π MacSync Malware Variant Bypasses macOS Gatekeeper, Poses High Risk
#MacSync #Malware #macOS #Gatekeeper #Cybersecurity #SlowMist #DataTheft #iCloud #Cryptocurrency #Phishing #MalwareVariant #TechSecurity #OnlineThreat
According to Foresight News, SlowMist's Chief Information Security Officer, 23pds, has issued a warning about a new variant of the MacSync malware. This variant is capable of bypassing the macOS Gatekeeper security feature, and it has already affected user assets. The malware employs techniques such as file inflation, network verification, and self-destruct scripts post-execution to evade detection. It can steal sensitive data, including iCloud keychains, browser passwords, and cryptocurrency wallets, posing a significant risk. Mac users are advised to exercise caution and avoid downloading software and plugins from unknown sources.#MacSync #Malware #macOS #Gatekeeper #Cybersecurity #SlowMist #DataTheft #iCloud #Cryptocurrency #Phishing #MalwareVariant #TechSecurity #OnlineThreat
π Kaspersky Warns of New Malware Targeting Windows Users
#Kaspersky #Malware #Stealka #WindowsUsers #Cybersecurity #InformationStealing #FinancialData #BrowserCredentials #Cryptocurrency #GitHub #SourceForge #PiratedSoftware #Obfuscation #PasswordTheft #DigitalCrime
According to BlockBeats, global cybersecurity firm Kaspersky has issued an urgent alert regarding a new sophisticated information-stealing tool named 'Stealka.' This malware has begun large-scale attacks on Windows users. Discovered at the end of 2025, Stealka is specifically designed to collect sensitive financial data, browser credentials, and cryptocurrency wallet information.
The malware is primarily distributed through deceptive platforms like GitHub and SourceForge, masquerading as pirated software or cracked versions of high-demand applications. Stealka poses a significant threat due to its use of advanced obfuscation techniques, allowing it to bypass traditional signature-based security solutions and remain undetected during comprehensive scans of victim devices.
This threat emerges amid a nearly 60% surge in password theft detections throughout the year, marking a more aggressive phase in the evolution of digital financial crime.#Kaspersky #Malware #Stealka #WindowsUsers #Cybersecurity #InformationStealing #FinancialData #BrowserCredentials #Cryptocurrency #GitHub #SourceForge #PiratedSoftware #Obfuscation #PasswordTheft #DigitalCrime
π New Phishing Technique and Malware Threats Identified in 2025 Security Analysis
#Phishing #Malware #CyberSecurity #SecurityAnalysis #2025Threats #SlowMist #PhishingTechniques #MaliciousPrograms #DataProtection #SocialMediaSecurity #CyberAttack
According to BlockBeats, SlowMist released its security incident analysis for the fourth quarter of 2025, highlighting a new, more covert phishing technique. This method allows users to be redirected to phishing sites even when they manually enter the correct official domain name. Victims have reported that despite entering the correct address, their browsers automatically complete it with a counterfeit domain created by attackers. This issue is not due to user error but rather because attackers have polluted the browser's history through ads, social media guidance, or fake announcements. Once the phishing domain is stored in the browser's autocomplete logic, users are redirected to a fake site that closely resembles the official website.
Additionally, there is a resurgence in computer malware attacks. Attackers often use phishing links, private messages in social tools, or so-called "resource downloads" to quietly implant malicious programs into users' local environments. Once a device is infected, data related to wallets is at risk.#Phishing #Malware #CyberSecurity #SecurityAnalysis #2025Threats #SlowMist #PhishingTechniques #MaliciousPrograms #DataProtection #SocialMediaSecurity #CyberAttack
π Cardano Users Targeted by Sophisticated Phishing Attack
#Cardano #phishing #EternlDesktop #malware #security #NIGHT #ATMA #remotecontrol #LogMeIn #cybersecurity #ADA
According to PANews, a sophisticated phishing attack is targeting Cardano users by distributing announcements disguised as the 'Eternl Desktop' wallet. This malicious campaign aims to trick users into downloading an MSI file containing remote control tools. The attackers impersonate official communications and reference NIGHT and ATMA token incentives to lure victims. They are using the domain download.eternldesktop.network to distribute unsigned installation packages. Security researchers have identified that the file includes the LogMeIn Resolve component, which allows for remote command execution and persistent system control. Users are advised to download wallet software only from official sources.#Cardano #phishing #EternlDesktop #malware #security #NIGHT #ATMA #remotecontrol #LogMeIn #cybersecurity #ADA
π Instagram Data Breach Exposes Sensitive Information of 17.5 Million Users
#Instagram #DataBreach #SensitiveInformation #Users #Security #DarkWeb #PhishingAttacks #Malware #APIExposure #Meta #PasswordReset #TwoFactorAuthentication #AccountSecurity
According to BlockBeats, a data breach on Instagram has exposed sensitive information of approximately 17.5 million users, including usernames, email addresses, phone numbers, and physical addresses. The compromised data has reportedly been sold on the dark web and may be used for phishing attacks and account takeovers. Malwarebytes, a security company, suggests the incident might be linked to an API exposure issue from Instagram in 2024. Affected users have been receiving frequent password reset emails. As of now, Meta has not issued an official response. Security experts recommend users enable two-factor authentication (2FA) and change their passwords to enhance account security.#Instagram #DataBreach #SensitiveInformation #Users #Security #DarkWeb #PhishingAttacks #Malware #APIExposure #Meta #PasswordReset #TwoFactorAuthentication #AccountSecurity
π DeadLock Ransomware Utilizes Polygon Smart Contracts for Evasion
#DeadLock #Ransomware #Polygon #SmartContracts #Evasion #ChainCatcher #JavaScript #HTML #RPC #ProxyServers #EtherHiding #DecentralizedLedgers #EncryptedCommunication #Session #Malware
According to ChainCatcher, the ransomware family DeadLock is employing Polygon smart contracts to distribute and rotate proxy server addresses, aiming to evade security detection. Initially discovered in July 2025, this malware embeds JavaScript code within HTML files to interact with the Polygon network, using RPC lists as gateways to obtain server addresses controlled by attackers. This technique resembles the previously identified EtherHiding method, which leverages decentralized ledgers to create hard-to-block covert communication channels. DeadLock has released at least three variants, with the latest version incorporating the encrypted communication application Session to directly communicate with victims.#DeadLock #Ransomware #Polygon #SmartContracts #Evasion #ChainCatcher #JavaScript #HTML #RPC #ProxyServers #EtherHiding #DecentralizedLedgers #EncryptedCommunication #Session #Malware
π New Domain Resurrection Attack Targets Linux Snap Store
#domainresurrectionattack #linuxsnapstore #cybersecurity #cryptotheft #malware #hackers #cryptowallets #exodus #ledgerlive #trustwallet #developerdomains #snapmechanism
A new type of 'domain resurrection attack' has been identified on the Linux Snap Store, according to PANews. The attack involves hackers taking control of expired developer domains and updating legitimate applications through official channels. These applications are then disguised as popular wallets like Exodus, Ledger Live, and Trust Wallet to trick users into entering their mnemonic phrases, leading to the theft of cryptocurrency assets. The domains storewise.tech and vagueentertainment.com have been confirmed as hijacked. This attack exploits the Snap mechanism, allowing originally trusted software to be embedded with malicious code without users' knowledge.#domainresurrectionattack #linuxsnapstore #cybersecurity #cryptotheft #malware #hackers #cryptowallets #exodus #ledgerlive #trustwallet #developerdomains #snapmechanism
π Hackers Exploit Worm Propagation Techniques to Target Telegram Accounts
#hackers #wormpropagation #telegram #cybersecurity #cryptotheft #malware #zoomsupport #gamingsoftware #cyberattack #infosteal
Certain hacker groups are employing worm propagation techniques to compromise Telegram accounts, according to Foresight News. These groups contact individuals in both Chinese and English after gaining access to Telegram accounts, using fake Zoom meeting software, malicious code repositories, and infected third-party tools or gaming software to target contacts. Once they have stolen cryptocurrency and account information, the hackers proceed with further operations, continuously refining their worm propagation strategies.#hackers #wormpropagation #telegram #cybersecurity #cryptotheft #malware #zoomsupport #gamingsoftware #cyberattack #infosteal
π North Korean Hackers Intensify Attacks on Crypto Industry Using AI Deepfake Videos
#NorthKoreanHackers #CryptoIndustry #AIDeepfake #CyberAttack #Malware #LazarusGroup #BlueNoroff #SecurityBreach #MultiFactorAuthentication #BlockchainSecurity #HackerGroup #Telegram #CryptoProfessionals #DataTheft #CryptoSecurity #BTC
A hacker group linked to North Korea is escalating its attacks on cryptocurrency industry professionals through AI-generated deepfake video calls. According to Odaily, these hackers impersonate individuals familiar or trusted by the victims to trick them into installing malware. Martin KuchaΕ, co-founder of BTC Prague, revealed that attackers initiate video calls using compromised Telegram accounts and persuade victims to install malicious software disguised as a plugin under the pretext of fixing Zoom audio issues, thereby gaining full control over the device.
Security research firm Huntress noted that this attack method closely resembles previous operations targeting crypto developers. The malicious scripts can execute multi-stage infections on macOS devices, including implanting backdoors, recording keystrokes, stealing clipboard content, and accessing encrypted wallet assets. Researchers have confidently attributed these attacks to the North Korean state-sponsored hacker group Lazarus Group, also known as BlueNoroff.
The head of information security at blockchain security company SlowMist stated that these attacks exhibit clear reuse characteristics across different operations, targeting specific wallets and crypto professionals. Analysts suggest that with the proliferation of deepfake and voice cloning technologies, images and videos are becoming unreliable for verifying identity authenticity. The crypto industry must remain vigilant and enhance multi-factor authentication and security measures.#NorthKoreanHackers #CryptoIndustry #AIDeepfake #CyberAttack #Malware #LazarusGroup #BlueNoroff #SecurityBreach #MultiFactorAuthentication #BlockchainSecurity #HackerGroup #Telegram #CryptoProfessionals #DataTheft #CryptoSecurity #BTC
π North Korean Hackers Use AI Deepfakes in Crypto Attacks
#NorthKoreanHackers #AIDeepfakes #CryptoAttacks #Mandiant #SocialEngineering #UNC1069 #Malware #CryptocurrencyTheft #Cybersecurity #AIImpersonation #Phishing
Google's Mandiant team has uncovered a North Korean hacking group employing AI-generated deepfakes in advanced social engineering attacks targeting cryptocurrency companies. According to NS3.AI, the group, identified as UNC1069, uses AI to impersonate trusted individuals during fraudulent video meetings. This tactic results in malware infections aimed at stealing credentials and cryptocurrency. This development occurs as North Korean actors increasingly focus on targeted, high-value attacks instead of broad phishing campaigns, contributing to a rise in cryptocurrency thefts.#NorthKoreanHackers #AIDeepfakes #CryptoAttacks #Mandiant #SocialEngineering #UNC1069 #Malware #CryptocurrencyTheft #Cybersecurity #AIImpersonation #Phishing