Fixxx
Moder
- Joined
- 20.08.24
- Messages
- 954
- Reaction score
- 3,773
- Points
- 93
The seed-phrase stealers started disguising themselves as torrents.
The Efimer Trojan is spreading via torrent files and trying to steal cryptocurrency from user's wallets. Attackers find poorly protected WordPress sites and post messages offering to download newly released films - in the torrent download link the malicious file is disguised as the media player xmpeg_player.exe, security specialists said. When targeting companies, fraudsters use phishing emails with copyright infringement claims. The Efimer malicious file is inside an archive with the claim details. After execution the trojan infiltrates the computer, searches for strings resembling seed phrases and replaces transfer addresses with addresses that lead to the scammer's wallets. Users in Russia, India, Spain, Italy and Germany have encountered the trojan attacks and the number of victims continues to grow.
A new malicious program created to steal cryptocurrency.
Security experts reported the discovery of SparkKitty - a new malicious program for iOS and Android, created to steal cryptocurrency from users in Southeast Asia and China. SparkKitty hides inside apps that track crypto prices, receive trading signals from exchanges, and messengers with crypto-exchange functions. On iOS the program was distributed both via the App Store and via fake sites with counterfeit apps. Distribution occurred using legitimate tools for installing enterprise apps outside Apple’s store. On Android the malicious program got in through third-party sources and the official Google Play. One of the infected apps, a messenger with a crypto-exchange feature, was downloaded several thousand times, analysts clarified. Specialists recommended downloading apps only from official stores and carefully checking ratings and developer reviews, using password managers and storing text notes in protected folders.
Hackers use crypto drainers to steal funds.
The Blockaid team recorded an attack on the Pepe frontend on December 4. Their security system detected drainers (Inferno Drainer, a family of malicious programs) on the site. According to them, in this case a breach occurred in which users are redirected to a fake site with malicious code to empty crypto wallets. Despite the incident, Pepe’s price didn't react with a drop. According to CoinGecko, the memecoin is still up 1% on the day, although it has lost more than 77% of its value over the past year. Analysts say the incident underscores the ongoing need for vigilance among crypto users. Users are strongly advised to avoid visiting the compromised site until the problem is fully resolved. Inferno Drainer activity continues to grow despite its developer's statements that the service was closed in 2023. According to Blockaid, drainer usage tripled in 2024.
“At the beginning of the year we recorded about 800 new malicious decentralized applications with Inferno Drainer code per week. Now that number has tripled, to 2,400”, former Blockaid engineer Oz Tamir said.
Since then the Inferno Drainer group has been linked to a number of scams using social engineering as well as to cryptocurrency thefts. In particular, it was linked to the hijacking of the BNB page. Then the attackers gained control of the token’s X account and posted several malicious links urging people to connect wallets. Binance co-founder Changpeng Zhao immediately raised the alarm and urged users not to interact with the links until the issue was resolved.