Tag: cryptocurrency theft

9 Attack Reports | 0 Vulnerabilities

Attack reports

How Lumma Stealer sneaks into organizations

Lumma Stealer, a sophisticated information-stealing malware, has gained prominence in cybercriminal circles since 2022. It employs various distribution methods, with fake CAPTCHA pages being a notable vector. These pages mimic legitimate services and trick users into executing malicious commands. T…
obfuscation
powershell
anti-analysis
lumma stealer
autoit
information stealer
cryptocurrency theft
fake captcha
2025-04-21
Published: April 21, 2025
Downloadable IOCs: 15

The Wagmi Manual: Copy, Paste, and Profit

The Wagmi traffer group, operating since early 2023, specializes in NFT scams and cryptocurrency theft. They utilize sophisticated social engineering tactics, fake web3-themed games, and impersonation of legitimate projects to lure victims. Their operations have allegedly earned over $2.4 million b…
social engineering
lummac2
rhadamanthys
hijackloader
cryptocurrency theft
2025-04-08
nft scams
Published: April 8, 2025
Downloadable IOCs: 96

APT Targets South Korea with Deceptive PDF Lures

The Kimsuky APT group, also known as Black Banshee, has been actively targeting South Korean government entities using evolving tactics. Two distinct campaigns were uncovered, both utilizing government-themed PDF documents as lures. The infection chain begins with a phishing email containing a mali…
obfuscation
apt
phishing
south korea
keylogging
lnk file
data exfiltration
cryptocurrency theft
snakekeylogger
2025-04-04
vba script
Published: April 4, 2025
Downloadable IOCs: 0

StilachiRAT analysis: From system reconnaissance to cryptocurrency theft

Microsoft Incident Response researchers discovered a novel remote access trojan named StilachiRAT, demonstrating sophisticated evasion, persistence, and data exfiltration techniques. The malware collects extensive system information, targets cryptocurrency wallet extensions, steals browser credenti…
persistence
credential theft
cryptocurrency theft
command and control
remote access trojan
2025-03-17
stilachirat
system reconnaissance
anti-forensics
rdp monitoring
Published: March 17, 2025
Linked vulnerabilities : CVE-2023-36884
Downloadable IOCs: 2

Unmasking GrassCall Campaign: The APT Behind Job Recruitment Cyber Scams

The GrassCall malware campaign is an advanced social engineering attack conducted by a Russian-speaking cybercriminal group called Crazy Evil. Targeting job seekers in the cryptocurrency and Web3 sectors, the campaign uses fake job interviews to compromise victims' systems and steal cryptocurrency …
rat
phishing
social engineering
rhadamanthys
cryptocurrency theft
amos
2025-03-06
job recruitment
atomic macos stealer (amos)
grasscall
Published: March 6, 2025
Downloadable IOCs: 14

HEXON STEALER: THE LONG JOURNEY OF COPYING, HIDING, AND REBRANDING

Hexon Stealer, a malware capable of extracting sensitive information from browsers, has emerged as a rebranded version of Stealit Stealer. It utilizes the Electron framework and NSIS installer format to target browser cookies, credentials, and crypto-wallets. The malware grants full remote access t…
obfuscation
remote access
nsis installer
cryptocurrency theft
browser data theft
2024-11-23
hexon stealer
electron framework
stealit stealer
turkish developer
discord stealer
fewer stealer
Published: November 23, 2024
Downloadable IOCs: 0

Differential analysis raises red flags over @lottiefiles/lottie-player

ReversingLabs researchers discovered malicious versions of the popular npm package @lottiefiles/lottie-player. Versions 2.0.5, 2.0.6, and 2.0.7 were compromised and used to spread malicious code designed to steal crypto wallet assets. The attackers altered the lottie-player.js file, replacing its c…
npm
cryptocurrency theft
supply chain attack
2024-11-22
package compromise
open-source security
differential analysis
Published: November 22, 2024
Downloadable IOCs: 0

DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

DPRK-associated threat actors are targeting tech industry job seekers through fake recruitment campaigns, installing malware on their devices. The campaign, named CL-STA-240 Contagious Interview, uses social engineering to lure victims into online interviews where they are convinced to download mal…
social engineering
cryptocurrency theft
beavertail
2024-10-09
python backdoor
Published: October 9, 2024
Downloadable IOCs: 0

Ailurophile: G DATA has sighted a new info stealer in the wild

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…
infostealer
stealer
exfiltration
credential theft
2024-08-19
cryptocurrency theft
ailurophile stealer
Published: August 19, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports