Tag: cryptocrime
All items tagged cryptocrime.
- Unit 42: malicious skills on the OpenClaw "ClawHub" agent marketplace deliver macOS infostealers and weaponise AI agents for financial fraud
- Krebs and Qurium tie the "Popa" Android-TV residential-proxy botnet to a NASDAQ-listed proxy vendor
- Microsoft details a USB-LNK worm with Tor hidden-service C2 driving a cryptocurrency clipboard hijacker
- Crypto clipboard-hijacker campaign weaponises VirusTotal community reputation to suppress detection
- Sekoia: ErrTraffic — a ClickFix Malware-as-a-Service framework resolving C2 through the Polygon blockchain
- Law-enforcement follow-through — Conti loader developer pleads guilty, AudiA6 laundering service dismantled
- AudiA6 ransomware crypto-laundering service dismantled — two charged, Switzerland among the participating countries
- Check Point: a TDS-gated ecosystem impersonates security tools (Ghidra, dnSpy, ILSpy) to deliver SessionGate, RemusStealer and a clipboard hijacker [SINGLE-SOURCE]
- Finance / payments — Stripe-abusing Magecart and OFAC Iran sanctions
- OFAC sanctions Nobitex and three Iranian exchanges as conduits for IRGC-affiliated ransomware proceeds
- Microsoft Defender Experts — AI-chatbot search-poisoning extends SEO-poisoning lure; GPU-utility lookalikes drop ScreenConnect, then process-hollowed miners under signed Microsoft binary
- "TrapDoor" cross-ecosystem supply-chain campaign validates stolen tokens before exfil and poisons AI-assistant config files
- Mini Shai-Hulud / TrapDoor — the supply-chain worm goes cross-ecosystem, open-source and destructive
- B1ack's Stash carding marketplace publicly releases 4.6M card records — SOCRadar attributes collection to e-skimming and phishing; not confirmed by issuing banks
- Cisco Talos: "demo.pdb" BadIIS variant now a commodity MaaS IIS ISAPI backdoor; lwxat developer alias, builder tool recovered
- THORChain GG20 Threshold Signature Scheme vault drain — ~$11M across nine chains; Switzerland-based protocol
- THORChain — ~$11M cross-chain vault drain on a Switzerland-based protocol
- BKA Dream Market arrest — "Speedstepper" detained in Germany after seven years at large
- BKA — Dream Market lead administrator "Speedstepper" arrested in Germany
- BKA arrests Dream Market lead administrator "Speedstepper" in Germany — cryptocurrency-to-physical-gold OPSEC failure after seven years at large
- Unit 42: Gremlin Stealer evolved with .NET-resource XOR obfuscation, real-time crypto-clipper, and WebSocket browser-process session-hijack module [SINGLE-SOURCE]
- BKA and ZIT dismantle relaunched Crimenetwork darknet marketplace; German operator arrested in Mallorca on European Arrest Warrant
- UPDATE: Instructure (Canvas LMS) — ransom paid to ShinyHunters with "shred logs"; second intrusion confirmed; per-institution leak deadline reset to today