Sophos traces a multinational pig butchering network that uses fake DeFi apps and social engineering to drain victimsā crypto wallets across dozens of domains and contract wallets, laundering millions in proceeds. The operation appears to involve multiple affiā¦
Tag: BLOCKCHAIN
Infobloxās DNS Early Detection Program identifies potentially malicious domains at the earliest opportunity, enabling blocking well before OSINT or many threat intel feeds. The Lazarus Groupās KandyKorn campaign illustrates how fast DNS-based detection can disā¦
Check Point Research documented a liquidity-pool manipulation where an attacker used a hidden backdoor to burn WIZ tokens, inflating the WIZ/WETH price by ~22,000% and then sold into the spike to steal about $80,000. The operation involved two attacker walletsā¦
In a new report, Recorded Futureās Insikt Group examines North Koreaās success in its cybercriminal operations targeting the cryptocurrency industry.
TrickMo reemerged in 2023 as an enhanced Android banking Trojan, shifting from screen recording to overlay-based credential capture and using JsonPacker for obfuscation. It communicates with a C2 server at keepass.ltd (194.169.175.138) and targets a broad set ā¦
Cisco Talos uncovered a campaign that delivers a new remote access trojan called āSugarGh0st,ā likely active since August 2023 and targeting Uzbekistanās Ministry of Foreign Affairs and users in South Korea. The operation uses two infection chains via Windows ā¦
North Korean-aligned threat actors targeting macOS staged a busy 2023, with RustBucket and KandyKorn as the two major campaigns examined. The analysis shows actors mixing components across operationsāusing SwiftLoader droppers to pivot to KandyKorn payloadsāanā¦
Check Point Research detected a coordinated rug pull that siphoned nearly $1 million by creating fake tokens, inflating perceived trading activity, and withdrawing liquidity. The actor used wallet 0x6b140e79db4d9bbd80e5b688f42d1fcf8ef97798 and fake tokens suchā¦
ASEC detected a malicious LNK file distributed to financial and blockchain personnel via email and other distribution methods, masquerading as Blockchain Corporate Solution Handbook Production.zip. The LNK leads to a multi-stage chain of payloads, including obā¦
The Russia-based SWAT USA Drop reshipping service, a major operation laundering stolen merchandise, was hacked, exposing its internal operations, finances, and organizational structure. The leak details how ādropsā and āstuffersā use stolen credit cards to buyā¦
Elastic Security Labs details a DPRK-linked intrusion targeting blockchain engineers via a Discord DM lure, employing a multi-stage Python-based chain and memory-resident payloads (SUGARLOADER, HLOADER, KANDYKORN) with RC4-encrypted C2 communications. The operā¦
Anomaliās Cyber Watch roundup covers multiple campaigns including ROMCOM 4.0 (PEAPOD) backdoors targeting defense and government sectors, a typosquatted RedAlert Android infostealer, EtherHiding via blockchain hosting, the NoEscape ransomware, and ShellBot DDoā¦
Threat actors behind the “ClearFake” campaign have shifted from Cloudflare Workers to hosting malicious JavaScript payloads inside Binance Smart Chain (BSC) smart contracts, allowing read-only eth_call requests from compromised WordPress sites to retrieve and ā¦
Checkpoint researchers expose a dual-use ecosystem where GuLoader and Remcos are marketed as legitimate tools, with GuLoader acting as a crypter to help Remcos evade antivirus and deliver payloads. The investigation ties BreakingSecurity and VgoStore to TheProā¦
Sophos X-Ops documents a surge in pig butchering scams that push victims into fake liquidity mining schemes, exploiting DeFi concepts and social engineering rather than malware. A detailed victim case shows romance-based outreach via MeetMe, persistent multi-cā¦