BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Enigma, Vector and TgToxic: new threats for cryptocurrency holders

    Researchers note an increase in the activity of malicious software aimed at owners of cryptocurrency accounts. Enigma, Vector and TgToxic are some of the most popular crypto threats of recent months.

    Enigma is a modified version of Stealerium, an open source C# malware that acts as a stealer, clipper and keylogger. The path of infection begins with a malicious ".rar" archive, which is distributed through phishing job search platforms or social networks. The archive contains two files: a plain text document with a list of questions for the applicant and a Microsoft Word document that acts as a decoy. There, for example, may contain some information about the vacancy or organization. Everything is done to ensure that the victim does not have suspicions that he has downloaded malware. The above Microsoft Word file performs the first stage of downloading the Enigma malware.

    “In order to download the next stage payload, the malware sends a request to a hacker-controlled Telegram channel to get the file path. This approach allows the attacker to constantly update malicious files, and also eliminates the dependence on fixed names of these files,” said Trend Micro researchers.

    The second stage loader, which runs with elevated privileges, is designed to disable Microsoft Defender and install the third stage payload by deploying a legitimately signed Intel driver in kernel mode using a BYOVD attack.

    The payload of the third stage is the Enigma Stealer itself. The malware, like other stealers, has the features of collecting confidential information, recording keystrokes, and capturing screenshots.

    Another malicious program, called Vector Stealer, has also been actively used by cybercriminals recently. It has the ability to steal ".rdp" files, allowing RDP interception for remote access, according to Cyble's technical report.

    Attack chains documented by cybersecurity companies show that malware family data is most often delivered to a victim's computer via Microsoft Office attachments containing malicious macros. Attackers still manage to successfully exploit this method, despite attempts by Microsoft to close the loophole.

    On mobile devices, TgToxic can be included in the group of malware that targets cryptocurrency wallets. This is a banking trojan for Android that steals credentials and funds from crypto wallets, as well as from banking and financial applications. The TgToxic malicious campaign has been ongoing since July 2022 and is directed against mobile device users in Taiwan, Thailand and Indonesia.

    “When a user downloads a fake app from a website provided by an attacker, the hacker tricks the victim into registering, installing malware, and enabling the necessary permissions,” Trend Micro researchers note.

    However, social engineering campaigns have long gone beyond simple phishing. Attackers have recently created fake pages imitating popular crypto services in order to transfer Ethereum and NFT from hacked wallets. These pages are usually embedded with a Crypto Drainer script that forces victims to connect their wallets to the service, luring them with lucrative NFT minting offers.

    "Crypto-Drainers are malicious scripts that function as electronic skimmers and are used in phishing techniques to steal victims’ crypto assets," Recorded Future said in a report.

    According to publicly available data, in 2022, various criminal groups stole $3.8 billion worth of cryptocurrencies. A solid amount to think about the security of your crypto wallet. Most of these attacks are attributed to hacker groups sponsored by North Korea.

    Author DeepWeb
    $8.5 million stolen from DeFi platform Platypus
    Hackers use popular macOS programs to mine cryptocurrency

    Comments 0

    Add comment