cryptocurrency wallet Archives

Tech Optimizer

March 25, 2025

What the Tech? Avoiding malware threats

The ABC 6 News Team reports on the Infostealer malware, which has compromised over 2 billion credentials by using fake websites to trick users into providing sensitive information. Infostealer targets searches for free software, cracked software, game cheats, and activation tools, employing tactics such as search engine ads, SEO manipulation, social media promotions, and typosquatting to lure victims. Once installed, Infostealer can steal passwords, credit card information, cryptocurrency wallet data, and personal information. To mitigate risks, users are advised to download software from reputable sources, be cautious of offers that seem too good to be true, install robust antivirus software, enable ad blockers, verify URLs, use multi-factor authentication, keep software updated, and stay informed about cybersecurity threats. Additionally, users can check if their email addresses or passwords have been involved in data breaches at www.haveibeenpwned.com.

Tech Optimizer

March 20, 2025

Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs

Microsoft Incident Response has identified a new remote access trojan (RAT) called StilachiRAT, which extracts sensitive information from infected computers, including passwords, cryptocurrency wallet details, operating system specifications, and device identifiers. StilachiRAT has a self-reinstatement mechanism that allows it to reinstall itself if removed. It targets digital wallets from platforms like Coinbase Wallet, Phantom, Trust Wallet, Metamask, OKX Wallet, and Bitget Wallet. The malware can harvest credentials from web browsers, monitor clipboard data, gather system information, detect camera presence, and track active Remote Desktop Protocol (RDP) sessions. It can extract credentials from Google Chrome, monitor clipboard activity, and maintain its presence using the Windows service control manager. StilachiRAT can impersonate users to monitor RDP sessions and employs anti-forensics mechanisms to evade detection. Discovered in November of the previous year, it has not yet achieved widespread distribution. Microsoft advises users to download software from official websites, use robust security software, install reputable antivirus, be vigilant against phishing attacks, avoid clicking on unexpected links, and consider using a VPN and password manager for enhanced security.

Tech Optimizer

March 20, 2025

What the Tech: Stolen passwords

Infostealer is a type of malware that has stolen over a billion credentials, posing significant risks such as identity theft and financial fraud. It targets users through specific search terms related to free software, cracked software, game cheats, and activation tools. Cybercriminals use tactics like search engine ads, SEO manipulation, social media promotions, and typosquatting to direct users to malicious sites. Once infected, Infostealer can steal saved passwords, credit card information, cryptocurrency wallet data, and personal information. To mitigate risks, individuals should download software from reputable sources, be cautious of too-good-to-be-true offers, install robust antivirus software, enable ad blockers, verify URLs, use multi-factor authentication, keep software updated, and educate themselves about cybersecurity threats. Additionally, checking for compromised email addresses or passwords at www.haveibeenpwned.com is recommended.

Winsage

March 18, 2025

Microsoft Warns Windows Users—Change Your Browser As New Attacks Underway

Microsoft has issued a warning to Chrome users about a new remote access trojan called StilachiRAT, which can exfiltrate sensitive information such as stored credentials and digital wallet data. StilachiRAT can scan for configuration data across 20 cryptocurrency wallet extensions in Chrome and can extract and decrypt saved usernames and passwords. The malware can also monitor Remote Desktop Protocol (RDP) sessions, capture active window information, and impersonate users to gain unauthorized access to networks. Microsoft recommends that users switch to its Edge browser or other browsers with SmartScreen technology to enhance security. Additionally, users are advised to install software from official sources, utilize Safe Links and Safe Attachments in Office 365, and enable network protection features in Microsoft Defender for Endpoint. Despite this, Chrome remains the dominant browser among Windows users.

TrendTechie

March 17, 2025

Новый вирус стал атаковать криптокошельки пользователей ПК

Cybersecurity experts from CyberArk have identified a new malware strain called MassJacker, which targets users who download unauthorized software to steal cryptocurrency. MassJacker is categorized as a "clipper" that alters clipboard data, replacing a user's cryptocurrency wallet address with a hacker's address during transactions. The attack often starts from a website posing as a free software download platform. Upon downloading, the Amadey virus first infiltrates the computer, followed by MassJacker, which disguises itself as a legitimate Windows process and uses encryption and command spoofing to avoid detection. Research shows that cybercriminals have created over 778,000 wallets for cryptocurrency theft, with 423 wallets accumulating approximately ,000, leading to potential total losses of around ,000. MassJacker shares similarities with another malware variant, MassLogger, but the identities of the attackers remain unknown.

AppWizard

March 11, 2025

PlayPraetor Malware Targets Android Users via Fake Play Store Apps to Steal Passwords

A malware campaign called PlayPraetor has been identified by cybersecurity firm CTM360, involving counterfeit Google Play Store websites that trick users into downloading malicious Android applications. These apps are advanced banking Trojans that steal sensitive information, including banking credentials and clipboard data. The operation spans over 6,000 fraudulent web pages designed to mimic the official Play Store, prompting users to install APK files that contain the PlayPraetor Trojan. This malware can log keystrokes, capture screen content, and monitor clipboard activity. Distribution occurs mainly through Meta Ads and SMS messages, exploiting psychological triggers to deceive users. The malware communicates with a command and control server to target specific banking and cryptocurrency wallet applications. The attackers aim for financial gain by draining compromised accounts, executing unauthorized transactions, and potentially engaging in ad fraud. The operation is particularly focused on South-East Asia, and users are advised to download apps only from the official Google Play Store and to maintain updated security software.

Winsage

March 8, 2025

Nearly 1 million Windows devices targeted in advanced “malvertising” spree

A recent cyber campaign targeted nearly 1 million devices across various sectors, using GitHub as the primary platform for hosting malicious payloads, with Discord and Dropbox also involved. The malware exfiltrated sensitive information from infected systems, including critical browser files that store login cookies, passwords, and browsing histories. Compromised files included specific SQLite and JSON files from Mozilla Firefox, Google Chrome, and Microsoft Edge, as well as files stored on Microsoft's OneDrive. The malware also targeted cryptocurrency wallet applications like Ledger Live and Trezor Suite. Microsoft identified that the domains hosting malicious advertisements were linked to unauthorized streaming platforms. Microsoft Defender has been updated to detect the attack-related files, and guidance has been provided for those who may have been affected.

Tech Optimizer

February 6, 2025

Beware of Nova Stealer Malware Sold for $50 on Hacking Forums

Nova Stealer is a malware operating under the Malware-as-a-Service (MaaS) model, available for a low cost for a 30-day license. It is a modified version of the SnakeLogger malware designed to extract sensitive information from compromised systems. Its distribution primarily occurs through aggressive phishing campaigns targeting sectors such as finance, retail, and IT, especially in regions like Russia. Nova Stealer infiltrates systems via phishing emails disguised as legitimate documents and employs techniques like steganography and process hollowing to evade detection. It can harvest data including saved credentials, keystrokes, clipboard contents, screenshots, cryptocurrency wallet information, and session cookies from platforms like Discord and Steam. The stolen data is transmitted through channels such as SMTP, FTP, or Telegram APIs. The malware's developers offer additional services, including cryptors to bypass antivirus detection, and a Telegram group for promotion and technical support. The MaaS model lowers entry barriers for cybercriminals, enabling those with minimal experience to conduct sophisticated attacks. Organizations are advised to implement strong email security measures, educate employees on phishing recognition, and utilize endpoint detection and response solutions to monitor unusual activities. Regular updates to antivirus software and operating systems are also recommended to mitigate vulnerabilities.

Tech Optimizer

February 3, 2025

Regularly Update Software and Devices: A Crucial Step in Crypto Security

Regularly updating software, wallets, operating systems, and antivirus programs is essential for cryptocurrency security. Updates patch vulnerabilities that hackers may exploit, safeguard against new threats, enhance compatibility with new features, secure operating systems, and improve phishing and scam prevention. Keeping hardware wallet firmware up to date is crucial for security and compatibility. Regular updates to antivirus software protect against malware that could compromise cryptocurrency. Establishing a routine for updates, enabling automatic updates, checking for manual updates, and backing up data before updating are recommended practices. Delaying critical updates increases exposure to security risks.

Tech Optimizer

November 22, 2024

Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It

A victim lost over ,000 in cryptocurrency due to a malware attack that bypassed Microsoft Defender. The attacker persuaded the victim to download a malicious application disguised as a game called Orbit Unit via Telegram. The malware accessed the victim's Google passwords through an unlocked Bitwarden, compromising his cryptocurrency wallet. Despite having Malwarebytes installed, it did not provide real-time protection, only identifying the malware after the damage was done. Researchers confirmed that Microsoft Defender failed to block the malware or detect it once operational. The malware used PowerShell to execute scripts and installed a deceptive Chrome extension to steal credentials and manipulate browser activity. In tests, Malwarebytes with real-time protection blocked the malware, while Bitdefender prevented access to sensitive information. The malware did not execute if the user was located in Russia, Ukraine, or Belarus. SafetyDetectives advised against storing wallet passwords digitally and recommended using reputable antivirus software with real-time protection. They also suggested limiting cryptocurrency in browser wallets and using hardware wallets for significant amounts.