Binance Square
Malware
14,550 views
20 Posts
Hot
Latest
LIVE
kaymyg
--
(@sell9000 ) PSA re: an expensive opsec lesson At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted). Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users. I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google. Takeaways: 1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact. 2. Do not become complacent just because you were moving large figures for years without issues. 3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh. 4. I'm done with Chrome, stick with a better browser like Brave. 5. Preferably never mix devices, and have an isolated device for crypto activities. 6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication. 7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine. 8. 2FA is clearly not bulletproof, don't become complacent to it.
(@sell9000 )

PSA re: an expensive opsec lesson
At this time I have confirmed that it was a Google login that caused this compromise. An unknown Windows machine gained access about half a day before the attack. It also spoofed the device name, so the notification of the new activity alert (which occurred early morning while I was asleep) appeared similar to devices I normally use (it may have been a calculated gamble for a common device name unless I was specifically targeted).
Upon further investigation, this device is a VPS hosted by #KaopuCloud as a global edge cloud provider that is shared among hacker circles in Telegram, and has been used in the past for #phishing and other malicious activities by shared users.
I do have 2FA enabled, which the user managed to bypass. I have yet to determine exactly how this was achieved, but possibly attack vectors were OAuth phishing, cross site scripting, or man-in-the-middle attack on a compromised site, followed by possible additional #Malware . In fact, apparently #OAuth endpoint attack recently has been reported to hijack user cookie session (https://darkreading.com/cloud-security/attackers-abuse-google-oauth-endpoint-hijack-user-sessions…). Be extremely careful if you have to use Sign In From Google.

Takeaways:
1. Bitdefender sucks, it caught nothing while Malwarebytes caught a bunch of vulnerabilities after the fact.
2. Do not become complacent just because you were moving large figures for years without issues.
3. Never enter a seed, period, no matter what reasonable excuse you give yourself. Not worth the risk, just nuke the computer and start fresh.
4. I'm done with Chrome, stick with a better browser like Brave.
5. Preferably never mix devices, and have an isolated device for crypto activities.
6. Always check the Google Activity alert if you are continuing to use Google based devices or authentication.
7. Turn off extension sync'ing. Or just turn off sync'ing period for your isolated crypto machine.
8. 2FA is clearly not bulletproof, don't become complacent to it.
Hackers Begin Using AI to Spread MalwareResearchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email. Generative AI Accelerates Malware Creation The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software. A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients. Malware Written with Artificial Intelligence While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery. One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works. In-Depth Analysis of the Malware Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed. The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device. AsyncRAT Development and Its Risks AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses. Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks. AI Increases the Threat of Cyberattacks HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity. The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims. Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware. Notice: ,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“  

Hackers Begin Using AI to Spread Malware

Researchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email.

Generative AI Accelerates Malware Creation
The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software.
A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients.
Malware Written with Artificial Intelligence
While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery.
One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works.

In-Depth Analysis of the Malware
Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed.
The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device.

AsyncRAT Development and Its Risks
AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses.
Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks.
AI Increases the Threat of Cyberattacks
HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity.
The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims.
Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 
A new malware for macOS, called "KandyKorn", has been discovered attacking members of the crypto community. The malware spreads through social engineering attacks, which trick victims into downloading a malicious ZIP file. The malicious ZIP file is called "Cross-platform Bridges.zip" and poses as an arbitrage bot designed for automatic profit generation. However, the file actually contains malware that can steal data such as passwords, private keys, and wallet addresses. Social engineering attacks target members of the crypto community through Discord channels, Twitter, and other forums. The attackers pose as legitimate members of the community and offer the malicious ZIP file as a free or paid tool. macOS users should be aware of social engineering attacks and avoid downloading ZIP files from unknown sources. They should also keep their software updated to protect themselves from the latest threats. Here are some tips to protect yourself from macOS malware: 🔸Don't click on links or open attachments from people you don't know. 🔸Keep your software up to date. 🔸Use reputable antivirus software. 🔸Be wary of offers that seem too good to be true.} If you think your macOS device may be infected with malware, you should run a full antivirus scan. You should also change your passwords for all online services you use. macOS malware attacks are a growing threat to macOS users. By staying alert for threats and taking steps to protect yourself, you can help keep your device secure. #macOS #Malware
A new malware for macOS, called "KandyKorn", has been discovered attacking members of the crypto community. The malware spreads through social engineering attacks, which trick victims into downloading a malicious ZIP file.

The malicious ZIP file is called "Cross-platform Bridges.zip" and poses as an arbitrage bot designed for automatic profit generation. However, the file actually contains malware that can steal data such as passwords, private keys, and wallet addresses.

Social engineering attacks target members of the crypto community through Discord channels, Twitter, and other forums. The attackers pose as legitimate members of the community and offer the malicious ZIP file as a free or paid tool.

macOS users should be aware of social engineering attacks and avoid downloading ZIP files from unknown sources. They should also keep their software updated to protect themselves from the latest threats.

Here are some tips to protect yourself from macOS malware:

🔸Don't click on links or open attachments from people you don't know.
🔸Keep your software up to date.
🔸Use reputable antivirus software.
🔸Be wary of offers that seem too good to be true.}

If you think your macOS device may be infected with malware, you should run a full antivirus scan. You should also change your passwords for all online services you use.

macOS malware attacks are a growing threat to macOS users. By staying alert for threats and taking steps to protect yourself, you can help keep your device secure.

#macOS #Malware
1Inch Frontend Compromised in a Large-Scale Supply Chain AttackBreach of the Decentralized Exchange Aggregator 1Inch and Other Platforms The website of the decentralized aggregator 1Inch was compromised, along with multiple other platforms that use the same frontend library, Lottie Player. The source of the attack came from malicious code embedded in the Lottie Player library, widely used for animations across several dApps and non-crypto websites. So far, no direct impacts on user wallets have been reported. Warning for 1Inch Users Regarding Platform Interaction According to several posts on X (formerly Twitter), the confirmed victims of the attack so far include 1Inch and TEN Finance. However, the number of affected platforms could be higher, as versions 2.0.5 and above of Lottie Player were exposed to the exploit. The attackers reportedly inserted malicious code into JSON files used by these versions, allowing the compromised websites to perform unauthorized transactions, posing a significant risk to user assets and data. Reports from Blockaid and other security firms indicate that the attack occurred through a compromise of the Lottie Player content server, with the malicious code distributed via an npm package. The insertion of unauthorized scripts directly into the package has been confirmed. As of yet, 1Inch has not released an official statement on the breach. Conversely, the Lottie Player team has confirmed that they have identified the cause of the issue and are working to remove the affected library versions. Users are strongly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved. Increase and Escalation of Crypto Hacks Security concerns remain one of the most pressing issues in the crypto industry, with the number of malicious activities rising each year. Recently, hackers reportedly gained control of $20 million worth of cryptocurrency previously seized by the U.S. government. These funds were part of the $3.6 billion the authorities recovered from the Bitfinex hack. The blockchain platform Radiant Capital experienced one of the year’s largest hacks, suffering a loss of over $50 million. Attackers gained access to the company’s private keys and swiftly transferred all assets. Investigations and prosecutions of these crimes have also intensified. The FBI recently arrested Eric Council Jr., who allegedly hacked the SEC’s X (formerly Twitter) account to spread false information about Bitcoin ETF approval, significantly impacting the market. Federal authorities believe Council was not the mastermind behind the operation and are negotiating a plea deal with him. In 2024, crypto hacks have already surpassed $2.1 billion, with CeFi platforms experiencing the most significant hits. #cybersecurity , #HackerAlert , #CryptoSecurity , #Malware , #CryptoNews🚀🔥 Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies! Notice: ,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

1Inch Frontend Compromised in a Large-Scale Supply Chain Attack

Breach of the Decentralized Exchange Aggregator 1Inch and Other Platforms
The website of the decentralized aggregator 1Inch was compromised, along with multiple other platforms that use the same frontend library, Lottie Player.
The source of the attack came from malicious code embedded in the Lottie Player library, widely used for animations across several dApps and non-crypto websites. So far, no direct impacts on user wallets have been reported.
Warning for 1Inch Users Regarding Platform Interaction
According to several posts on X (formerly Twitter), the confirmed victims of the attack so far include 1Inch and TEN Finance. However, the number of affected platforms could be higher, as versions 2.0.5 and above of Lottie Player were exposed to the exploit.
The attackers reportedly inserted malicious code into JSON files used by these versions, allowing the compromised websites to perform unauthorized transactions, posing a significant risk to user assets and data.
Reports from Blockaid and other security firms indicate that the attack occurred through a compromise of the Lottie Player content server, with the malicious code distributed via an npm package. The insertion of unauthorized scripts directly into the package has been confirmed.
As of yet, 1Inch has not released an official statement on the breach. Conversely, the Lottie Player team has confirmed that they have identified the cause of the issue and are working to remove the affected library versions.
Users are strongly advised to avoid connecting wallets or interacting with affected platforms until the security issues are fully resolved.

Increase and Escalation of Crypto Hacks
Security concerns remain one of the most pressing issues in the crypto industry, with the number of malicious activities rising each year.
Recently, hackers reportedly gained control of $20 million worth of cryptocurrency previously seized by the U.S. government. These funds were part of the $3.6 billion the authorities recovered from the Bitfinex hack.
The blockchain platform Radiant Capital experienced one of the year’s largest hacks, suffering a loss of over $50 million. Attackers gained access to the company’s private keys and swiftly transferred all assets.
Investigations and prosecutions of these crimes have also intensified. The FBI recently arrested Eric Council Jr., who allegedly hacked the SEC’s X (formerly Twitter) account to spread false information about Bitcoin ETF approval, significantly impacting the market. Federal authorities believe Council was not the mastermind behind the operation and are negotiating a plea deal with him.
In 2024, crypto hacks have already surpassed $2.1 billion, with CeFi platforms experiencing the most significant hits.

#cybersecurity , #HackerAlert , #CryptoSecurity , #Malware , #CryptoNews🚀🔥

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
@Torkelrogstad: Brand new scam technique just dropped: #github bots trying to phish you into downloading #Malware . Within a minute of creating an issue mentioning the words "seed derivation" and "xpriv", a shady-looking link was posted by a bot. Stay vigilant, folks! #phishing #Hacked
@Torkelrogstad: Brand new scam technique just dropped: #github bots trying to phish you into downloading #Malware .

Within a minute of creating an issue mentioning the words "seed derivation" and "xpriv", a shady-looking link was posted by a bot.

Stay vigilant, folks! #phishing #Hacked
#zachxbt #TapiocaDAO hack is likely the result of a team member downloading #Malware as the theft is tied on-chain to other recent hacks such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc I have previously covered which were the result of fake job scams (contagious interview) Stolen funds from this incident were bridged from #ARBİTRUM to #BSC where ~$4.7M currently sits.0x69d91e56ca80f2a4d7b808b59053ea5c5505ffe2
#zachxbt

#TapiocaDAO hack is likely the result of a team member downloading #Malware as the theft is tied on-chain to other recent hacks such as Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, MurAll, etc I have previously covered which were the result of fake job scams (contagious interview)
Stolen funds from this incident were bridged from #ARBİTRUM to #BSC where ~$4.7M currently sits.0x69d91e56ca80f2a4d7b808b59053ea5c5505ffe2
🚨 Crypto Security Alert: Major Hacks and Malware Threats You Need to Know About! 🔐 The crypto space is buzzing with security concerns this week, from the bizarre ‘null address’ hack on iVest Finance to the widespread vulnerability known as Sinkclose, affecting millions of PCs. Here’s what you need to know: DeFi Exploit: iVest Finance Hit Hard On August 12, iVest Finance suffered a $156,000 exploit. The attacker drained funds by exploiting a flaw in the protocol, where transfers to a null address triggered a donation function, reducing balances by double the intended amount. This shows how even seemingly minor coding issues can lead to major losses. 🛡️ Stay vigilant, DeFi users! Malware Alert: Sinkclose Threatens Millions of AMD Devices Discovered on August 9, the Sinkclose vulnerability affects millions of AMD processors, posing a severe risk to crypto users. This malware is nearly impossible to remove, even with a full system reformat. If you’re using an AMD-powered device, make sure your firmware is updated, or consider switching to a hardware wallet for added security. 🖥️⚠️ Phishing Scam: Web3 Gamer Loses $69K in USDT A Web3 gamer fell victim to a phishing scam, losing over $69,000 in Tether. The attacker tricked the user into approving a malicious contract, draining their wallet in minutes. Always double-check URLs and contract addresses when approving transactions to avoid falling prey to these scams. 💸🚨 Protect your assets by staying informed and cautious in this ever-evolving digital landscape. Share this post to spread the word and help others stay secure! 🔒🌐 #Binance #DeFi #Malware #PhishingScam #StaySafe
🚨 Crypto Security Alert: Major Hacks and Malware Threats You Need to Know About!

🔐 The crypto space is buzzing with security concerns this week, from the bizarre ‘null address’ hack on iVest Finance to the widespread vulnerability known as Sinkclose, affecting millions of PCs. Here’s what you need to know:

DeFi Exploit: iVest Finance Hit Hard
On August 12, iVest Finance suffered a $156,000 exploit. The attacker drained funds by exploiting a flaw in the protocol, where transfers to a null address triggered a donation function, reducing balances by double the intended amount. This shows how even seemingly minor coding issues can lead to major losses. 🛡️ Stay vigilant, DeFi users!

Malware Alert: Sinkclose Threatens Millions of AMD Devices
Discovered on August 9, the Sinkclose vulnerability affects millions of AMD processors, posing a severe risk to crypto users. This malware is nearly impossible to remove, even with a full system reformat. If you’re using an AMD-powered device, make sure your firmware is updated, or consider switching to a hardware wallet for added security. 🖥️⚠️

Phishing Scam: Web3 Gamer Loses $69K in USDT
A Web3 gamer fell victim to a phishing scam, losing over $69,000 in Tether. The attacker tricked the user into approving a malicious contract, draining their wallet in minutes. Always double-check URLs and contract addresses when approving transactions to avoid falling prey to these scams. 💸🚨

Protect your assets by staying informed and cautious in this ever-evolving digital landscape. Share this post to spread the word and help others stay secure! 🔒🌐

#Binance #DeFi #Malware #PhishingScam #StaySafe
Explore the latest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number