Tag Archive for: hijack

Hackers use pirated software to hijack Mac, Android, and Windows devices


Trading in cryptocurrency? You might be sitting on a pretty penny in that digital wallet of yours. Feels great, doesn’t it? But here’s the catch with digital currency: keeping it secure isn’t a walk in the park.

Hackers are out there, working overtime to come up with new tricks to swipe your crypto, potentially emptying your wallet in one fell swoop. Yep, for these cyber thieves, your digital cash is the ultimate prize. And the worst part? Most of the time, you won’t even realize you’ve been hit until your balance is zero.

Case in point: there’s this fresh malware out there, specifically targeting macOS, Android, and Windows devices. It sneaks in through pirated software, hunting for your cryptocurrency to make it its own. Here’s how it works.

What is the new malware targeting cryptocurrency users?

The cybersecurity company Kaspersky has uncovered a sophisticated new malware campaign designed to pilfer cryptocurrency from users’ wallets. This campaign leverages pirated or improperly licensed software as a vector for infection, exploiting the common practice of seeking out ‘free’ versions of paid software online.

These cracked applications, distributed through unauthorized websites, are embedded with a Trojan-Proxy type of malware. This malware is not limited to just macOS users, as recent findings have shown; variants targeting Android and Windows platforms have also been discovered, connecting to the same Command and Control (C&C) server. These variants, like their macOS counterparts, are concealed within cracked software, illustrating the widespread risk across different operating systems.

Once the malware is downloaded into your device, it’ll immediately start checking for Bitcoin and Exodus cryptocurrency wallets. If it discovers either one (which is very unfortunate for some users who have both), the malware replaces the wallet and infects it with another version that’s able to steal the cryptocurrency. For some people, this could amount to thousands of dollars. And, it’s all because you unintentionally downloaded the malware to your macOS, Android, and Windows devices.

MORE: HOW CROOKS ARE USING SKIMMERS AND SHIMMERS TO STEAL YOUR MONEY AT…

Source…

Hackers Hijack Websites to Inject Malware that Steals Credentials


Concerning a development for internet security, a new form of website malware known as “Angel Drainer” has been increasingly targeting Web3 and cryptocurrency assets since January 2024.

This malware is part of a broader trend of rising Web3 phishing sites and crypto drainers that significantly threaten user credentials and wallets.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.

Web3 Crypto Malware: Angel Drainer Overview

Angel Drainer is a crypto drainer implicated in security breaches, including a notable incident with Ledger Connect Kit in December.

It operates by injecting itself directly into compromised websites or redirecting visitors to phishing sites containing the drainer. Once in place, it can steal and redistribute assets from compromised wallets, reads the Sucuri report.

The surge in malicious activity is alarming, with over 20,000 unique Web3 phishing sites created in 2023 alone.

As per recent reports, the Angel Drainer phishing group has illicitly acquired a sum of over $400,000 from a total of 128 cryptocurrency wallets.

The group has utilized a new and sophisticated tactic to carry out their fraudulent activities, which is a cause of concern for businesses and individuals alike.

In the first two months of 2024, at least three unrelated malware campaigns have begun using crypto drainers in website hacks.

fake browser update + crypto drainer

Sucuri’s SiteCheck remote website scanner detected the Angel Drainer variant on over 550 sites since early February, and the public showed this injection on 432 sites at the time of writing.

The impact of these attacks is profound, with Angel Drainer found on 5,751 different unique domains over the past four weeks.

The malware leverages phishing tactics and malicious injections to exploit the Web3 ecosystem’s reliance on direct wallet interactions, endangering both website owners and the safety of user assets.

Injection Methods and Strategies

The injection methods used by these attackers are sophisticated and varied. They can…

Source…

China’s Hackers Hijack Small Routers to Reach Big Targets


The United States announced the disruption of a botnet made of hundreds of U.S.-based small office or home office (SOHO) routers that were hijacked by state-sponsored hackers from the People’s Republic of China (PRC) in order to be used to attack U.S. infrastructure.

Hacker GreeceChina-backed hackers target U.S. computers. (Photo: Darwin Laganzon, Pixabay, License)“The hackers, known to the private sector as ‘Volt Typhoon,’ used privately-owned SOHO routers infected with the ‘KV Botnet’ malware to conceal the PRC origin of further hacking activities directed against U.S. and other foreign victims,” the U.S. Department of Justice said Wednesday in a statement.

Attorney General Merrick B. Garland stressed that the Justice Department has thwarted a China-supported hacking group that sought to target “America’s critical infrastructure” using a botnet.

That campaign had been the focus of a joint advisory issued in May 2023 by the FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and international partners, according to the statement.

The Justice Department explained that the majority of routers in the KV Botnet were Cisco and NetGear routers, which were vulnerable due to reaching the ‘end-of-life’ status – meaning that they were no longer supported with security patches or other software updates from their manufacturers.

The operation authorized by the court involved removing the KV Botnet malware from the routers and disconnecting them by blocking communications with other devices responsible for controlling the botnet.

The statement referred to court documents, stating that the government extensively tested the operation on the relevant Cisco and NetGear routers without affecting their legitimate functions or collecting content information from the compromised routers.

However, authorities cautioned that the remediated routers remain susceptible to future attacks by Volt Typhoon and other hackers. They strongly recommended that owners of end-of-life SOHO routers in their networks replace them.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens…

Source…

Hackers hijack government websites to mine crypto-cash






The Information Commissioner’s Office (ICO) took down its website after a warning that hackers were taking control of visitors’ computers to mine cryptocurrency.
Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected.
He said the affected code had now been disabled and visitors were no longer at risk.
The ICO said: “We are aware of the issue and are working to resolve it.”
Mr Helme said he was alerted by a friend who had received a malware warning when he visited the ICO website.
He traced the problem to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web.
Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code designed to generate cryptocurrency.
The cryptocurrency involved was Monero – a rival to Bitcoin that is designed to make transactions in it “untraceable” back to the senders and recipients involved.
The plug-in had been tampered with to add a program, Coinhive, which “mines” for Monero by running processor-intensive calculations on visitors’ computers.
Once the plug-in was infected, it affected thousands of other websites in addition to the ICO’s, which used it.
By Rory Cellan-Jones, BBC technology correspondent
The surge in value of Bitcoin and other cryptocurrencies hasn’t escaped the attention of hackers looking to make a quick buck.
Mining, the process where new digital coins are created by solving complex mathematical problems, uses increasing amounts of computer processing power and that means big electricity bills.
All the better then if you can get other people’s computers to do the job. The hackers do this by inserting software into websites which then means that, unbeknown to them, visitors’ computers are put to work mining cryptocurrencies.
It seems that the Information Commissioner’s site along with others run by the government were infected by crypto-mining code injected into some accessibility software they all use.
This kind of attack is becoming increasingly common and while it appears not to cause data loss or damage to systems, it does…

Source…