A federal jury has convicted two Romanian alleged cybercriminals of spreading malware to steal credit card credentials and illicitly mine cryptocurrency, an announcement from the official website of the United States Department of Justice revealed on April 11. The malware allegedly spread by the suspects was reportedly used for cryptojacking and to steal credit card and other data that the suspects would have sold on darknet markets and used to engage in online auction fraud. As the Justice Department press release reports, Bogdan Nicolescu, 36, and Radu Miclaus, 37, were convicted after a 12-day trial. The two individuals were charged …

Major open-source browser Mozilla Firefox has launched new protections against crypto mining malware in its new browser versions, according to a blog post published on April 9. In its latest Firefox Nightly 68 and Beta 67 versions, Mozilla has enabled a new level of protection against crypto mining and fingerprinting hack attacks in a part of the browser’s Content Blocking suite of protections. The new browsing feature has been developed in collaboration with privacy and security software firm Disconnect, and represents a collection of blacklists of malware domains associated with fingerprinting and crypto mining scripts. Disconnect’s blacklist is reportedly capable …

A new strain of Trojan malware for Android phones is targeting global users of top crypto apps such as Coinbase, BitPay and Bitcoin Wallet, as well as banks including JPMorgan, Wells Fargo, and Bank of America. The news was reported by technology news outlet The Next Web on March 28. Based on research from prominent cybercrime analytics firm Group-IB, this is reportedly the first time the Trojan — now named “Gustuff” — has been reported or analyzed. The malware is described as being designed for mass infection and is spread by SMS messages with links to load malicious Android package …

Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …

Video-sharing platform YouTube purportedly ran a malicious advertisement for Bitcoin (BTC) wallet Electrum by mistake, according to a Reddit post published on March 26. Viewers interested in the advertisement were redirected to a malicious link using a common scamming method called typosquatting or URL hijacking. In the Reddit post, a user named mrsxeplatypus warned the public about the promotion of a malware version of Electrum, and described how the scam ad worked: “The malicious advertisement is disguised to look like a real Electrum advertisement [...] It even tells you to go to the correct link (electrum.org) in the video but …

Israeli fintech companies that work with forex and crypto trading are being targeted by malware, according to a blog post from threat research department Unit 42 of cybersecurity company Palo Alto Networks published on March 19. Per the report, Unit 42 first encountered an older version of the malware in question, Cardinal RAT, in 2017. Since April 2017, Cardinal RAT has been identified when examining attacks against two Israel-based fintech companies engaged in developing forex and crypto trading software. The software is a Remote Access Trojan (RAT), which allows the attacker to remotely take control of the system. The updates …

A Google Chrome browser extension tricking users into participating in a fake airdrop from cryptocurrency exchange Huobi claimed over 200 victims, a security researcher reported in a blog post on March 14. The extension for Chrome web browser, with the name NoCoin, gained 230 downloads before Google deleted it, according to Harry Denley, who runs cryptocurrency scam database EtherscamDB. Denley noted that hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking. “From the start, it looked like it did what it should — it was detected [sic] various CryptoJacking …

Cybercriminals are reportedly favoring unhurried approaches in attacks made for financial gains, with cryptojacking as a prime example of this shift. IT news website ComputerWorld reported on this development on March 14. Data released by cybersecurity company Darktrace reveals that cryptojacking attempts increased by 78 percent in 2018, and, according to ComputerWorld, the company also said that this trend continued in 2019. The ComputerWorld article cites Max Heinemeyer, director of threat hunting at Darktrace, commenting on the findings. He reportedly said that since many ransomware victims may be unable to pay a ransom in Bitcoin (BTC) due to technical ineptitude, …

A new hacking tool is propagating throughout the online community in an attempt to install cryptocurrency mining malware, researchers at security intelligence firm Trend Micro confirmed in a blog post on Feb. 20. Detected at the end of January, the tool is a combination of extant threats which previously targeted Microsoft Windows users: MIMIKATZ and RADMIN. “Between the last week of January to February, we noticed an increase in hack tool installation attempts that dropped seemingly random files into the Windows directory,” the blog post reads: “Initially appearing unrelated, analysis showed the final payload to be a Monero (XMR) cryptocurrency-mining …

Decentralized app (DApp) MetaMask is facing fresh problems from cryptocurrency scammers after malware impersonating the tool appeared on Google Play, cybersecurity company Eset reported on Feb. 8. The malware, which replaces computer clipboard information in an attempt to steal cryptocurrency, was removed by Google at the beginning of the month after a tipoff from Eset researchers. Known as a “Clipper,” the malware replaces copied cryptocurrency wallet addresses with an address belonging to an attacker in the hope that funds will be sent elsewhere without the user noticing. The discovery marked the first time such malware had made it past Google’s …

More cryptocurrency mining malware continues to target major corporations, hijacking victims to mine altcoin Monero (XMR), new research warned on Feb. 5. Findings from the Special Ops team at United States cybersecurity company JASK reveal a modified version of trojan Shellbot has become increasingly prevalent since its debut in November last year. The perpetrators, the company says, appear to be a Romanian hacker group known as Outlaw, a translation of the Romanian word “haiduc,” which also lends its name to one of the payloads the malware installs. “The toolkit observed [...] in use by the attacker contains three primary components: …

A new form of malware steals cookies from cryptocurrency exchanges and other data in an attempt to hack user accounts, cybersecurity research team Palo Alto Networks reported on Jan. 31. CookieMiner, a progression of OSX.DarthMiner, is a malware targets Mac users, stealing saved Google Chrome passwords, iPhone SMS messages and iTunes backups on tethered machines and more. Along with the cookies, the goal of the malware is to gain access to cryptocurrency exchange accounts. According to Palo Alto, the hackers assume a combination of the stolen data would allow them to bypass the multi-layer authentication that many exchange users set …