π New Phishing Technique and Malware Threats Identified in 2025 Security Analysis
#Phishing #Malware #CyberSecurity #SecurityAnalysis #2025Threats #SlowMist #PhishingTechniques #MaliciousPrograms #DataProtection #SocialMediaSecurity #CyberAttack
According to BlockBeats, SlowMist released its security incident analysis for the fourth quarter of 2025, highlighting a new, more covert phishing technique. This method allows users to be redirected to phishing sites even when they manually enter the correct official domain name. Victims have reported that despite entering the correct address, their browsers automatically complete it with a counterfeit domain created by attackers. This issue is not due to user error but rather because attackers have polluted the browser's history through ads, social media guidance, or fake announcements. Once the phishing domain is stored in the browser's autocomplete logic, users are redirected to a fake site that closely resembles the official website.
Additionally, there is a resurgence in computer malware attacks. Attackers often use phishing links, private messages in social tools, or so-called "resource downloads" to quietly implant malicious programs into users' local environments. Once a device is infected, data related to wallets is at risk.#Phishing #Malware #CyberSecurity #SecurityAnalysis #2025Threats #SlowMist #PhishingTechniques #MaliciousPrograms #DataProtection #SocialMediaSecurity #CyberAttack
π Cardano Users Targeted by Sophisticated Phishing Attack
#Cardano #phishing #EternlDesktop #malware #security #NIGHT #ATMA #remotecontrol #LogMeIn #cybersecurity #ADA
According to PANews, a sophisticated phishing attack is targeting Cardano users by distributing announcements disguised as the 'Eternl Desktop' wallet. This malicious campaign aims to trick users into downloading an MSI file containing remote control tools. The attackers impersonate official communications and reference NIGHT and ATMA token incentives to lure victims. They are using the domain download.eternldesktop.network to distribute unsigned installation packages. Security researchers have identified that the file includes the LogMeIn Resolve component, which allows for remote command execution and persistent system control. Users are advised to download wallet software only from official sources.#Cardano #phishing #EternlDesktop #malware #security #NIGHT #ATMA #remotecontrol #LogMeIn #cybersecurity #ADA
π Instagram Data Breach Exposes Sensitive Information of 17.5 Million Users
#Instagram #DataBreach #SensitiveInformation #Users #Security #DarkWeb #PhishingAttacks #Malware #APIExposure #Meta #PasswordReset #TwoFactorAuthentication #AccountSecurity
According to BlockBeats, a data breach on Instagram has exposed sensitive information of approximately 17.5 million users, including usernames, email addresses, phone numbers, and physical addresses. The compromised data has reportedly been sold on the dark web and may be used for phishing attacks and account takeovers. Malwarebytes, a security company, suggests the incident might be linked to an API exposure issue from Instagram in 2024. Affected users have been receiving frequent password reset emails. As of now, Meta has not issued an official response. Security experts recommend users enable two-factor authentication (2FA) and change their passwords to enhance account security.#Instagram #DataBreach #SensitiveInformation #Users #Security #DarkWeb #PhishingAttacks #Malware #APIExposure #Meta #PasswordReset #TwoFactorAuthentication #AccountSecurity
π DeadLock Ransomware Utilizes Polygon Smart Contracts for Evasion
#DeadLock #Ransomware #Polygon #SmartContracts #Evasion #ChainCatcher #JavaScript #HTML #RPC #ProxyServers #EtherHiding #DecentralizedLedgers #EncryptedCommunication #Session #Malware
According to ChainCatcher, the ransomware family DeadLock is employing Polygon smart contracts to distribute and rotate proxy server addresses, aiming to evade security detection. Initially discovered in July 2025, this malware embeds JavaScript code within HTML files to interact with the Polygon network, using RPC lists as gateways to obtain server addresses controlled by attackers. This technique resembles the previously identified EtherHiding method, which leverages decentralized ledgers to create hard-to-block covert communication channels. DeadLock has released at least three variants, with the latest version incorporating the encrypted communication application Session to directly communicate with victims.#DeadLock #Ransomware #Polygon #SmartContracts #Evasion #ChainCatcher #JavaScript #HTML #RPC #ProxyServers #EtherHiding #DecentralizedLedgers #EncryptedCommunication #Session #Malware
π New Domain Resurrection Attack Targets Linux Snap Store
#domainresurrectionattack #linuxsnapstore #cybersecurity #cryptotheft #malware #hackers #cryptowallets #exodus #ledgerlive #trustwallet #developerdomains #snapmechanism
A new type of 'domain resurrection attack' has been identified on the Linux Snap Store, according to PANews. The attack involves hackers taking control of expired developer domains and updating legitimate applications through official channels. These applications are then disguised as popular wallets like Exodus, Ledger Live, and Trust Wallet to trick users into entering their mnemonic phrases, leading to the theft of cryptocurrency assets. The domains storewise.tech and vagueentertainment.com have been confirmed as hijacked. This attack exploits the Snap mechanism, allowing originally trusted software to be embedded with malicious code without users' knowledge.#domainresurrectionattack #linuxsnapstore #cybersecurity #cryptotheft #malware #hackers #cryptowallets #exodus #ledgerlive #trustwallet #developerdomains #snapmechanism
π Hackers Exploit Worm Propagation Techniques to Target Telegram Accounts
#hackers #wormpropagation #telegram #cybersecurity #cryptotheft #malware #zoomsupport #gamingsoftware #cyberattack #infosteal
Certain hacker groups are employing worm propagation techniques to compromise Telegram accounts, according to Foresight News. These groups contact individuals in both Chinese and English after gaining access to Telegram accounts, using fake Zoom meeting software, malicious code repositories, and infected third-party tools or gaming software to target contacts. Once they have stolen cryptocurrency and account information, the hackers proceed with further operations, continuously refining their worm propagation strategies.#hackers #wormpropagation #telegram #cybersecurity #cryptotheft #malware #zoomsupport #gamingsoftware #cyberattack #infosteal
π North Korean Hackers Intensify Attacks on Crypto Industry Using AI Deepfake Videos
#NorthKoreanHackers #CryptoIndustry #AIDeepfake #CyberAttack #Malware #LazarusGroup #BlueNoroff #SecurityBreach #MultiFactorAuthentication #BlockchainSecurity #HackerGroup #Telegram #CryptoProfessionals #DataTheft #CryptoSecurity #BTC
A hacker group linked to North Korea is escalating its attacks on cryptocurrency industry professionals through AI-generated deepfake video calls. According to Odaily, these hackers impersonate individuals familiar or trusted by the victims to trick them into installing malware. Martin KuchaΕ, co-founder of BTC Prague, revealed that attackers initiate video calls using compromised Telegram accounts and persuade victims to install malicious software disguised as a plugin under the pretext of fixing Zoom audio issues, thereby gaining full control over the device.
Security research firm Huntress noted that this attack method closely resembles previous operations targeting crypto developers. The malicious scripts can execute multi-stage infections on macOS devices, including implanting backdoors, recording keystrokes, stealing clipboard content, and accessing encrypted wallet assets. Researchers have confidently attributed these attacks to the North Korean state-sponsored hacker group Lazarus Group, also known as BlueNoroff.
The head of information security at blockchain security company SlowMist stated that these attacks exhibit clear reuse characteristics across different operations, targeting specific wallets and crypto professionals. Analysts suggest that with the proliferation of deepfake and voice cloning technologies, images and videos are becoming unreliable for verifying identity authenticity. The crypto industry must remain vigilant and enhance multi-factor authentication and security measures.#NorthKoreanHackers #CryptoIndustry #AIDeepfake #CyberAttack #Malware #LazarusGroup #BlueNoroff #SecurityBreach #MultiFactorAuthentication #BlockchainSecurity #HackerGroup #Telegram #CryptoProfessionals #DataTheft #CryptoSecurity #BTC
π North Korean Hackers Use AI Deepfakes in Crypto Attacks
#NorthKoreanHackers #AIDeepfakes #CryptoAttacks #Mandiant #SocialEngineering #UNC1069 #Malware #CryptocurrencyTheft #Cybersecurity #AIImpersonation #Phishing
Google's Mandiant team has uncovered a North Korean hacking group employing AI-generated deepfakes in advanced social engineering attacks targeting cryptocurrency companies. According to NS3.AI, the group, identified as UNC1069, uses AI to impersonate trusted individuals during fraudulent video meetings. This tactic results in malware infections aimed at stealing credentials and cryptocurrency. This development occurs as North Korean actors increasingly focus on targeted, high-value attacks instead of broad phishing campaigns, contributing to a rise in cryptocurrency thefts.#NorthKoreanHackers #AIDeepfakes #CryptoAttacks #Mandiant #SocialEngineering #UNC1069 #Malware #CryptocurrencyTheft #Cybersecurity #AIImpersonation #Phishing
π Phishing Campaign Targets Trezor and Ledger Users with Fake Letters
#Phishing #Trezor #Ledger #HardwareWallets #Security #Malware #Cybersecurity #DataBreach #FakeLetters #QRCode #DigitalAssets #SecurityExperts
A sophisticated phishing campaign is targeting users of hardware wallets Trezor and Ledger through physical mail, including fake letters adorned with holograms and forged signatures. According to NS3.AI, attackers are leveraging leaked personal data from previous breaches to enhance credibility and persuade victims to scan malicious QR codes designed to steal digital assets. Security experts caution that this approach heightens psychological pressure on users and advise them to verify all communications and refrain from sharing wallet backups.#Phishing #Trezor #Ledger #HardwareWallets #Security #Malware #Cybersecurity #DataBreach #FakeLetters #QRCode #DigitalAssets #SecurityExperts
π Hackers Exploit Fake Windows 11 Ads to Target Cryptocurrency Users
#Hackers #Windows11 #Cryptocurrency #Malware #Phishing #Geofencing #LunarApplication #CyberSecurity #FacebookAds
Hackers are using deceptive Windows 11 update advertisements on Facebook to steal assets from cryptocurrency users. According to ChainCatcher, these ads feature professional Microsoft branding and direct users to a cloned Microsoft website, where malicious software is downloaded.
The malware installs a framework called 'LunarApplication' on victims' computers, designed to steal cryptocurrency wallet seed phrases, login credentials, and other sensitive information. Hackers employ geofencing technology to avoid detection by data center IP addresses and automated scanners.#Hackers #Windows11 #Cryptocurrency #Malware #Phishing #Geofencing #LunarApplication #CyberSecurity #FacebookAds
π Cybersecurity Report Reveals Spyware Targeting Israelis
#Cybersecurity #Spyware #Israel #Privacy #DataSecurity #CyberThreats #SmartphoneSecurity #Malware #AppSecurity #CyberSafety
Hackers are reportedly targeting Israelis with spyware disguised as a smartphone app that provides safety alerts. Bloomberg posted on X, highlighting findings from recent cybersecurity research. The malicious software is designed to infiltrate devices under the guise of offering security notifications, posing a significant threat to users' privacy and data security. The research underscores the growing sophistication of cyber threats and the need for heightened vigilance among smartphone users. Authorities and cybersecurity experts are urging individuals to be cautious when downloading apps and to verify their authenticity to protect against potential breaches.#Cybersecurity #Spyware #Israel #Privacy #DataSecurity #CyberThreats #SmartphoneSecurity #Malware #AppSecurity #CyberSafety
π Google Uncovers DarkSword iOS Exploit Targeting Crypto Apps
#Google #iOS #Exploit #DarkSword #Malware #CryptoApps #Ghostblade #DataTheft #CyberSecurity #SaudiArabia #Ukraine #Cryptocurrency
Google researchers have discovered an iOS exploit chain named DarkSword, which utilizes six vulnerabilities to install malware on iPhones operating on iOS versions 18.4 through 18.7. According to NS3.AI, the malware, known as Ghostblade, is designed to search for major cryptocurrency exchange and wallet applications, while also stealing messages, passwords, browsing data, and other device information. The campaigns have been observed in Saudi Arabia and Ukraine. Ghostblade is engineered for rapid data theft rather than prolonged surveillance.#Google #iOS #Exploit #DarkSword #Malware #CryptoApps #Ghostblade #DataTheft #CyberSecurity #SaudiArabia #Ukraine #Cryptocurrency
π Malware Targets Brazil's PIX Payment System Users
#Malware #Brazil #PIX #PixRevolution #CyberSecurity #FinancialFraud #DigitalPayments
A new malware named PixRevolution is posing a threat to users of Brazil's PIX payment system, which boasts over 150 million registered users. According to NS3.AI, this malware actively monitors PIX transfers in real time and alters the recipient account during the payment process, potentially leading to unauthorized transactions and financial losses for users.#Malware #Brazil #PIX #PixRevolution #CyberSecurity #FinancialFraud #DigitalPayments
π iOS Users Urged to Update Amid Critical Security Vulnerability
#iOSUpdate #SecurityVulnerability #DarkSword #iPhone #iPad #CryptoSecurity #Malware #CyberSecurity #TwoFactorAuthentication #GTIG #BinanceWallet #AppPermissions #CryptoWallet #SecurityAlert #UpdateNow #StaySafe
Binance Wallet announced on X that Apple is urging iPhone and iPad users to immediately update their iOS systems due to a critical security vulnerability. The Google Threat Intelligence Group (GTIG) has identified an exploit chain, named βDarkSword,β which affects iOS versions 18.4 to 18.7. This vulnerability is a system-level issue and is not linked to any exchange or wallet application.
The exploit can be triggered when users visit compromised websites that appear legitimate. It allows attackers to extract sensitive data, including information from crypto wallets, without any user interaction. The malware is capable of erasing its traces post-execution, making it challenging to detect. Devices running iOS 18.4 to 18.7 are particularly at risk.
To mitigate the risk, users are advised to update their devices to the latest iOS version immediately. Additionally, it is recommended to avoid clicking on unknown links or visiting untrusted websites. Users should also review app permissions and disable any unnecessary access. Enabling Two-Factor Authentication (2FA) on all crypto-related accounts and activating withdrawal whitelists are further suggested precautions.
This security alert is crucial for all users, not just those associated with Binance, as security is fundamental to the entire ecosystem. Protecting user assets is a top priority, and taking these steps can help safeguard against potential threats.#iOSUpdate #SecurityVulnerability #DarkSword #iPhone #iPad #CryptoSecurity #Malware #CyberSecurity #TwoFactorAuthentication #GTIG #BinanceWallet #AppPermissions #CryptoWallet #SecurityAlert #UpdateNow #StaySafe
π Critical Vulnerability Discovered in OpenClaw's ClawHub Repository
#OpenClaw #ClawHub #Vulnerability #CyberSecurity #Malware #DataTheft #Exploit #SecurityPatch #AgentGuard #GoPlusSecurity
A severe vulnerability has been identified in OpenClaw's ClawHub repository, according to ChainCatcher. Security researchers from Silverfort discovered that attackers could exploit the flaw by invoking the internal function downloads:increment, bypassing all security measures. This allows them to artificially inflate download counts to over 20,000 within minutes using a simple curl request, pushing malicious code to the top of search rankings and potentially leading users or AI agents to automatically install harmful skills.
Once executed, these malicious skills can steal sensitive data such as cryptocurrency wallets and API keys. The vulnerability has been addressed and fixed within 24 hours. GoPlus Security advises users that high download counts do not necessarily indicate safety and recommends using AgentGuard for security scanning and protection.#OpenClaw #ClawHub #Vulnerability #CyberSecurity #Malware #DataTheft #Exploit #SecurityPatch #AgentGuard #GoPlusSecurity
π Security Flaw Found in Claude Chrome Extension
#CyberSecurity #Vulnerability #ChromeExtension #XSS #ClaudeAI #Malware #DataBreach #BrowserSecurity #UpdateRequired #Phishing
A critical vulnerability has been identified in the Claude Chrome extension, affecting versions below 1.41. According to ChainCatcher, GoPlus cited a report from Koi highlighting this issue.
The flaw allows attackers to exploit malicious web pages that silently load iframes containing cross-site scripting (XSS) vulnerabilities. These can execute harmful payloads within the a-cdn.claude.ai subdomain, which is on the extension's trusted whitelist. This enables attackers to send and automatically execute malicious prompts to the Claude extension without user consent or interaction, leaving victims unaware.
The vulnerability could allow attackers to manipulate the Claude extension to access users' Google Drive documents, steal business access tokens, or export chat logs. Additionally, it could enable the takeover of current browser sessions to perform sensitive actions, such as sending emails, impersonating the victim.
GoPlus advises users to update the Claude extension to version 1.41 or higher immediately and to remain vigilant against phishing links.#CyberSecurity #Vulnerability #ChromeExtension #XSS #ClaudeAI #Malware #DataBreach #BrowserSecurity #UpdateRequired #Phishing
π Supply Chain Attack Targets Popular npm Package Axios
#SupplyChainAttack #npm #Axios #Malware #CyberSecurity #ForesightNews #SocketAI
A significant supply chain attack has targeted the npm package axios, according to Foresight News. The latest version, axios@1.14.1, has been compromised with a malicious package, plain-crypto-js@4.2.1, which was previously nonexistent. This package has been confirmed as malware by Socket AI's analysis. Axios, which has a weekly download rate exceeding 100 million, poses a potential risk to all projects that have updated to the latest version.
Feross, the founder of Socket AI, advises all axios users to immediately lock their current version and review their lock files, avoiding any upgrades to the latest version.#SupplyChainAttack #npm #Axios #Malware #CyberSecurity #ForesightNews #SocketAI
π AI TRENDS | Cybersecurity Alert: Fake OpenClaw Sites Distribute Malware
#AI #Cybersecurity #Malware #OpenClaw #CyberThreat #DataBreach #CyberAttack #InformationSecurity
The Ministry of Industry and Information Technology's cybersecurity threat and vulnerability information sharing platform has detected malicious activities involving OpenClaw, a popular AI tool. According to PANews, attackers are exploiting OpenClaw's popularity by creating counterfeit websites and installation files to trick users into downloading malware-laden files. Once executed, these files discreetly load malicious programs onto devices, potentially leading to cyberattacks, system control, and data breaches.
The monitoring has identified fake domains such as ai-openclaw.com.cn and web-openclaw.com.cn, along with malicious installation packages named openclaw.zip, openclawAI7beAolenc.zip, openclaw.exe, and opealeAi_7beAole-x64.exe. Users are advised to download OpenClaw and its plugins from trusted sources and exercise caution when clicking on unfamiliar links to mitigate the risk of cyber threats.#AI #Cybersecurity #Malware #OpenClaw #CyberThreat #DataBreach #CyberAttack #InformationSecurity
π Axios Library Compromised by Malicious Attack
#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken
An attacker has compromised the npm access token of the lead maintainer of Axios, a popular JavaScript HTTP client library, and used it to release two malicious versions containing cross-platform remote access trojans (RATs). According to ChainCatcher, these versions, axios@1.14.1 and axios@0.3.4, targeted macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry approximately three hours after their release.
Data from security company Wiz indicates that Axios is downloaded over 100 million times weekly and is present in about 80% of cloud and code environments. Security firm Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure period. Notably, the Axios project had implemented modern security measures such as the OIDC trusted publishing mechanism and SLSA provenance proofs. However, the attacker bypassed these defenses entirely.
The investigation revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN. When both tokens coexist, npm defaults to using the traditional token, allowing the attacker to publish without breaching OIDC.#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken
π Cybercriminals Exploit Cloud-Based Android Phones to Evade Bank Security
#cybercriminals #cloudbasedphones #android #banksecurity #fraud #socialengineering #malware #cybersecurity #NS3AI #malwarebytes
Cybercriminals are increasingly using rented cloud-based Android phones, which cost between $0.10 and $0.50 per hour, to circumvent bank anti-fraud measures and deplete customer accounts. According to NS3.AI, these attacks continue to depend heavily on social engineering tactics. Malwarebytes researcher Pieter Arntz highlighted that these methods often involve soliciting one-time passwords, login approvals, or transfers to so-called 'safe accounts.'#cybercriminals #cloudbasedphones #android #banksecurity #fraud #socialengineering #malware #cybersecurity #NS3AI #malwarebytes