The notorious North Korean hackers known as the Lazarus APT Group have created another malware targeting Apple Macs that masquerades behind a fake cryptocurrency firm. Apple Mac security specialist and principal security researcher at Jamf Patrick Wardle published a blog post on Oct. 12 outlining the nature of the malware, revealed by MalwareHunterTeam (MHT) researchers the previous day. Closely related to earlier macOS crypto-malware MHT and Wardle have warned that at the time of their warning, the malware was undetected by any engines on VirusTotal and that the sample appears to be closely related to a strain of Mac malware …

Around 72,000 devices in 2019 alone were infected during a suspiciously cheap yet successful malware campaign to steal cryptocurrency, new data warns. MasterMana continues to spread According to the research report published by cyberintelligence company Prevailion on Oct. 2, the MasterMana botnet uses budget Russian malware that is delivered as a Trojan via a phishing email scam. The malware itself likely costs just $100, though the hackers also required a virtual public server at a cost of $60. Despite costing just around $160 in total, MasterMana achieved considerable success, Prevailion warned, concluding that the bad actors behind it reached 2,000 …

Major Slovakia-based antivirus software provider ESET has discovered a banking trojan that can steal cryptocurrencies and is especially widespread in Latin America. Primary targets Known as “Casbaneiro” or “Metamorfo,” the newly found malware family targets banks and cryptocurrency services located in Brazil and Mexico, ESET’s editorial arm WeLiveSecurity reports Oct. 3. According to the report, Casbaneiro uses a social engineering execution method, which displays fake pop-up windows misleading potential victims to enter sensitive information. The capabilities of the malware are typical of Latin American banking trojans that can take screenshots and send them to command and control server, simulate keyboard …

Amerian Internet infrastructure firm Juniper Networks has found a new spyware that uses Telegram app to replace crypto addresses with its own. Masad Clipper and Stealer Juniper Threat Labs, a threat intelligence portal at Juniper Networks (NYSE: JNPR), discovered a new Trojan-delivered malware implementing major global messaging app Telegram to exfiltrate stolen information, according to threat research released on Sept. 26. Reportedly circulating under the name “Masad Clipper and Stealer” on black market forums, the spyware is capable of stealing a broad list of browsing data, including usernames, passwords, credit card information. Moreover, the malware also includes a function that …

Cybersecurity firm Emsisoft has released a solution for Bitcoin (BTC)-demanding ransomware WannaCryFake. Pay Bitcoin in return for your data In a Sept. 25 blog post, Emsisoft announced that they are releasing a new free fix for the WannaCryFake ransomware bug. The WannaCryFake is the next version of the WannaCry worm, a type of malicious software program that first began spreading across computer networks in May 2017. When a computer system is infected with the WannaCryFake worm, data is held hostage and a payment in Bitcoin will be requested to decrypt the files and release access to data. Emsisoft explains: “WannaCryFake …

A new Remote Access Trojan (RAT) malware that steals Bitcoin (BTC) wallet data has been discovered by security researchers, according to a Sept. 12 report from Zscaler ThreatLabZ. The RAT, dubbed InnfiRAT, is designed to perform a wide range of tasks on the infected machines, including specifically seeking out Bitcoin and Litecoin (LTC) wallet data. A multi-pronged attack on infected systems As the researchers note, InnfiRAT is written in .NET, a software framework developed by Microsoft and used to develop a wide range of applications. The malware is designed to access and steals personal data stored on victims’ computers — …

Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden. On Sept. 16, Augusto Remillano II and Jakub Urbanec revealed in a post on Trend Micro, a security intelligence blog, that they found new Linux malware. According to the analysts, this malware is particularly notable because of the way it loads malicious kernel modules to hide its cryptocurrency mining operations. Malware provides hackers full access to infected machine The analysts revealed that Skidmap masks its cryptocurrency mining by utilizing a rootkit, which is a program that installs and executes code on a system without …

Chinese authorities arrested fifteen men suspected of corrupting an internet café administrator to mine cryptocurrency. Local crypto industry news outlet 8BTC reported on Sept. 3 that police in Henyang, a city in south central China’s Hunan province, arrested the man for cryptojacking. Over 9,000 computer administrators were reportedly involved in helping the unauthorized mining operation. A profitable endeavor The cryptocurrency mined by the suspects in the four months ending in July has been sold for over a hundred million yuan (about $14 million). Local police received a report suggesting that many local Internet cafes were running cryptojacking malware. The findings …

A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times. Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21. The malicious code was first noticed by a GitHub user, who posted about the issue on Aug. 19. He said that, when executed, the library downloaded additional code from text hosting service Pastebin, which then triggered the malicious mining. The malware also sent the address of the infected host to the attacker, alongside environment variables which …

Cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection. Varonis published a report about Norman on Aug.14. According to the report, Varonis found Norman as one of many cryptojacking viruses deployed in an attack that infected machines at a mid-size company. Hackers and cybercriminals deploy cryptojacking hardware to use the computing power of unsuspecting users’ machines to mine cryptocurrencies like the privacy oriented coin Monero. Norman in particular is a crypto miner based on XMRig, which is described in the report as a high-performance miner for Monero …

Cyber criminals have netted $4.3 billion from digital currency exchanges, investors and users in 2019. Blockchain security company CipherTrace gave its summary crypto-related theft in its Anti-Money Laundering report that it shared with Cointelegraph on Aug. 12. According to CipherTrace, outright thefts, scams and other kinds of misappropriation of funds from digital currency holders and trading platforms resulted in around $4.3 billion in losses throughout 2019. In the first quarter of 2019, hackers reportedly stole over $124 million from cryptocurrency exchanges, with a total of $480 million stolen from exchanges in 2019. The largest single incident of loss cited by …

Malware Smominru mines Monero (XMR) on at least half a million infected computers and now also steals sensitive personal data. An updated malware Cybersecurity company Carbon Black claimed that its Threat Analysis Unit “uncovered a secondary component in a well-known cryptomining campaign” in a report published on Aug. 7. According to the firm, the malware has now been updated to “also steal system access information for possible sale on the dark web.” Per the report, the update is part of a broader trend in malware development: “This discovery indicates a bigger trend of commodity malware evolving to mask a darker …