Malwareattack
26,844 visningar
14 diskuterar
Rekommenderas
Senaste
Microsoft Strikes Back: Over 2,300 Lumma Malware Websites Takedown in Global Cybercrime Crackdown
In a major blow against digital crime, Microsoft joined forces with international partners to dismantle a vast cybercriminal network that used over 2,300 malicious websites to spread the notorious Lumma Stealer malware. These sites were responsible for stealing login credentials, credit card data, and access to cryptocurrency wallets.
The operation, led by Microsoft’s Digital Crimes Unit, was authorized by a federal court in Georgia to disable and seize critical components of Lumma’s infrastructure. Authorities also took control of Lumma’s command system and shut down its marketplace where the malware was being sold to other cybercriminals.
🔹 The international coalition included Cloudflare, BitSight, and Lumen, as well as Europol and Japanese law enforcement agencies, who worked together to shut down Lumma’s local server infrastructure.
Lumma: The Silent Data Thief
Lumma Stealer first emerged on underground forums in 2022 and quickly became a favorite tool among hackers for automated data theft. Between March and May 2025, Microsoft detected over 394,000 infected Windows machines. Criminals used it in phishing schemes—such as fake Booking.com pages—and attacks on gaming platforms, healthcare, logistics, and more.
The malware spreads through malicious emails, browser extensions, and infected files, and once installed, immediately starts collecting and transmitting sensitive data.
Crypto Crime in Numbers: Millions Vanished
🔹 In March, Lumma was used to target educational systems and online gaming communities.
🔹 Chinese printer company Procolored was recently accused of distributing crypto-stealing malware through its official drivers—leading to $953,000 in stolen assets.
Crypto attacks are also becoming commercialized, with ready-to-use tools available via SaaS models for as little as $100, opening the doors to amateur hackers.
According to the FBI, Americans lost over $9 billion to crypto scams in 2024 alone, with seniors over 60 being the most vulnerable. Chainalysis reported global losses of $51 billion, citing the rise of professional criminal rings, cartels, state-sponsored hacking, and AI-powered fraud.
Microsoft Issues a Warning: The Threat Grows
Microsoft warns that crypto theft and data breaches are accelerating, with hackers using increasingly sophisticated tactics—including artificial intelligence and decentralized swapping protocols like THORChain.
But the operation also proves that collaboration between tech firms and global authorities can deliver real results. By dismantling Lumma, Microsoft sends a clear message to the cyber underworld: justice in the digital world is real—and it's swift.
#CyberSecurity , #Malwareattack , #cybercrime , #CryptoSecurity , #CryptoNewss
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
The operation, led by Microsoft’s Digital Crimes Unit, was authorized by a federal court in Georgia to disable and seize critical components of Lumma’s infrastructure. Authorities also took control of Lumma’s command system and shut down its marketplace where the malware was being sold to other cybercriminals.
🔹 The international coalition included Cloudflare, BitSight, and Lumen, as well as Europol and Japanese law enforcement agencies, who worked together to shut down Lumma’s local server infrastructure.
Lumma: The Silent Data Thief
Lumma Stealer first emerged on underground forums in 2022 and quickly became a favorite tool among hackers for automated data theft. Between March and May 2025, Microsoft detected over 394,000 infected Windows machines. Criminals used it in phishing schemes—such as fake Booking.com pages—and attacks on gaming platforms, healthcare, logistics, and more.
The malware spreads through malicious emails, browser extensions, and infected files, and once installed, immediately starts collecting and transmitting sensitive data.
Crypto Crime in Numbers: Millions Vanished
🔹 In March, Lumma was used to target educational systems and online gaming communities.
🔹 Chinese printer company Procolored was recently accused of distributing crypto-stealing malware through its official drivers—leading to $953,000 in stolen assets.
Crypto attacks are also becoming commercialized, with ready-to-use tools available via SaaS models for as little as $100, opening the doors to amateur hackers.
According to the FBI, Americans lost over $9 billion to crypto scams in 2024 alone, with seniors over 60 being the most vulnerable. Chainalysis reported global losses of $51 billion, citing the rise of professional criminal rings, cartels, state-sponsored hacking, and AI-powered fraud.
Microsoft Issues a Warning: The Threat Grows
Microsoft warns that crypto theft and data breaches are accelerating, with hackers using increasingly sophisticated tactics—including artificial intelligence and decentralized swapping protocols like THORChain.
But the operation also proves that collaboration between tech firms and global authorities can deliver real results. By dismantling Lumma, Microsoft sends a clear message to the cyber underworld: justice in the digital world is real—and it's swift.
#CyberSecurity , #Malwareattack , #cybercrime , #CryptoSecurity , #CryptoNewss
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🚨Whoa, that’s a serious red flag — malware hiding in printer drivers is next-level sneaky.
Here’s the TL;DR and what to do:
What Happened:
Malware was bundled with official-looking drivers from Procolored (UV printers).
It quietly hijacks copied crypto wallet addresses — when you paste yours, it pastes theirs instead.
Nearly $1M in BTC stolen this way.
Who’s at Risk:
Anyone who downloaded Procolored drivers from MEGA since Oct 2023.
What You Should Do:
Check your clipboard history (if available) for suspicious address replacements.
Run a full malware scan (Malwarebytes, Windows Defender, etc.).
If you’re exposed: Wipe & reinstall your OS (seriously).
Always double-check wallet addresses after pasting.
Lesson: Even "harmless" things like printers can be Trojan horses. Trust, but verify — especially when money's involved.
#bitcoin #Malwareattack #Cybersecurity
Here’s the TL;DR and what to do:
What Happened:
Malware was bundled with official-looking drivers from Procolored (UV printers).
It quietly hijacks copied crypto wallet addresses — when you paste yours, it pastes theirs instead.
Nearly $1M in BTC stolen this way.
Who’s at Risk:
Anyone who downloaded Procolored drivers from MEGA since Oct 2023.
What You Should Do:
Check your clipboard history (if available) for suspicious address replacements.
Run a full malware scan (Malwarebytes, Windows Defender, etc.).
If you’re exposed: Wipe & reinstall your OS (seriously).
Always double-check wallet addresses after pasting.
Lesson: Even "harmless" things like printers can be Trojan horses. Trust, but verify — especially when money's involved.
#bitcoin #Malwareattack #Cybersecurity
Cryptopolitan
--
Bitcoin-stealing malware found in Chinese printer driver
Security experts have uncovered a malware program that steals Bitcoin in the official driver of Procolored, a printer company based in Shenzhen, China. In a post on X, the experts said the hackers had used the malware to steal 9.3 Bitcoin.
According to the tech website Blue Dot Network, Procolored transferred the infected driver from a USB flash drive and uploaded it to its servers for users to download. It is unclear whether this was a deliberate attack by the company or if it involved a third party.
However, experts believe the driver was developed by a third party who likely added the malware. They noted that most hardware manufacturers in China outsource their software development to third parties. Thus, the third-party developer likely sent the driver to Procolored using a USB flash drive after adding the backdoor.
Meanwhile, Yu Xian, the founder of blockchain security firm SlowMist, has further investigated the issue and discovered how the backdoor functions. He explained that the code in the printer driver could hijack wallet addresses on the users’ clipboards and change them to those of the attacker.
He said:
“This printer’s official driver comes with backdoor code… which can hijack the wallet address in the user’s clipboard and replace it with the attacker’s own: 1BQZKqdp2CV3QV5nUEsqSglygegLmqRygJ.”
While this might look like an address poisoning attack, Xian admitted it is a classic case, noting that the stolen Bitcoin had been laundered long ago.
Overview of the hacker address (Source: Yu Xian)
Interestingly, he found that all the stolen BTC was not due to the printer alone, as the malware had been active for eight years and infected several applications. The first theft happened back in April 2016, while the most recent was in March 2024.
Bitcoin attack vectors continue to grow with crypto market expansion
Meanwhile, the incident highlights the variation of threats that crypto users are facing. With the crypto market expanding in size and value and attracting more mainstream attention, bad actors have also turned their eyes toward it.
The result is a growing number of attack vectors that the average crypto user may need to face. These attacks, ranging from phishing to malware to exploiting vulnerabilities, have allowed bad actors to make over $1.7 billion this year alone.
While most of these attack vectors are not new, scammers also leverage some crypto users’ ignorance to steal their funds. For instance, users of hardware wallet Ledger have been getting physical letters and fake wallets that look like the original ledger, asking them to migrate their crypto assets to the new device.
According to experts, this scam is not new. It dates back to 2021, when hackers gained access to the information of several Ledger users, including their names, emails, and even physical mailing addresses. However, some users are still falling victim to it.
Physical threats pushing crypto whales to increase their security
Interestingly, the risk of exploiting and being the target of phishing scams is not the only challenge crypto users face. There have also been increasing physical and violent attacks on known crypto holders and their relatives.
Recently, the daughter of Paymium CEO Pierre Noizat was almost abducted in Paris. Paymium is a France-based crypto exchange. This was not a one-off incident, as the father of another crypto entrepreneur was previously abducted in the city but rescued by the police.
Even the co-founder of Ledger, David Ballant, was also abducted in January with his wife in Paris and had his finger severed before his eventual release.
While France appears to be the hotspot, there have also been several incidents in other countries. A public directory of known crypto attacks by Jameson Loop showed that there have been three attacks this month, with the most recent happening on May 14 when three Chinese citizens tried to rob a mining facility in Paraguay.
With the risks of physical attacks for crypto users now rising, it is unsurprising that large crypto holders are turning to private security firms. According to reports by Bloomberg, Wall Street Journal, and Wired, crypto whales have increased their demand for bodyguards.
That demand will likely increase with recent data leaks from exchanges putting personal information, including crypto users’ physical locations, in bad actors’ hands.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
According to the tech website Blue Dot Network, Procolored transferred the infected driver from a USB flash drive and uploaded it to its servers for users to download. It is unclear whether this was a deliberate attack by the company or if it involved a third party.
However, experts believe the driver was developed by a third party who likely added the malware. They noted that most hardware manufacturers in China outsource their software development to third parties. Thus, the third-party developer likely sent the driver to Procolored using a USB flash drive after adding the backdoor.
Meanwhile, Yu Xian, the founder of blockchain security firm SlowMist, has further investigated the issue and discovered how the backdoor functions. He explained that the code in the printer driver could hijack wallet addresses on the users’ clipboards and change them to those of the attacker.
He said:
“This printer’s official driver comes with backdoor code… which can hijack the wallet address in the user’s clipboard and replace it with the attacker’s own: 1BQZKqdp2CV3QV5nUEsqSglygegLmqRygJ.”
While this might look like an address poisoning attack, Xian admitted it is a classic case, noting that the stolen Bitcoin had been laundered long ago.
Overview of the hacker address (Source: Yu Xian)
Interestingly, he found that all the stolen BTC was not due to the printer alone, as the malware had been active for eight years and infected several applications. The first theft happened back in April 2016, while the most recent was in March 2024.
Bitcoin attack vectors continue to grow with crypto market expansion
Meanwhile, the incident highlights the variation of threats that crypto users are facing. With the crypto market expanding in size and value and attracting more mainstream attention, bad actors have also turned their eyes toward it.
The result is a growing number of attack vectors that the average crypto user may need to face. These attacks, ranging from phishing to malware to exploiting vulnerabilities, have allowed bad actors to make over $1.7 billion this year alone.
While most of these attack vectors are not new, scammers also leverage some crypto users’ ignorance to steal their funds. For instance, users of hardware wallet Ledger have been getting physical letters and fake wallets that look like the original ledger, asking them to migrate their crypto assets to the new device.
According to experts, this scam is not new. It dates back to 2021, when hackers gained access to the information of several Ledger users, including their names, emails, and even physical mailing addresses. However, some users are still falling victim to it.
Physical threats pushing crypto whales to increase their security
Interestingly, the risk of exploiting and being the target of phishing scams is not the only challenge crypto users face. There have also been increasing physical and violent attacks on known crypto holders and their relatives.
Recently, the daughter of Paymium CEO Pierre Noizat was almost abducted in Paris. Paymium is a France-based crypto exchange. This was not a one-off incident, as the father of another crypto entrepreneur was previously abducted in the city but rescued by the police.
Even the co-founder of Ledger, David Ballant, was also abducted in January with his wife in Paris and had his finger severed before his eventual release.
While France appears to be the hotspot, there have also been several incidents in other countries. A public directory of known crypto attacks by Jameson Loop showed that there have been three attacks this month, with the most recent happening on May 14 when three Chinese citizens tried to rob a mining facility in Paraguay.
With the risks of physical attacks for crypto users now rising, it is unsurprising that large crypto holders are turning to private security firms. According to reports by Bloomberg, Wall Street Journal, and Wired, crypto whales have increased their demand for bodyguards.
That demand will likely increase with recent data leaks from exchanges putting personal information, including crypto users’ physical locations, in bad actors’ hands.
Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now
مجموعة "لازاروس" تتحول لحوت بيتكوين حيث تمتلك بيتكوين بقيمة مليار دولار: التفاصيل
أصبحت مجموعة “لازاروس”، المسؤولة عن اختراق “Bybit” الأخير بقيمة 1.5 مليار دولار، واحدة من أكبر حيتان البيتكوين، بعد امتلاكها 13,518 بيتكوين بقيمة 1.13 مليار دولار، وفقا لـ “Arkham Intelligence”.
تجعل هذه الحيازات كوريا الشمالية خامس أكبر دولة من حيث ملكية البيتكوين بعد الولايات المتحدة، الصين، المملكة المتحدة، وأوكرانيا، متجاوزة حيازات بوتان (13,029 بيتكوين) والسلفادور (6089 بيتكوين).
إلى جانب ذلك، تحتوي محافظ “لازاروس” على 13,702 ايثيريوم (26 مليون دولار)، و5022 BNB (3 مليون دولار)، و2.2 مليون دولار من DAI، إلى جانب عملات رقمية مستقرة أخرى.
كما أفادت “CertiK” بأن المجموعة أودعت 400 ايثيريوم (750 ألف دولار) في خدمة “Tornado Cash” للخلط.
في سياق آخر، كشفت “Socket” أن لازاروس نشرت برمجيات خبيثة جديدة لاستهداف محافظ العملات المشفرة، مثل سولانا وExodus، عبر مكتبات JavaScript مُزيّفة لسرقة بيانات الاعتماد.
وفي تطور متصل، علّقت OKX منصتها اللامركزية Web3 DEX بعد اكتشاف محاولة لازاروس لاستغلال خدمات التمويل اللامركزي (DeFi).
وأفادت بلومبرغ بأن المجمع استُخدم لغسل 100 مليون دولار من العملات الرقمية المرتبطة بالمجموعة.
#bybit
#WhaleManipulation #JavaScript #Malwareattack
#LazarusGroup
$ETH
أصبحت مجموعة “لازاروس”، المسؤولة عن اختراق “Bybit” الأخير بقيمة 1.5 مليار دولار، واحدة من أكبر حيتان البيتكوين، بعد امتلاكها 13,518 بيتكوين بقيمة 1.13 مليار دولار، وفقا لـ “Arkham Intelligence”.
تجعل هذه الحيازات كوريا الشمالية خامس أكبر دولة من حيث ملكية البيتكوين بعد الولايات المتحدة، الصين، المملكة المتحدة، وأوكرانيا، متجاوزة حيازات بوتان (13,029 بيتكوين) والسلفادور (6089 بيتكوين).
إلى جانب ذلك، تحتوي محافظ “لازاروس” على 13,702 ايثيريوم (26 مليون دولار)، و5022 BNB (3 مليون دولار)، و2.2 مليون دولار من DAI، إلى جانب عملات رقمية مستقرة أخرى.
كما أفادت “CertiK” بأن المجموعة أودعت 400 ايثيريوم (750 ألف دولار) في خدمة “Tornado Cash” للخلط.
في سياق آخر، كشفت “Socket” أن لازاروس نشرت برمجيات خبيثة جديدة لاستهداف محافظ العملات المشفرة، مثل سولانا وExodus، عبر مكتبات JavaScript مُزيّفة لسرقة بيانات الاعتماد.
وفي تطور متصل، علّقت OKX منصتها اللامركزية Web3 DEX بعد اكتشاف محاولة لازاروس لاستغلال خدمات التمويل اللامركزي (DeFi).
وأفادت بلومبرغ بأن المجمع استُخدم لغسل 100 مليون دولار من العملات الرقمية المرتبطة بالمجموعة.
#bybit
#WhaleManipulation #JavaScript #Malwareattack
#LazarusGroup
$ETH
تزايدت سرقة العملات المشفرة مع قيام القراصنة ببيع هواتف مزيفة مزودة ببرامج ضارة
كشفت شركة كاسبرسكي للأمن السيبراني أن قراصنة يستخدمون برمجيات خبيثة مثبتة في أجهزة أندرويد لسرقة العملات المشفرة.
ونصحت الشركة المستخدمين بتوخي الحذر.
مع تطور عالم العملات المشفرة، يبتكر المخترقون طرقًا جديدة لسرقة الأصول الرقمية للمستخدمين. كشف خبراء كاسبرسكي لاب أن المخترقين يستخدمون هواتف أندرويد الذكية المزيفة لسرقة العملات المشفرة.
ووفقًا لشركة كاسبرسكي للأمن السيبراني، فقد اكتشفت آلاف أجهزة أندرويد المصابة ببرامج ضارة، والمطورة خصيصًا لسرقة بيانات المستخدمين والعملات المشفرة. وغالبًا ما تُباع هذه الأجهزة بأسعار منخفضة لجذب المشترين.
وأحدث البرامج الضارة هي نسخة معدلة من تريادا، وهو برنامج خبيث من نوع حصان طروادة للوصول عن بُعد يُستخدم لاختراق أجهزة أندرويد. وأفادت شركات الأمن أنها عثرت على أكثر من 2600 مستخدم متأثر بالإصدار الجديد من تريادا. وينتمي هؤلاء المستخدمون إلى مناطق مختلفة حول العالم، لكن غالبيتهم من روسيا.
#russia #HackerAlert #hackers #Malwareattack
#kaspersky
كشفت شركة كاسبرسكي للأمن السيبراني أن قراصنة يستخدمون برمجيات خبيثة مثبتة في أجهزة أندرويد لسرقة العملات المشفرة.
ونصحت الشركة المستخدمين بتوخي الحذر.
مع تطور عالم العملات المشفرة، يبتكر المخترقون طرقًا جديدة لسرقة الأصول الرقمية للمستخدمين. كشف خبراء كاسبرسكي لاب أن المخترقين يستخدمون هواتف أندرويد الذكية المزيفة لسرقة العملات المشفرة.
ووفقًا لشركة كاسبرسكي للأمن السيبراني، فقد اكتشفت آلاف أجهزة أندرويد المصابة ببرامج ضارة، والمطورة خصيصًا لسرقة بيانات المستخدمين والعملات المشفرة. وغالبًا ما تُباع هذه الأجهزة بأسعار منخفضة لجذب المشترين.
وأحدث البرامج الضارة هي نسخة معدلة من تريادا، وهو برنامج خبيث من نوع حصان طروادة للوصول عن بُعد يُستخدم لاختراق أجهزة أندرويد. وأفادت شركات الأمن أنها عثرت على أكثر من 2600 مستخدم متأثر بالإصدار الجديد من تريادا. وينتمي هؤلاء المستخدمون إلى مناطق مختلفة حول العالم، لكن غالبيتهم من روسيا.
#russia #HackerAlert #hackers #Malwareattack
#kaspersky
Hello everyone.
I want to address an issue that I haven't seen anyone online even mention.
And that is the USTC Miner.
Now, I am not sure if this a scam or not, but judging off of their page it could pose as malware who are trying to leech off of people for their money whilst advertising itself as a miner.
Basically, the way it works is you get into that website through a referral and then with a SINGLE click it mines for you. You can transfer USTC to USDT and make an insane amount of money.
The website itself doesn't explain a lot on how they actually profit or even work, as USTC, USDT and USDC is directly linked to the US Dollar.
Ergo, this lead me to believe that this specific miner IS malware.
But I would like to hear from some of you who have used it before to maybe explain more, as I haven't really delved too deep into it.
#ustcwarning #Malwareattack
I want to address an issue that I haven't seen anyone online even mention.
And that is the USTC Miner.
Now, I am not sure if this a scam or not, but judging off of their page it could pose as malware who are trying to leech off of people for their money whilst advertising itself as a miner.
Basically, the way it works is you get into that website through a referral and then with a SINGLE click it mines for you. You can transfer USTC to USDT and make an insane amount of money.
The website itself doesn't explain a lot on how they actually profit or even work, as USTC, USDT and USDC is directly linked to the US Dollar.
Ergo, this lead me to believe that this specific miner IS malware.
But I would like to hear from some of you who have used it before to maybe explain more, as I haven't really delved too deep into it.
#ustcwarning #Malwareattack
**برنامج ضار جديد لسرقة العملات الرقمية "MassJacker" يستهدف معاملات العملات المشفرة**
وفقًا لتقرير من Cointelegraph، ظهر نوع جديد من البرامج الضارة لسرقة العملات الرقمية يُعرف باسم **MassJacker**، والذي يستهدف المستخدمين الذين يقومون بتنزيل البرامج المقرصنة، حيث يقوم باختطاف معاملات العملات المشفرة عن طريق استبدال العناوين المخزنة. ينشأ هذا البرنامج الضار من موقع pesktop[dot]com، حيث قد يصيب المستخدمون غير الحذرين أجهزتهم دون قصد. بمجرد تثبيته، يقوم MassJacker باستبدال عناوين العملات المشفرة المخزنة في تطبيق الحافظة بعناوين يتحكم فيها المهاجم.
وتشير تقارير شركة **CyberArk** إلى أن 778,531 محفظة فريدة مرتبطة بهذا السرقة، على الرغم من أن 423 محفظة فقط كانت تحتوي على أصول رقمية في أي وقت. وبلغ إجمالي قيمة العملات المشفرة المخزنة أو المنقولة من هذه المحافظ حوالي **336,700 دولار** حتى شهر أغسطس. ومع ذلك، قد يختلف المدى الفعلي للسرقة. وكانت إحدى المحافظ نشطة بشكل خاص، حيث احتوت على أكثر من **600 Solana (SOL)** بقيمة تقارب **87,000 دولار**. كما كانت هذه المحفظة تحتوي سابقًا على رموز غير قابلة للاستبدال (NFTs) مثل **Gorilla Reborn** و**Susanoo**. وكشف تحليل للمحفظة على مستكشف بلوكشين Solana (**Solscan**) عن **1,184 معاملة** تعود إلى 11 مارس 2022. وشارك مالك المحفظة في أنشطة التمويل اللامركزي في نوفمبر 2024، حيث قام بتبادل رموز مثل **Jupiter (JUP)** و**Uniswap (UNI)** و**USDC (USDC)** و**Raydium (RAY)**.
برامج سرقة العملات المشفرة ليست ظاهرة جديدة. منذ إطلاق أول نص برمجي متاح للعامة لسرقة العملات المشفرة من قبل **Coinhive** في عام 2017، استهدف المهاجمون مجموعة متنوعة من الأجهزة عبر أنظمة تشغيل مختلفة. في فبراير 2025، حددت **Kaspersky Labs** برامج ضارة لسرقة العملات المشفرة في أدوات إنشاء التطبيقات لأنظمة **Android** و**iOS**، والتي كانت قادرة على مسح الصور بحثًا عن عبارات استرداد العملات المشفرة. وفي أكتوبر 2024، اكتشفت شركة الأمن السيبراني **Checkmarx** برامج ضارة لسرقة العملات المشفرة في منصة **Python Package Index**، وهي منصة لمشاركة المطورين للأكواد. كما استهدفت برامج ضارة أخرى أجهزة **macOS**.
يستخدم المهاجمون أساليب متطورة بشكل متزايد لتوزيع البرامج الضارة. ومن بين هذه الأساليب، عملية احتيال تتضمن عروض عمل وهمية، حيث يتم تجنيد الضحايا تحت ذريعة عرض عمل. وخلال مقابلة افتراضية، يطلب المهاجم من الضحية "إصلاح" مشاكل الوصول إلى الميكروفون أو الكاميرا، مما يؤدي إلى تثبيت البرنامج الضار الذي يسمح بتفريغ محفظة العملات المشفرة الخاصة بالضحية. تُعرف هجمات "Clipper"، التي تقوم بتغيير عناوين العملات المشفرة التي يتم نسخها إلى الحافظة، بأنها أقل شهرة من برامج الفدية أو البرامج الضارة التي تسرق المعلومات، ولكنها توفر مزايا للمهاجمين بسبب تشغيلها السري وغير الملحوظ وقدرتها على التخفي في بيئات الحماية (Sandbox)، كما أشارت **CyberArk**.
**ملاحظة:**
هذا النوع من الهجمات يسلط الضوء على أهمية الحذر عند تنزيل البرامج أو التفاعل مع عروض غير موثوقة، خاصة في عالم العملات المشفرة حيث يمكن أن تكون الخسائر كبيرة.
#USDC✅ #FollowTheLeadTrader #news_update
$SOL
$JUP
$UNI
وتشير تقارير شركة **CyberArk** إلى أن 778,531 محفظة فريدة مرتبطة بهذا السرقة، على الرغم من أن 423 محفظة فقط كانت تحتوي على أصول رقمية في أي وقت. وبلغ إجمالي قيمة العملات المشفرة المخزنة أو المنقولة من هذه المحافظ حوالي **336,700 دولار** حتى شهر أغسطس. ومع ذلك، قد يختلف المدى الفعلي للسرقة. وكانت إحدى المحافظ نشطة بشكل خاص، حيث احتوت على أكثر من **600 Solana (SOL)** بقيمة تقارب **87,000 دولار**. كما كانت هذه المحفظة تحتوي سابقًا على رموز غير قابلة للاستبدال (NFTs) مثل **Gorilla Reborn** و**Susanoo**. وكشف تحليل للمحفظة على مستكشف بلوكشين Solana (**Solscan**) عن **1,184 معاملة** تعود إلى 11 مارس 2022. وشارك مالك المحفظة في أنشطة التمويل اللامركزي في نوفمبر 2024، حيث قام بتبادل رموز مثل **Jupiter (JUP)** و**Uniswap (UNI)** و**USDC (USDC)** و**Raydium (RAY)**.
برامج سرقة العملات المشفرة ليست ظاهرة جديدة. منذ إطلاق أول نص برمجي متاح للعامة لسرقة العملات المشفرة من قبل **Coinhive** في عام 2017، استهدف المهاجمون مجموعة متنوعة من الأجهزة عبر أنظمة تشغيل مختلفة. في فبراير 2025، حددت **Kaspersky Labs** برامج ضارة لسرقة العملات المشفرة في أدوات إنشاء التطبيقات لأنظمة **Android** و**iOS**، والتي كانت قادرة على مسح الصور بحثًا عن عبارات استرداد العملات المشفرة. وفي أكتوبر 2024، اكتشفت شركة الأمن السيبراني **Checkmarx** برامج ضارة لسرقة العملات المشفرة في منصة **Python Package Index**، وهي منصة لمشاركة المطورين للأكواد. كما استهدفت برامج ضارة أخرى أجهزة **macOS**.
يستخدم المهاجمون أساليب متطورة بشكل متزايد لتوزيع البرامج الضارة. ومن بين هذه الأساليب، عملية احتيال تتضمن عروض عمل وهمية، حيث يتم تجنيد الضحايا تحت ذريعة عرض عمل. وخلال مقابلة افتراضية، يطلب المهاجم من الضحية "إصلاح" مشاكل الوصول إلى الميكروفون أو الكاميرا، مما يؤدي إلى تثبيت البرنامج الضار الذي يسمح بتفريغ محفظة العملات المشفرة الخاصة بالضحية. تُعرف هجمات "Clipper"، التي تقوم بتغيير عناوين العملات المشفرة التي يتم نسخها إلى الحافظة، بأنها أقل شهرة من برامج الفدية أو البرامج الضارة التي تسرق المعلومات، ولكنها توفر مزايا للمهاجمين بسبب تشغيلها السري وغير الملحوظ وقدرتها على التخفي في بيئات الحماية (Sandbox)، كما أشارت **CyberArk**.
**ملاحظة:**
هذا النوع من الهجمات يسلط الضوء على أهمية الحذر عند تنزيل البرامج أو التفاعل مع عروض غير موثوقة، خاصة في عالم العملات المشفرة حيث يمكن أن تكون الخسائر كبيرة.
#USDC✅ #FollowTheLeadTrader #news_update
$SOL
$JUP
$UNI
⚠️ تم الإبلاغ عن بيع بيانات أكثر من 100,000 مستخدم لمنصة Gemini وربما Binance على الدارك ويب، حيث تتضمن البيانات الأسماء الكاملة، البريد الإلكتروني، أرقام الهواتف، والموقع الجغرافي 😯
من جهتها، أكدت Binance أن هذا الاختراق لم يحدث من المنصة نفسها، بل قد يكون ناتجًا عن برمجيات خبيثة (malware) على أجهزة المستخدمين.
#scam #scamriskwarning #Malwareattack #Binance #bitcoin
$BTC
من جهتها، أكدت Binance أن هذا الاختراق لم يحدث من المنصة نفسها، بل قد يكون ناتجًا عن برمجيات خبيثة (malware) على أجهزة المستخدمين.
#scam #scamriskwarning #Malwareattack #Binance #bitcoin
$BTC
A new crypto-stealing malware is targeting iPhones and Android smartphones
#Alert🔴 #Malwareattack
A new cybersecurity threat is targeting users of both Android and iOS devices. According to a Kaspersky report, a malicious software development kit (SDK) has been spotted embedded in several apps available on Google Play and the Apple App Store. This SDK, dubbed SparkCat, is designed to steal cryptocurrency wallet recovery phrases using optical character recognition (OCR) technology. The campaign has already affected hundreds of thousands of users, with over 242,000 downloads recorded on the Google Play Store alone.
The malicious SDK operates differently on Android and iOS devices. On Android, it uses a Java component called Spark, which serves as an analytics module. This component retrieves encrypted configuration files from GitLab, which contain commands and updates for the malware. On iOS, the framework goes by various names, such as Gzip, googleappsdk, or stat, and uses a Rust-based networking module called im_net_sys to communicate with C2 servers.
The primary function of this malware is to scan images on a user’s device for cryptocurrency wallet recovery phrases. These phrases, often stored as screenshots or photos, are used to restore access to cryptocurrency wallets. The malware uses Google ML Kit OCR to extract text from images, targeting specific keywords in multiple languages, including Latin, Korean, Chinese, and Japanese. Once it identifies a recovery phrase, the stolen data is sent to the attackers’ servers, allowing them to access the victim’s cryptocurrency funds without needing a password.
Kaspersky’s investigation revealed that the malware is region-specific, with different keywords and targeting strategies for areas like Europe and Asia. However, the researchers caution that the apps could still function outside their intended regions, posing a risk to a broader audience.
So far, 18 Android apps and 10 iOS apps have been identified as infected. You can find the list of affected apps in Kaspersky's report here. One notable example is the Android app — ChatAi — which had been downloaded more than 50,000 times before being removed from the Google Play Store. However, many of the other infected apps remain available on both platforms, which is still a matter of concern.
If you suspect you’ve installed any of the malware-infected apps, you must uninstall them immediately. According to experts, it is also recommended to install a reputable mobile antivirus tool to scan your device for any lingering traces of the malware. In severe cases, a factory reset may be necessary to ensure complete removal. Self-hosted, offline password managers with vault features can also provide an additional layer of security.
$BTC
A new cybersecurity threat is targeting users of both Android and iOS devices. According to a Kaspersky report, a malicious software development kit (SDK) has been spotted embedded in several apps available on Google Play and the Apple App Store. This SDK, dubbed SparkCat, is designed to steal cryptocurrency wallet recovery phrases using optical character recognition (OCR) technology. The campaign has already affected hundreds of thousands of users, with over 242,000 downloads recorded on the Google Play Store alone.
The malicious SDK operates differently on Android and iOS devices. On Android, it uses a Java component called Spark, which serves as an analytics module. This component retrieves encrypted configuration files from GitLab, which contain commands and updates for the malware. On iOS, the framework goes by various names, such as Gzip, googleappsdk, or stat, and uses a Rust-based networking module called im_net_sys to communicate with C2 servers.
The primary function of this malware is to scan images on a user’s device for cryptocurrency wallet recovery phrases. These phrases, often stored as screenshots or photos, are used to restore access to cryptocurrency wallets. The malware uses Google ML Kit OCR to extract text from images, targeting specific keywords in multiple languages, including Latin, Korean, Chinese, and Japanese. Once it identifies a recovery phrase, the stolen data is sent to the attackers’ servers, allowing them to access the victim’s cryptocurrency funds without needing a password.
Kaspersky’s investigation revealed that the malware is region-specific, with different keywords and targeting strategies for areas like Europe and Asia. However, the researchers caution that the apps could still function outside their intended regions, posing a risk to a broader audience.
So far, 18 Android apps and 10 iOS apps have been identified as infected. You can find the list of affected apps in Kaspersky's report here. One notable example is the Android app — ChatAi — which had been downloaded more than 50,000 times before being removed from the Google Play Store. However, many of the other infected apps remain available on both platforms, which is still a matter of concern.
If you suspect you’ve installed any of the malware-infected apps, you must uninstall them immediately. According to experts, it is also recommended to install a reputable mobile antivirus tool to scan your device for any lingering traces of the malware. In severe cases, a factory reset may be necessary to ensure complete removal. Self-hosted, offline password managers with vault features can also provide an additional layer of security.
$BTC
🐊 Crocodilus Dangerous Android Trojan Hunting Cryptocurrency
🛃 Cybersecurity researchers at Threat Fabric have discovered a new family of mobile malware that can trick Android users into revealing their cryptocurrency wallet seed phrases.
📃 According to a report from March 28, the Crocodilus malware uses fake screens on top of legitimate apps and displays a warning about the need to back up your crypto wallet key within a certain period of time.
🗣️ “After the victim enters the app password, a message appears on the screen: ‘Back up your wallet key in Settings within 12 hours. Otherwise, the app will be reset and you may lose access to your wallet,’” Threat Fabric explains.
🧙This social engineering trick directs the user to the seed phrase section, which allows Crocodilus to collect this information via Android’s accessibility logger. Once the attackers obtain the seed phrase, they gain full control over the wallet and can “empty it completely.”
🐊 Crocodilus is a new malware that, according to experts, has all the features of modern hacking software, including attacks using screen overlays, advanced data collection through screen capture with sensitive information (such as passwords), and remote access to gain control over the infected device.
⚙️ The initial infection occurs when the malware is unintentionally downloaded as part of other software that bypasses Android 13 protection and other security mechanisms.
🛡️Once installed 🐊 Crocodilus requests that the accessibility service be enabled, which allows the hackers to access the device.
“Once these rights are granted, the malware connects to the command and control (C2) server to receive instructions, including a list of target applications and screen overlays,” Threat Fabric notes.
🔐 The malware runs continuously, monitoring application launches and displaying overlays to intercept credentials. When the targeted banking or cryptocurrency app is opened, a fake screen is launched on top of it, and the hackers take control of the device.
“With stolen personal data and credentials, attackers can take full control of the victim’s device using built-in remote access and secretly make fraudulent transactions,” the experts warn.
#Malwareattack #SAFU🙏 #SecurityAlert #Crocodilus #Alert🔴
📃 According to a report from March 28, the Crocodilus malware uses fake screens on top of legitimate apps and displays a warning about the need to back up your crypto wallet key within a certain period of time.
🗣️ “After the victim enters the app password, a message appears on the screen: ‘Back up your wallet key in Settings within 12 hours. Otherwise, the app will be reset and you may lose access to your wallet,’” Threat Fabric explains.
🧙This social engineering trick directs the user to the seed phrase section, which allows Crocodilus to collect this information via Android’s accessibility logger. Once the attackers obtain the seed phrase, they gain full control over the wallet and can “empty it completely.”
🐊 Crocodilus is a new malware that, according to experts, has all the features of modern hacking software, including attacks using screen overlays, advanced data collection through screen capture with sensitive information (such as passwords), and remote access to gain control over the infected device.
⚙️ The initial infection occurs when the malware is unintentionally downloaded as part of other software that bypasses Android 13 protection and other security mechanisms.
🛡️Once installed 🐊 Crocodilus requests that the accessibility service be enabled, which allows the hackers to access the device.
“Once these rights are granted, the malware connects to the command and control (C2) server to receive instructions, including a list of target applications and screen overlays,” Threat Fabric notes.
🔐 The malware runs continuously, monitoring application launches and displaying overlays to intercept credentials. When the targeted banking or cryptocurrency app is opened, a fake screen is launched on top of it, and the hackers take control of the device.
“With stolen personal data and credentials, attackers can take full control of the victim’s device using built-in remote access and secretly make fraudulent transactions,” the experts warn.
#Malwareattack #SAFU🙏 #SecurityAlert #Crocodilus #Alert🔴
🚨TRUFLATION HACKER MOVES ~4.5 WBTC FOR 230 ETH
🔹Truflation, a blockchain inflation data platform, was hit by $5.2M malware attack last year
🔹Hacker laundered funds via Tornado Cash
🔹4.5 WBTC moved for 230 ETH
#Truflation #Hack #ETH #MalwareAttack #TornadoCash $ETH
$BTC
🔹Truflation, a blockchain inflation data platform, was hit by $5.2M malware attack last year
🔹Hacker laundered funds via Tornado Cash
🔹4.5 WBTC moved for 230 ETH
#Truflation #Hack #ETH #MalwareAttack #TornadoCash $ETH
$BTC
BEWARE! Crocodilus Malware Targets Your Android Crypto Wallet!
A new malware called Crocodilus is lurking on Android users, especially those who store crypto assets in digital wallets.
This malware disguises itself as a legitimate application and uses overlay techniques to steal your seed phrase.
How Crocodilus works:
Posing as a legitimate app and requesting accessibility service access.
Displays a fake overlay asking you to enter a seed phrase for security reasons.
Once it gains access, malware can remotely take over your device and steal sensitive data.
Tips to protect yourself:
Avoid downloading apps from unofficial sources.
Never enter your seed phrase into any suspicious app.
Check app permissions regularly and revoke unnecessary access.
Use a trusted security app to scan your device.
Don't let your crypto assets be stolen by this dangerous malware!
#CryptoNews #Malwareattack
A new malware called Crocodilus is lurking on Android users, especially those who store crypto assets in digital wallets.
This malware disguises itself as a legitimate application and uses overlay techniques to steal your seed phrase.
How Crocodilus works:
Posing as a legitimate app and requesting accessibility service access.
Displays a fake overlay asking you to enter a seed phrase for security reasons.
Once it gains access, malware can remotely take over your device and steal sensitive data.
Tips to protect yourself:
Avoid downloading apps from unofficial sources.
Never enter your seed phrase into any suspicious app.
Check app permissions regularly and revoke unnecessary access.
Use a trusted security app to scan your device.
Don't let your crypto assets be stolen by this dangerous malware!
#CryptoNews #Malwareattack
Microsoft Sounds Alarm: New Trojan Targets Top Crypto Wallet Extensions (Metamask, Trust, Phantom, Coinbase+) on Google Chrome 🆘
#Microsoft
#Trojan
#Malwareattack
#Microsoft
#Trojan
#Malwareattack
*Un nouveau malware Android menace les portefeuilles crypto 🚨*
La société de sécurité ThreatFabric a découvert *Crocodilus*, un malware Android ciblant spécifiquement les portefeuilles de cryptomonnaies. Ce logiciel malveillant, camouflé en applications légitimes liées aux crypto-actifs, utilise des techniques d'*ingénierie sociale* pour inciter les utilisateurs à sauvegarder leurs phrases de récupération (*seed phrases*).
Une fois installé, *Crocodilus* exploite les *permissions d’accessibilité d’Android* pour :
-Prendre le contrôle à distance du téléphone
-Superposer des écrans frauduleux (*overlays*)
-Voler des données sensibles
*Protégez-vous* : vérifiez toujours la légitimité des applications et évitez d’accorder des permissions sensibles sans justification.
#Binance
#MarketPullback
#TrendingTopic
#Malwareattack
$BTC
$ETH
$XRP
La société de sécurité ThreatFabric a découvert *Crocodilus*, un malware Android ciblant spécifiquement les portefeuilles de cryptomonnaies. Ce logiciel malveillant, camouflé en applications légitimes liées aux crypto-actifs, utilise des techniques d'*ingénierie sociale* pour inciter les utilisateurs à sauvegarder leurs phrases de récupération (*seed phrases*).
Une fois installé, *Crocodilus* exploite les *permissions d’accessibilité d’Android* pour :
-Prendre le contrôle à distance du téléphone
-Superposer des écrans frauduleux (*overlays*)
-Voler des données sensibles
*Protégez-vous* : vérifiez toujours la légitimité des applications et évitez d’accorder des permissions sensibles sans justification.
#Binance
#MarketPullback
#TrendingTopic
#Malwareattack
$BTC
$ETH
$XRP
Logga in för att utforska mer innehåll