π Fake Wallet App Steals Over $70,000 in Cryptocurrency
#FakeWalletApp #Cryptocurrency #PhishingAttack #WalletConnect #GooglePlayStore #MaliciousSoftware #Fraud #Scam #CyberSecurity
According to BlockBeats, a report from Checkpoint Research revealed that a fake wallet application on the Google Play Store managed to steal over $70,000 in cryptocurrency through a phishing attack. The malicious software, which impersonated WalletConnect, was available on the platform for four months before being reported and subsequently removed. The app misled users who trusted the official store, redirecting them to other websites and tricking them into authorizing transactions, thereby gaining access to their funds. The fraudulent application was downloaded 10,000 times, with 150 individuals falling victim to the scam.#FakeWalletApp #Cryptocurrency #PhishingAttack #WalletConnect #GooglePlayStore #MaliciousSoftware #Fraud #Scam #CyberSecurity
π Malware Targets Python Package Index, Steals Sensitive Data
#Malware #PythonPackageIndex #PyPI #SensitiveData #Cybersecurity #Checkmarx #MetaMask #TronLink #Ronin #Cybercrime #ArtificialIntelligence #MaliciousSoftware #DataTheft #McAfeeLabs #OpticalCharacterRecognition #HewlettPackard #WolfSecurity
According to Cointelegraph, researchers at the Checkmarx cybersecurity firm have identified a dangerous form of malware uploaded to the Python Package Index (PyPI). This platform, used by Python developers to download and share code, has been compromised by malware that steals private keys, mnemonic phrases, and other sensitive user data.
The malware was uploaded by a suspicious user in several software packages designed to mimic decoding applications for popular wallets such as MetaMask, Atomic, TronLink, and Ronin. The malicious software was embedded within parts of these packages, allowing it to go largely undetected due to its seemingly harmless code.
Checkmarx researchers first discovered this attack vector in March 2024, leading to the suspension of new projects and user accounts on the platform until the malicious elements were removed. Despite these efforts, the malware resurfaced in early October and has reportedly been downloaded more than 3,700 times since.
The issue of malware on the Python developer hub is part of a broader trend. In September, McAfee Labs discovered sophisticated malware targeting Android smartphones, capable of stealing private keys by scanning images stored on a phoneβs internal memory. This malware used optical character recognition technology to extract text from images and was spread through text message links, prompting users to download fraudulent applications.
Additionally, Hewlett-Packardβs Wolf Security team revealed that cybercriminals are increasingly using artificial intelligence to create malware, significantly lowering the barrier to entry for creating malicious programs. In October, more than 28,000 users fell victim to malware disguised as office productivity software and gaming applications, although the malware only managed to steal a total of $6,000.#Malware #PythonPackageIndex #PyPI #SensitiveData #Cybersecurity #Checkmarx #MetaMask #TronLink #Ronin #Cybercrime #ArtificialIntelligence #MaliciousSoftware #DataTheft #McAfeeLabs #OpticalCharacterRecognition #HewlettPackard #WolfSecurity
π Cryptomist's Social Media Account Hacked, Fans Warned of Malicious Software
#Cryptomist #Hacked #SocialMedia #MaliciousSoftware #ZachXBT #CryptoInfluencer #SecurityAlert #Cybersecurity #RussianHackers #SocialEngineering
According to Odaily, blockchain investigator ZachXBT has issued a warning on the X platform regarding the hacking of the social media account of crypto influencer The Cryptomist. The account, allegedly compromised by Russian hackers, has been disseminating false information to followers in an attempt to trick them into downloading malicious software through social engineering tactics.
ZachXBT noted that he typically does not report minor incidents of this nature. However, he decided to make an exception in this case due to his extensive interaction with The Cryptomist's compromised account, having engaged with it over 45 times. Additionally, he expressed concern that his own followers were nearly deceived by the fraudulent messages.#Cryptomist #Hacked #SocialMedia #MaliciousSoftware #ZachXBT #CryptoInfluencer #SecurityAlert #Cybersecurity #RussianHackers #SocialEngineering
π TapiocaDAO Hack Linked To Malicious Software Download
#TapiocaDAO #hack #malicioussoftware #ZachXBT #cybersecurity #cryptocurrency #scam #Arbitrum #BSC
According to Odaily, ZachXBT has reported on his personal channel that the TapiocaDAO hack may have been caused by a team member downloading malicious software. This incident is also connected to other recent hacks, including those affecting Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll. These attacks were reportedly triggered by a fake job scam. It is estimated that approximately $4 million worth of stolen funds have been transferred from Arbitrum to BSC.#TapiocaDAO #hack #malicioussoftware #ZachXBT #cybersecurity #cryptocurrency #scam #Arbitrum #BSC
β€1
π Malicious Software Targets Crypto Wallets Through Fake Open Source Projects
#MaliciousSoftware #CryptoWallets #OpenSource #Malware #Cybersecurity #Gitvenom #FraudulentRepositories #ProgrammingLanguages
According to PANews, a covert malware campaign is targeting cryptocurrency wallets by embedding malicious code in fake open-source projects on Github. This operation, known as Gitvenom, deceives developers into executing hidden payloads. Researchers Georgy Kucherin and Joao Godinho uncovered this activity, where cybercriminals create fraudulent repositories that mimic legitimate software tools. The method of embedding malicious code varies depending on the programming language used in these fake projects.#MaliciousSoftware #CryptoWallets #OpenSource #Malware #Cybersecurity #Gitvenom #FraudulentRepositories #ProgrammingLanguages
π Sonatype Reports Surge in Open Source Malware in Early 2025
#Sonatype #OpenSourceMalware #npm #crypto #malware #softwareSecurity #cryptocurrency #Solana #VSCode #Truffle #maliciousSoftware #softwareSupplyChain #SOL
According to Foresight News, Sonatype, a company specializing in end-to-end software supply chain security, has released its Open Source Malware Index for the first quarter of 2025. The report highlights significant activities, including nearly ten incidents of npm crypto package hijackings, counterfeit VS Code Truffle packages, and malware targeting Solana developers.
The findings indicate that cryptocurrency mining software accounted for 7% of the malware detected in this period, doubling from 3.5% in the fourth quarter of 2024. This increase underscores the growing threat posed by malicious software in the open-source ecosystem.#Sonatype #OpenSourceMalware #npm #crypto #malware #softwareSecurity #cryptocurrency #Solana #VSCode #Truffle #maliciousSoftware #softwareSupplyChain #SOL
π Cybersecurity Alert: New Threats Target Atomic and Exodus Wallet Users
#Cybersecurity #Cryptocurrency #AtomicWallet #ExodusWallet #MaliciousSoftware #SoftwareSupplyChain #Hacking #SecurityThreats #ReversingLabs #PrivateKeys
According to PANews, cybersecurity experts have identified a new threat targeting users of Atomic and Exodus wallets. Attackers are uploading malicious software packages to online code repositories with the intent to steal cryptocurrency private keys. ReversingLabs security researchers have highlighted that this exploit involves hiding malicious code within seemingly legitimate npm software packages, which are widely used by software developers.
The malicious packages operate by installing patches that lock local installations of Atomic and Exodus wallet files, overwriting original files to manipulate the user interface. This deception aims to trick unsuspecting victims into transferring cryptocurrency to fraudulent addresses. As the cryptocurrency industry continues to grapple with hackers, software supply chain attacks are emerging as a new threat vector against cryptocurrency holders. Attackers are employing increasingly sophisticated methods to evade detection and steal user funds.#Cybersecurity #Cryptocurrency #AtomicWallet #ExodusWallet #MaliciousSoftware #SoftwareSupplyChain #Hacking #SecurityThreats #ReversingLabs #PrivateKeys
π Russian Hackers Exploit Firefox Extensions to Steal Cryptocurrency
#RussianHackers #FirefoxExtensions #CryptocurrencyTheft #GreedyBear #KoiSecurity #MaliciousSoftware #Phishing #ExtensionHollowing #DigitalSecurity #Cybercrime
According to PANews, a report by Koi Security reveals that the Russian hacker group GreedyBear has stolen over $1 million in cryptocurrency over the past five weeks. The group utilized 150 weaponized Firefox extensions, nearly 500 malicious executable files, and numerous phishing websites to carry out their operations.
Koi Security's Chief Technology Officer, Idan Dardikman, stated that the Firefox extension attacks have been the most lucrative method for the hackers so far, contributing significantly to the $1 million theft. This strategy involved creating fake versions of popular cryptocurrency wallets like MetaMask, Exodus, Rabby Wallet, and TronLink. The hackers employed a technique known as Extension Hollowing to bypass market security measures, initially uploading non-malicious versions of the extensions and later updating them with harmful code.
To further deceive users, the group posted fake reviews of the extensions, creating a false sense of trust and reliability. Once downloaded, these malicious extensions would steal wallet credentials, enabling the hackers to access and steal cryptocurrency.
Another major tactic used by the group involved nearly 500 malicious Windows executable files, which were distributed on Russian websites offering pirated or repackaged software. These executables included credential stealers, ransomware, and trojans, further expanding the group's reach and impact.#RussianHackers #FirefoxExtensions #CryptocurrencyTheft #GreedyBear #KoiSecurity #MaliciousSoftware #Phishing #ExtensionHollowing #DigitalSecurity #Cybercrime
π Angel Investor Loses Cryptocurrency to Malicious Software
#AngelInvestor #Cryptocurrency #Malware #CyberAttack #Web3 #Blockchain #Polygon #DigitalWallet #CyberSecurity #TwoFactorAuthentication #MetaToy #Telegram #MaliciousSoftware #OnlineScams #CryptoTheft #SecurityBreach #TechNews
According to PANews, a professional angel investor, known for evaluating numerous Web3 projects and having extensive knowledge of online scams, recently fell victim to a cyber attack. The investor, Xu Xianlong, inadvertently downloaded a game launcher containing malware while testing a network game, resulting in the theft of cryptocurrency assets worth at least 100,000 yuan from his digital wallet.
Xu, an early investor in the blockchain platform Polygon, shared his experience to caution the public against downloading software from unknown sources and sharing two-factor authentication information. He recounted that on December 5, while browsing the messaging platform Telegram, he encountered a post about testing a game project called 'MetaToy.' A user named Shanni, claiming to be a co-founder of the 'Meta team,' contacted him. Following instructions, Xu downloaded the game launcher, unaware that the malware had already compromised his crypto wallet data.
Despite reinstalling the Microsoft system for security reasons, the malware persisted. Xu reported the incident to the authorities on Friday, December 12.#AngelInvestor #Cryptocurrency #Malware #CyberAttack #Web3 #Blockchain #Polygon #DigitalWallet #CyberSecurity #TwoFactorAuthentication #MetaToy #Telegram #MaliciousSoftware #OnlineScams #CryptoTheft #SecurityBreach #TechNews