screen: āBack up your wallet key in Settings within 12 hours. Otherwise, the app will be reset and you may lose access to your wallet,āā Threat Fabric explains.
š§This social engineering trick directs the user to the seed phrase section, which allows Crocodilus to collect this information via Androidās accessibility logger. Once the attackers obtain the seed phrase, they gain full control over the wallet and can āempty it completely.ā
š Crocodilus is a new malware that, according to experts, has all the features of modern hacking software, including attacks using screen overlays, advanced data collection through screen capture with sensitive information (such as passwords), and remote access to gain control over the infected device.
āļø The initial infection occurs when the malware is unintentionally downloaded as part of other software that bypasses Android 13 protection and other security mechanisms.
š”ļøOnce installed š Crocodilus requests that the accessibility service be enabled, which allows the hackers to access the device.
āOnce these rights are granted, the malware connects to the command and control (C2) server to receive instructions, including a list of target applications and screen overlays,ā Threat Fabric notes.
š The malware runs continuously, monitoring application launches and displaying overlays to intercept credentials. When the targeted banking or cryptocurrency app is opened, a fake screen is launched on top of it, and the hackers take control of the device.
āWith stolen personal data and credentials, attackers can take full control of the victimās device using built-in remote access and secretly make fraudulent transactions,ā the experts warn.
#Malwareattack #SAFUš #SecurityAlert #Crocodilus #Alertš“
š According to a report from March 28, the Crocodilus malware uses fake screens on top of legitimate apps and displays a warning about the need to back up your crypto wallet key within a certain period of time.
š£ļø āAfter the victim enters the app password, a message appears on the screen: āBack up your wallet key in Settings within 12 hours. Otherwise, the app will be reset and you may lose access to your wallet,āā Threat Fabric explains.
š§This social engineering trick directs the user to the seed phrase section, which allows Crocodilus to collect this information via Androidās accessibility logger. Once the attackers obtain the seed phrase, they gain full control over the wallet and can āempty it completely.ā
š Crocodilus is a new malware that, according to experts, has all the features of modern hacking software, including attacks using screen overlays, advanced data collection through screen capture with sensitive information (such as passwords), and remote access to gain control over the infected device.
āļø The initial infection occurs when the malware is unintentionally downloaded as part of other software that bypasses Android 13 protection and other security mechanisms.
š”ļøOnce installed š Crocodilus requests that the accessibility service be enabled, which allows the hackers to access the device.
āOnce these rights are granted, the malware connects to the command and control (C2) server to receive instructions, including a list of target applications and screen overlays,ā Threat Fabric notes.
š The malware runs continuously, monitoring application launches and displaying overlays to intercept credentials. When the targeted banking or cryptocurrency app is opened, a fake screen is launched on top of it, and the hackers take control of the device.
āWith stolen personal data and credentials, attackers can take full control of the victimās device using built-in remote access and secretly make fraudulent transactions,ā the experts warn.
#Malwareattack #SAFUš #SecurityAlert #Crocodilus #Alertš“
šØTRUFLATION HACKER MOVES ~4.5 WBTC FOR 230 ETH
š¹Truflation, a blockchain inflation data platform, was hit by $5.2M malware attack last year
š¹Hacker laundered funds via Tornado Cash
š¹4.5 WBTC moved for 230 ETH
#Truflation #Hack #ETH #MalwareAttack #TornadoCash $ETH
$BTC
š¹Truflation, a blockchain inflation data platform, was hit by $5.2M malware attack last year
š¹Hacker laundered funds via Tornado Cash
š¹4.5 WBTC moved for 230 ETH
#Truflation #Hack #ETH #MalwareAttack #TornadoCash $ETH
$BTC
BEWARE! Crocodilus Malware Targets Your Android Crypto Wallet!
A new malware called Crocodilus is lurking on Android users, especially those who store crypto assets in digital wallets.
This malware disguises itself as a legitimate application and uses overlay techniques to steal your seed phrase.
How Crocodilus works:
Posing as a legitimate app and requesting accessibility service access.
Displays a fake overlay asking you to enter a seed phrase for security reasons.
Once it gains access, malware can remotely take over your device and steal sensitive data.
Tips to protect yourself:
Avoid downloading apps from unofficial sources.
Never enter your seed phrase into any suspicious app.
Check app permissions regularly and revoke unnecessary access.
Use a trusted security app to scan your device.
Don't let your crypto assets be stolen by this dangerous malware!
#CryptoNews #Malwareattack
A new malware called Crocodilus is lurking on Android users, especially those who store crypto assets in digital wallets.
This malware disguises itself as a legitimate application and uses overlay techniques to steal your seed phrase.
How Crocodilus works:
Posing as a legitimate app and requesting accessibility service access.
Displays a fake overlay asking you to enter a seed phrase for security reasons.
Once it gains access, malware can remotely take over your device and steal sensitive data.
Tips to protect yourself:
Avoid downloading apps from unofficial sources.
Never enter your seed phrase into any suspicious app.
Check app permissions regularly and revoke unnecessary access.
Use a trusted security app to scan your device.
Don't let your crypto assets be stolen by this dangerous malware!
#CryptoNews #Malwareattack
Cryptopolitan
--
Bitcoin-stealing malware found in Chinese printer driver
Security experts have uncovered a malware program that steals Bitcoin in the official driver of Procolored, a printer company based in Shenzhen, China. In a post on X, the experts said the hackers had used the malware to steal 9.3 Bitcoin.
According to the tech website Blue Dot Network, Procolored transferred the infected driver from a USB flash drive and uploaded it to its servers for users to download. It is unclear whether this was a deliberate attack by the company or if it involved a third party.
However, experts believe the driver was developed by a third party who likely added the malware. They noted that most hardware manufacturers in China outsource their software development to third parties. Thus, the third-party developer likely sent the driver to Procolored using a USB flash drive after adding the backdoor.
Meanwhile, Yu Xian, the founder of blockchain security firm SlowMist, has further investigated the issue and discovered how the backdoor functions. He explained that the code in the printer driver could hijack wallet addresses on the usersā clipboards and change them to those of the attacker.
He said:
āThis printerās official driver comes with backdoor codeā¦ which can hijack the wallet address in the userās clipboard and replace it with the attackerās own: 1BQZKqdp2CV3QV5nUEsqSglygegLmqRygJ.ā
While this might look like an address poisoning attack, Xian admitted it is a classic case, noting that the stolen Bitcoin had been laundered long ago.
Overview of the hacker address (Source: Yu Xian)
Interestingly, he found that all the stolen BTC was not due to the printer alone, as the malware had been active for eight years and infected several applications. The first theft happened back in April 2016, while the most recent was in March 2024.
Bitcoin attack vectors continue to grow with crypto market expansion
Meanwhile, the incident highlights the variation of threats that crypto users are facing. With the crypto market expanding in size and value and attracting more mainstream attention, bad actors have also turned their eyes toward it.
The result is a growing number of attack vectors that the average crypto user may need to face. These attacks, ranging from phishing to malware to exploiting vulnerabilities, have allowed bad actors to make over $1.7 billion this year alone.
While most of these attack vectors are not new, scammers also leverage some crypto usersā ignorance to steal their funds. For instance, users of hardware wallet Ledger have been getting physical letters and fake wallets that look like the original ledger, asking them to migrate their crypto assets to the new device.
According to experts, this scam is not new. It dates back to 2021, when hackers gained access to the information of several Ledger users, including their names, emails, and even physical mailing addresses. However, some users are still falling victim to it.
Physical threats pushing crypto whales to increase their security
Interestingly, the risk of exploiting and being the target of phishing scams is not the only challenge crypto users face. There have also been increasing physical and violent attacks on known crypto holders and their relatives.
Recently, the daughter of Paymium CEO Pierre Noizat was almost abducted in Paris. Paymium is a France-based crypto exchange. This was not a one-off incident, as the father of another crypto entrepreneur was previously abducted in the city but rescued by the police.
Even the co-founder of Ledger, David Ballant, was also abducted in January with his wife in Paris and had his finger severed before his eventual release.
While France appears to be the hotspot, there have also been several incidents in other countries.Ā A public directory of known crypto attacks by Jameson Loop showed that there have been three attacks this month, with the most recent happening on May 14 when three Chinese citizens tried to rob a mining facility in Paraguay.
With the risks of physical attacks for crypto users now rising, it is unsurprising that large crypto holders are turning to private security firms. According to reports by Bloomberg, Wall Street Journal, and Wired, crypto whales have increased their demand for bodyguards.
That demand will likely increase with recent data leaks from exchanges putting personal information, including crypto usersā physical locations, in bad actorsā hands.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
According to the tech website Blue Dot Network, Procolored transferred the infected driver from a USB flash drive and uploaded it to its servers for users to download. It is unclear whether this was a deliberate attack by the company or if it involved a third party.
However, experts believe the driver was developed by a third party who likely added the malware. They noted that most hardware manufacturers in China outsource their software development to third parties. Thus, the third-party developer likely sent the driver to Procolored using a USB flash drive after adding the backdoor.
Meanwhile, Yu Xian, the founder of blockchain security firm SlowMist, has further investigated the issue and discovered how the backdoor functions. He explained that the code in the printer driver could hijack wallet addresses on the usersā clipboards and change them to those of the attacker.
He said:
āThis printerās official driver comes with backdoor codeā¦ which can hijack the wallet address in the userās clipboard and replace it with the attackerās own: 1BQZKqdp2CV3QV5nUEsqSglygegLmqRygJ.ā
While this might look like an address poisoning attack, Xian admitted it is a classic case, noting that the stolen Bitcoin had been laundered long ago.
Overview of the hacker address (Source: Yu Xian)
Interestingly, he found that all the stolen BTC was not due to the printer alone, as the malware had been active for eight years and infected several applications. The first theft happened back in April 2016, while the most recent was in March 2024.
Bitcoin attack vectors continue to grow with crypto market expansion
Meanwhile, the incident highlights the variation of threats that crypto users are facing. With the crypto market expanding in size and value and attracting more mainstream attention, bad actors have also turned their eyes toward it.
The result is a growing number of attack vectors that the average crypto user may need to face. These attacks, ranging from phishing to malware to exploiting vulnerabilities, have allowed bad actors to make over $1.7 billion this year alone.
While most of these attack vectors are not new, scammers also leverage some crypto usersā ignorance to steal their funds. For instance, users of hardware wallet Ledger have been getting physical letters and fake wallets that look like the original ledger, asking them to migrate their crypto assets to the new device.
According to experts, this scam is not new. It dates back to 2021, when hackers gained access to the information of several Ledger users, including their names, emails, and even physical mailing addresses. However, some users are still falling victim to it.
Physical threats pushing crypto whales to increase their security
Interestingly, the risk of exploiting and being the target of phishing scams is not the only challenge crypto users face. There have also been increasing physical and violent attacks on known crypto holders and their relatives.
Recently, the daughter of Paymium CEO Pierre Noizat was almost abducted in Paris. Paymium is a France-based crypto exchange. This was not a one-off incident, as the father of another crypto entrepreneur was previously abducted in the city but rescued by the police.
Even the co-founder of Ledger, David Ballant, was also abducted in January with his wife in Paris and had his finger severed before his eventual release.
While France appears to be the hotspot, there have also been several incidents in other countries.Ā A public directory of known crypto attacks by Jameson Loop showed that there have been three attacks this month, with the most recent happening on May 14 when three Chinese citizens tried to rob a mining facility in Paraguay.
With the risks of physical attacks for crypto users now rising, it is unsurprising that large crypto holders are turning to private security firms. According to reports by Bloomberg, Wall Street Journal, and Wired, crypto whales have increased their demand for bodyguards.
That demand will likely increase with recent data leaks from exchanges putting personal information, including crypto usersā physical locations, in bad actorsā hands.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
Microsoft Sounds Alarm: New Trojan Targets Top Crypto Wallet Extensions (Metamask, Trust, Phantom, Coinbase+) on Google Chrome š
#Microsoft
#Trojan
#Malwareattack
#Microsoft
#Trojan
#Malwareattack
Microsoft Strikes Back: Over 2,300 Lumma Malware Websites Takedown in Global Cybercrime Crackdown
In a major blow against digital crime, Microsoft joined forces with international partners to dismantle a vast cybercriminal network that used over 2,300 malicious websites to spread the notorious Lumma Stealer malware. These sites were responsible for stealing login credentials, credit card data, and access to cryptocurrency wallets.
The operation, led by Microsoftās Digital Crimes Unit, was authorized by a federal court in Georgia to disable and seize critical components of Lummaās infrastructure. Authorities also took control of Lummaās command system and shut down its marketplace where the malware was being sold to other cybercriminals.
š¹ The international coalition included Cloudflare, BitSight, and Lumen, as well as Europol and Japanese law enforcement agencies, who worked together to shut down Lummaās local server infrastructure.
Lumma: The Silent Data Thief
Lumma Stealer first emerged on underground forums in 2022 and quickly became a favorite tool among hackers for automated data theft. Between March and May 2025, Microsoft detected over 394,000 infected Windows machines. Criminals used it in phishing schemesāsuch as fake Booking.com pagesāand attacks on gaming platforms, healthcare, logistics, and more.
The malware spreads through malicious emails, browser extensions, and infected files, and once installed, immediately starts collecting and transmitting sensitive data.
Crypto Crime in Numbers: Millions Vanished
š¹ In March, Lumma was used to target educational systems and online gaming communities.
š¹ Chinese printer company Procolored was recently accused of distributing crypto-stealing malware through its official driversāleading to $953,000 in stolen assets.
Crypto attacks are also becoming commercialized, with ready-to-use tools available via SaaS models for as little as $100, opening the doors to amateur hackers.
According to the FBI, Americans lost over $9 billion to crypto scams in 2024 alone, with seniors over 60 being the most vulnerable. Chainalysis reported global losses of $51 billion, citing the rise of professional criminal rings, cartels, state-sponsored hacking, and AI-powered fraud.
Microsoft Issues a Warning: The Threat Grows
Microsoft warns that crypto theft and data breaches are accelerating, with hackers using increasingly sophisticated tacticsāincluding artificial intelligence and decentralized swapping protocols like THORChain.
But the operation also proves that collaboration between tech firms and global authorities can deliver real results. By dismantling Lumma, Microsoft sends a clear message to the cyber underworld: justice in the digital world is realāand it's swift.
#CyberSecurity , #Malwareattack , #cybercrime , #CryptoSecurity , #CryptoNewss
Stay one step ahead ā follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.ā
The operation, led by Microsoftās Digital Crimes Unit, was authorized by a federal court in Georgia to disable and seize critical components of Lummaās infrastructure. Authorities also took control of Lummaās command system and shut down its marketplace where the malware was being sold to other cybercriminals.
š¹ The international coalition included Cloudflare, BitSight, and Lumen, as well as Europol and Japanese law enforcement agencies, who worked together to shut down Lummaās local server infrastructure.
Lumma: The Silent Data Thief
Lumma Stealer first emerged on underground forums in 2022 and quickly became a favorite tool among hackers for automated data theft. Between March and May 2025, Microsoft detected over 394,000 infected Windows machines. Criminals used it in phishing schemesāsuch as fake Booking.com pagesāand attacks on gaming platforms, healthcare, logistics, and more.
The malware spreads through malicious emails, browser extensions, and infected files, and once installed, immediately starts collecting and transmitting sensitive data.
Crypto Crime in Numbers: Millions Vanished
š¹ In March, Lumma was used to target educational systems and online gaming communities.
š¹ Chinese printer company Procolored was recently accused of distributing crypto-stealing malware through its official driversāleading to $953,000 in stolen assets.
Crypto attacks are also becoming commercialized, with ready-to-use tools available via SaaS models for as little as $100, opening the doors to amateur hackers.
According to the FBI, Americans lost over $9 billion to crypto scams in 2024 alone, with seniors over 60 being the most vulnerable. Chainalysis reported global losses of $51 billion, citing the rise of professional criminal rings, cartels, state-sponsored hacking, and AI-powered fraud.
Microsoft Issues a Warning: The Threat Grows
Microsoft warns that crypto theft and data breaches are accelerating, with hackers using increasingly sophisticated tacticsāincluding artificial intelligence and decentralized swapping protocols like THORChain.
But the operation also proves that collaboration between tech firms and global authorities can deliver real results. By dismantling Lumma, Microsoft sends a clear message to the cyber underworld: justice in the digital world is realāand it's swift.
#CyberSecurity , #Malwareattack , #cybercrime , #CryptoSecurity , #CryptoNewss
Stay one step ahead ā follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.ā
See original
*A new Android malware threatens crypto wallets šØ*
The security company ThreatFabric has discovered *Crocodilus*, an Android malware specifically targeting cryptocurrency wallets. This malicious software, disguised as legitimate applications related to crypto-assets, uses *social engineering* techniques to prompt users to save their recovery phrases (*seed phrases*).
Once installed, *Crocodilus* exploits *Android's accessibility permissions* to:
-Take remote control of the phone
-Overlay fraudulent screens (*overlays*)
-Steal sensitive data
*Protect yourself*: always check the legitimacy of applications and avoid granting sensitive permissions without justification.
#Binance
#MarketPullback
#TrendingTopic
#Malwareattack
$BTC
$ETH
$XRP
The security company ThreatFabric has discovered *Crocodilus*, an Android malware specifically targeting cryptocurrency wallets. This malicious software, disguised as legitimate applications related to crypto-assets, uses *social engineering* techniques to prompt users to save their recovery phrases (*seed phrases*).
Once installed, *Crocodilus* exploits *Android's accessibility permissions* to:
-Take remote control of the phone
-Overlay fraudulent screens (*overlays*)
-Steal sensitive data
*Protect yourself*: always check the legitimacy of applications and avoid granting sensitive permissions without justification.
#Binance
#MarketPullback
#TrendingTopic
#Malwareattack
$BTC
$ETH
$XRP
Login to explore more contents