Malware targeting macOS is becoming more common, particularly from North Korean hackers who are using sophisticated methods to steal sensitive data. Recent investigations uncovered two types of malware: RustDoor and a new variant of Koi Stealer, both disguised as legitimate software updates. These attackers often pose as job recruiters to lure software developers into downloading ...
Freelance software developers are facing a serious threat from a hacking campaign linked to North Korea, known as DeceptiveDevelopment. This campaign uses job interview scams to distribute malicious software like BeaverTail and InvisibleFerret, which aim to steal cryptocurrency and sensitive login information. Researchers at ESET reported that attackers target platforms like Upwork and Freelancer, using ...
A recent cybersecurity report reveals a large-scale malware campaign, dubbed StaryDobry by Kaspersky, which targets gamers through trojanized game installers. The scheme, which began on December 31, 2024, has spread infections primarily in countries like Russia, Brazil, and Germany. The attackers use popular games such as BeamNG.drive and Garry’s Mod to lure users into downloading ...
A new malware campaign named SparkCat is exploiting fake apps on Apple’s and Google’s app stores to steal cryptocurrency wallet recovery phrases. This malware uses optical character recognition (OCR) technology to scan images in users’ photo libraries and send sensitive information to a remote server. SparkCat targets users primarily in Europe and Asia, disguised as ...
A recent security report reveals that certain Android and iOS apps on the Google Play Store and Apple App Store contain harmful software designed to steal cryptocurrency wallet recovery phrases. This malicious software development kit, named “SparkCat,” operates by using optical character recognition (OCR) to scan images on devices for sensitive information. Over 242,000 downloads ...
A new cyber threat called Tangerine Turkey is making headlines due to its advanced method of using a VBScript worm for crypto mining. Initially spotted in November, it quickly rose in the threat rankings, showcasing its ability to spread via USB drives globally. This campaign is not just an isolated incident; it connects to a ...
Hackers have targeted the DogWifTools software used for promoting meme coins on the Solana blockchain, draining users’ wallets in a supply-chain attack. The malware was injected into versions 1.6.3 to 1.6.6 after a threat actor compromised the project’s private GitHub and reverse-engineered the software. Windows users were specifically impacted, with reports saying over $10 million ...
North Korea’s Lazarus Group has launched a new cyber attack campaign called Operation 99, targeting software developers in the Web3 and cryptocurrency sectors. This scheme involves fake recruiters on platforms like LinkedIn, enticing developers with seemingly legitimate projects that lead them to harmful GitLab repositories. Once cloned, these repositories contain malware that connects to command-and-control ...
A critical vulnerability in PHP servers, known as CVE-2024-4577, has been exploited to inject a cryptocurrency miner called PacketCrypt Classic. This flaw allows attackers to execute remote code on vulnerable PHP versions, particularly those running on Windows with Chinese and Japanese language settings. Identified by researcher Orange Tsai in June 2024, the vulnerability has been ...
On December 20, 2024, the developers of Rspack disclosed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a supply chain attack. Malicious versions containing cryptocurrency mining malware were published to the npm registry after an attacker gained unauthorized publishing access. The affected versions, 1.1.7, have been removed, with 1.1.8 now considered ...
