Crypto Threats

Obsidian Plugin Exploitation Spreads PHANTOMPULSE RAT in Targeted Finance and Crypto Attacks

A newly identified cyber campaign has revealed how attackers are exploiting trusted software tools to infiltrate high-value targets. Security researchers have uncovered a sophisticated operation that abuses the popular note-taking application Obsidian to distribute a previously unknown remote access trojan called PHANTOMPULSE RAT. The attacks are primarily aimed at individuals working in financial services and cryptocurrency sectors, where […]

Obsidian Plugin Exploitation Spreads PHANTOMPULSE RAT in Targeted Finance and Crypto Attacks Read More »

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data

Cybersecurity researchers have uncovered a sophisticated malware campaign dubbed GlassWorm, which delivers a multi-stage attack framework designed to steal credentials, exfiltrate cryptocurrency data, and install a remote access trojan (RAT) disguised as a Google Docs Offline extension. Multi-Stage Attack Mechanism According to Aikido Security, GlassWorm begins by infiltrating systems through compromised packages across npm, PyPI,

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data Read More »

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new threat campaign targeting developers through malicious npm packages designed to steal cryptocurrency wallets and sensitive system data. The operation, tracked as the Ghost campaign by ReversingLabs, highlights the growing risks within open-source ecosystems where attackers exploit developer trust. Malicious Packages Masquerading as Legitimate Tools The campaign involves several npm packages published under

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials Read More »

UNC4899 Breached

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device

A sophisticated cyberattack attributed to the North Korean threat group UNC4899 has reportedly compromised a cryptocurrency organization in 2025, resulting in the theft of millions of dollars worth of digital assets. The attack demonstrates how modern cyber operations combine social engineering, cloud exploitation, and supply chain style infiltration. Security researchers have linked the activity with moderate confidence

UNC4899 Breaches Crypto Firm After Trojanized File Is AirDropped to Developer Work Device Read More »

U.S. DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice announced the seizure of approximately 61 million dollars in Tether connected to large scale cryptocurrency fraud operations commonly referred to as pig butchering scams. Authorities stated that the confiscated digital assets were traced to wallet addresses used to launder proceeds stolen from victims of fraudulent crypto investment schemes. Federal investigators

U.S. DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams Read More »

Malicious Go Crypto Module Steals Passwords and Installs Rekoobe Backdoor

Cybersecurity researchers have uncovered a harmful Go programming module that impersonates a trusted cryptography library while secretly stealing passwords and deploying a Linux backdoor known as Rekoobe. The rogue package, published under the path github[.]com/xinfeisoft/crypto, mimics the legitimate Go cryptography repository golang.org/x/crypto. However, instead of providing safe cryptographic utilities, it embeds hidden functionality designed to intercept sensitive

Malicious Go Crypto Module Steals Passwords and Installs Rekoobe Backdoor Read More »

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown

Cybersecurity researchers have uncovered a sophisticated botnet loader named Aeternum C2 that leverages blockchain technology to maintain a resilient and takedown resistant command and control infrastructure. Instead of relying on conventional domains or centralized servers, the malware stores encrypted instructions directly on the Polygon blockchain. According to research published by Qrator Labs, this strategy enables

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Avoid Takedown Read More »

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb

Cybersecurity analysts have uncovered a sophisticated cryptojacking campaign that distributes a customized XMRig miner through pirated software bundles. The operation combines social engineering, privilege escalation, worm like propagation, and a time triggered logic bomb to maximize cryptocurrency mining performance on compromised systems. According to a technical assessment published by Trellix, the malware demonstrates a multi stage

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb Read More »

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have uncovered an active supply chain attack leveraging at least 19 malicious npm packages to harvest credentials, cryptocurrency private keys, CI secrets, and API tokens from developer environments. The campaign, named SANDWORM_MODE by Socket, exhibits worm like behavior similar to earlier Shai Hulud style attacks. The malware is designed not only to extract sensitive

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens Read More »

Snail Mail Campaign Targets Trezor and Ledger Users in Cryptocurrency Theft Attacks

Cybercriminals have launched a new wave of cryptocurrency phishing attacks by sending physical letters to users of Trezor and Ledger hardware wallets. The fraudulent mail is designed to trick recipients into revealing their wallet recovery phrases, ultimately enabling attackers to steal digital assets. QR Code Scam Delivered by Post Unlike traditional email phishing, this campaign

Snail Mail Campaign Targets Trezor and Ledger Users in Cryptocurrency Theft Attacks Read More »