CryptoCurrency
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on websites and replace them with attacker-controlled addresses to divert funds to the threat actor. Since the AppsFlyer SDK is used by thousands of applications for marketing […]
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. The malware combines banking trojan functions with Monero mining, and can steal credentials, as well as tamper with cryptocurrency transactions. Kaspersky researchers discovered BeatBanker in campaigns […]
FBI arrests suspect linked to $46M crypto theft from US Marshals
A U.S. government contractor’s son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin. The arrest was the result of a joint operation between the FBI and France’s elite Groupe d’Intervention de la Gendarmerie Nationale, FBI Director Kash Patel announced on […]
QuickLens Chrome extension steals crypto, shows ClickFix attack
A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. QuickLens was initially published as a Chrome extension that lets users run Google Lens searches directly in their browser. The extension grew […]
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth […]
Ransomware payment rate drops to record low as attacks surge
The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. A downward payment trend has been observed for the past four consecutive years by the blockchain intelligence platform Chainalysis. At the moment, the total of on-chain ransomware payments in 2025 stands […]
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. The campaign relies on social engineering that promises large profits from a supposed Swapzone.io arbitrage exploit, but instead runs […]
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. These phishing letters claim recipients must complete a mandatory “Authentication Check” or “Transaction Check” to avoid losing access to wallet functionality, creating a sense of urgency […]
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at least May 2025 and is characterized by modularity, which allows the threat actor to quickly resume it in case of partial compromise. The bad actor relies […]
North Korean hackers use new macOS malware in crypto-theft attacks
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. The threat actor’s goal is financial, as suggested by the role of the tools used in an attack on a fintech company investigated by Google’s Mandiant researchers. During […]