A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]

Het lijkt wel een soap rondom de iPhone-hacksoftware Coruna. Langzamerhand komt boven water wie het inzet, bij wie het gebruikt wordt en wie de mogelijke ontwikkelaar is. En het ziet ernaar uit dat de Verenigde Staten het zichzelf erg lastig hebben gemaakt.

North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. [...]

U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. [...]

De bekende cryptobeurs Bybit is getroffen door de grootste crypto- diefstal aller tijden. Hackers hebben daarbij 1,4 miljard dollar aan cryptovaluta buitgemaakt.

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.

The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.

CryptoCore is an attack campaign against crypto-exchange companies that has been ongoing for three years and was discovered by ClearSky researchers. This cybercrime campaign is focused mainly on the theft of cryptocurrency wallets, and we estimate that the attackers have already made off with hundreds of millions of dollars. This campaign was also reported by additional companies and organizations, including JPCERT/CC[1], NTT Security[2] and F-SECURE[3]. The campaign is also known as CryptoMimic, Dangerous Password and Leery Turtle. In this report we attributed this campaign to a specific actor – North Korea’s LAZARUS APT Group, known also as Hidden Cobra.

Read the full report: Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)

In this report, we based our attribution with two stages of research:

1. First stage– connecting all research documents to the same campaign:  a comparative study of all the research documents trying to prove they are all referring to the same campaign.
2. Second stage – Attribution to Lazarus: We adopted F-SECURE’s attribution to LAZARUS. Then we reaffirmed this attribution by comparing the attack tools  found in this campaign  to other Lazarus campaigns  and found strong similarities.

Our research shows a MEDIUM-HIGH likelihood that Lazarus group, a  North-Korean, state-sponsored APT group, is attacking crypto exchanges all over the world and in Israel for at least three years. This group is has successfully hacked into numerous companies and organizations around the world for many years. Until recently this group was not known to attack Israeli targets.

We would like to thank NTT Security Japan for sharing malware samples with us, and for their feedback on this research.

---

[1] https://blogs.jpcert.or.jp/en/2019/07/spear-phishing-against-cryptocurrency-businesses.html

[2] https://vblocalhost.com/uploads/VB2020-Takai-etal.pdf

[3] https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf

Beau Bullock// Overview This blog post is meant to serve as a basic introduction to the world of cryptocurrencies. With cryptocurrencies making their way into mainstream news outlets I am […]

The post Intro to Cryptocurrency and How to Secure Your Coins appeared first on Black Hills Information Security, Inc..

Mike Felch and Beau Bullock// Cryptocurrency conversations are everywhere you look! Mike Felch and Beau Bullock were so interested they started their own podcast about the topic. We’re excited to […]

The post WEBCAST: A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems appeared first on Black Hills Information Security, Inc..