The Qulab information-stealing and clipboard hijacker trojan is being propagated on YouTube via fraudulent videos about an allegedly free bitcoin (BTC) generator, BleepingComputer reports on May 29. According to the report, security researcher Frost reached out to BleepingComputer about the trojan scam, saying that YouTube would take down the fraudulent videos when reported, but new accounts and videos would subsequently pop up with the same MO. The videos reportedly describe a tool that lets users earn free bitcoin, with a link in the video description. The links then direct to a download for the alleged tool, which is the Qulab …

As many as 50,000 servers worldwide have allegedly been infected with an advanced cryptojacking malware that mines the privacy-focused open source cryptocurrency turtlecoin (TRTL). The news was revealed in an analysis by international hacker and cybersecurity expert group Guardicore Labs on May 29. As reported, cryptojacking is an industry term for stealth crypto mining attacks which work by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. Having first detected the campaign in April and traced its origins and progress, Guardicore Labs believes the malware has infected up to 50,000 Windows …

An app that claims to give users the chance to earn $45 a day in free bitcoin (BTC) is a scam, according to a tweet by an “independent malware hunter” posted on May 20. The software, known as Bitcoin Collector, is advertised on a website that supposedly enables users to share a unique URL with their friends with payouts of 3 ether (ETH) (worth about $800 at press time) for every 1,000 people who click on it. But according to a security researcher who goes by the nickname Frost on Twitter, the app is a front for attempts to steal …

Fraudsters have been adding fake cryptocurrency wallets to the Google Play store in an attempt to cash in on rising bitcoin (BTC) prices, ESET antivirus researchers claimed on May 23. One malicious app imitated the hardware wallet Trezor — and the investigation found that the software had ties to another fake app that has the potential to scam unsuspecting users out of money. While the app’s page on Google Play looked legitimate, the researchers said the software itself contains no Trezor branding at all, with a generic login screen phishing for credentials. According to ESET, more than 1,000 users had …

A global threat report has concluded that the three most common malware variants detected in April were crypto miners, according to a news release on May 14. Check Point Research said Cryptoloot, malware that uses the victim’s computing power to mine for crypto without their knowledge, was last month’s biggest threat. XMRig, open-source software which is used for mining monero (XMR), was in second place. Rounding off the top three was JSEcoin, a JavaScript miner embedded in websites. Despite their prevalence, the company’s researchers believe that criminals are shifting their focus away from crypto mining. Several popular services used to …

Cybercriminals are now reportedly exploiting known vulnerability CVE-2019-3396 in the software Confluence, a workspace productivity tool made by Atlassian, according to a report by security intelligence firm Trend Micro Inc. on May 7. The exploit that has been developed allows cybercriminals to stealthily install and run a monero (XMR) miner on a vulnerable computer, as well as covering up the mining activity by using a rootkit to hide the malware’s network activity and toll on the host’s central processing unit (CPU). According to an Atlassian security advisory, the vulnerability in question only applies to some older versions of Confluence. The …

The Shellbot cryptojacking malware has gone through an update and come out with some new capabilities, technology news website TechCrunch reported on May 1. Per the report, these findings come from Boston-based cybersecurity firm Threat Stack. The company claims that Shellbot, which was first discovered in 2005, has received a major update. The original Shellbot was capable of brute-forcing the credentials of SSH remote access services on Linux servers protected by weak passwords. The malware then mines privacy-focused monero (XMR). Threat Stack claims that this new-and-improved version is capable of spreading through an infected network and shutting down other miners …

The number of infected Electrum bitcoin (BTC) wallets has reached 152,000 following an ongoing Denial-of-Service (DoS) attack on its servers. The development was reported by anti-malware software firm Malwarebytes in a blog post on April 29. Malwarebytes discovered that the number of infected machines in the botnet has amounted to as high as 152,000, with the volume of stolen funds increasing to $4.6 million. The company managed to pinpoint a loader dubbed Trojan.BeamWinHTTP, which is also involved in downloading the previously-detected Electrum DoSMiner. The largest concentration of the bots is reportedly located in the Asia Pacific region, Brazil and Peru, …

Illicit crypto mining — or cryptojacking — against consumers “is essentially extinct,” declares a report released by cybersecurity company MalwareBytes on April 23. Per the report, after in-browser mining service CoinHive shut down in early March — when the team claimed that the project had become economically inviable — cryptojacking against consumers has sharply decreased. At the same time, the number of such attacks targeting businesses increased from the last quarter. Furthermore, MalwareBytes also notes that bitcoin (BTC) holders who use Electrum wallets on a Mac have lost over $2.3 million in stolen coins to a Trojanized version of the …

Hardware cryptocurrency wallet manufacturer Ledger has detected malware targeting its desktop application, according to a tweet on April 25. Ledger warned its users that the malware locally replaces the Ledger Live desktop app with a malicious one, and advised to follow security practices published on its blog. The company’s Twitter announcement specifically reads: “WARNING: we’ve detected a malware that locally replaces the Ledger Live desktop application by a malicious one. Users of infected computers are asked to enter their 24-word recovery phrase after a fake update.” In the comments to the post, Ledger revealed that the malware is infecting only …

American software security firm Symantec found a spike in a new crypto mining malware that mainly targets enterprises, TechCrunch reports on April 25. The new cryptojacking malware, dubbed Beapy, uses the leaked United States National Security Agency (NSA) hacking tools to spread throughout corporate networks to generate big sums of money from a large amount of computers, the report notes. First spotted in January 2019, Beapy reportedly surged to over 12,000 unique infection across 732 organizations since March, with more than 80% of infections located in China. As found by researchers, Beapy malware is reportedly spread through malicious emails. Once …

Digital payments giant PayPal has won a cybersecurity patent to protect users from crypto ransomware, according to a document from the United States Patent and Trademark Office (USPTO) published on April 16. The system described in the patent, entitled “Techniques for ransomware detection and mitigation,” intends to improve the detection of ransomware and prevent it from locking up users’ access to their files. PayPal’s patent describes ransomware as a malware that may encrypt original data and delete the non-encrypted original version, with the malicious party usually demanding users to pay them in anonymous cryptocurrency in order to decrypt the files. …