home.social

#cryptocurrency — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cryptocurrency, aggregated by home.social.

  1. #Ethereum (#ETHUSD) sank 4% to $1,992.21 as fear underscored trading activities in the #cryptocurrency market on Thursday following renewed attacks between the US and Iran.
    dmarketforces.com/ethusd-ether

  2. FCC KYC proposals for prepaid phones would require ID, addresses, and existing numbers to curb robocalls, reducing anonymous access. 📱
    Draft FCC rules also flag crypto payments and virtual offices, while telecoms face $2,500-per-call penalties for illegal traffic. 🔒

    🔗 gizmodo.com/fcc-attempts-to-so

    #TechNews #FCC #Robocalls #Privacy #Phones #KYC #Telecom #Surveillance #Cryptocurrency #FOSS #Security #Transparency #Freedom #DigitalRights #Tech #ID

  3. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  4. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  5. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  6. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  7. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  8. A miner with a side of RAT: the unintended gift with your TV show or book

    A cybercrime campaign active since at least 2022 has been distributing cryptocurrency miners and RAT malware through illegal streaming sites and digital libraries. Victims are tricked via fake video player plugin updates or browser crash pages into downloading ZIP archives containing legitimate executables and malicious DLLs. The malware employs DLL side-loading, establishes persistence through Windows services, and deploys multiple components including XMRig-based CPU miners, GPU miners, a watchdog module, and a RAT agent with remote control capabilities. The campaign leverages highly popular pirated content sites with monthly traffic reaching up to 40 million visits, significantly expanding the potential victim pool. The malware includes sophisticated anti-detection features, DNS tunneling for command-and-control, and domain generation algorithms based on dates.

    Pulse ID: 6a181f75cd4fa08fe38dfc48
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:56:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #CyberCrime #CyberSecurity #DNS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #WatchDog #Windows #ZIP #bot #cryptocurrency #AlienVault

  9. The Next Phase of Crypto Exchange Innovation Is Already Beginning

    Bitdeal develops next-generation Cryptocurrency Exchange solutions with scalable infrastructure, intelligent automation, liquidity integration, and enterprise-grade blockchain technology designed for tomorrow’s crypto economy.

    Visit - bitdeal.net/cryptocurrency-exc

    #CryptoExchange #Cryptocurrency #Blockchain #Web3 #DeFi #CryptoTrading #DigitalAssets #AITrading #BlockchainTechnology #Fintech #CryptoInnovation

  10. 🕵️ #Crypto Coin Fan Community Update

    $CIA Price: $ 0.00001810 USD

    1 Hour Change:
    6 Hour Change: -1
    24 Hour Change: -6

    $CIA Market Cap: $ 18,092 USD
    Liquidity: $ 13,662 USD

    2tkoGDwxfhGhHQrFFMJeVKwif75yGwgoyE9WM7UDpump

    #Solana #blockchain #cryptocurrency

    ⚠️ Disclaimer: This coin was named after @JohnKiriakou by fans and is not administered or controlled by him. All investments carry risk. This is not financial or investment advice.

  11. BIS to Start Real-Value Trials for Blockchain Cross-Border Payments Project With BOK, Fed, ECB

    The Bank for International Settlements (BIS) said it will begin real-value transaction trials for the blockchain-based cross-border payments…
    #Europe #EU #EuropeanCentralBank #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #cryptocurrency #ethereum #solana
    europesays.com/europe/54300/

  12. Banca Sella Gets Italy’s First MiCA Approval for Crypto Services

    Banca Sella said it received approval for a Crypto-Asset Service Provider (CASP) license from Italy’s central bank under…
    #Italy #Europe #Europa #EU #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #cryptocurrency #ethereum #solana
    europesays.com/italy/20083/

  13. From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

    Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

    Pulse ID: 6a1634fbefeffa7f0c6a52f5
    Pulse Link: otx.alienvault.com/pulse/6a163
    Pulse Author: AlienVault
    Created: 2026-05-27 00:04:11

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault

  14. From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

    Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

    Pulse ID: 6a1634fbefeffa7f0c6a52f5
    Pulse Link: otx.alienvault.com/pulse/6a163
    Pulse Author: AlienVault
    Created: 2026-05-27 00:04:11

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault

  15. From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

    Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

    Pulse ID: 6a1634fbefeffa7f0c6a52f5
    Pulse Link: otx.alienvault.com/pulse/6a163
    Pulse Author: AlienVault
    Created: 2026-05-27 00:04:11

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault

  16. From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

    Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

    Pulse ID: 6a1634fbefeffa7f0c6a52f5
    Pulse Link: otx.alienvault.com/pulse/6a163
    Pulse Author: AlienVault
    Created: 2026-05-27 00:04:11

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault

  17. From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

    Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.

    Pulse ID: 6a1634fbefeffa7f0c6a52f5
    Pulse Link: otx.alienvault.com/pulse/6a163
    Pulse Author: AlienVault
    Created: 2026-05-27 00:04:11

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault

  18. The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournament

    Researchers uncovered a massive fraud ecosystem targeting the 2026 FIFA World Cup, identifying over 4,300 fraudulent domains impersonating FIFA's official website since August 2025. At the center operates GHOST STADIUM, a Chinese-speaking threat actor running a sophisticated phishing campaign across 300+ domains using a pixel-perfect clone of FIFA's authentication system. The operation harvests credentials, sells fake tickets, and processes payments through five distinct channels including cryptocurrency. Estimated losses from premium ticket fraud alone range from $71 million to $474 million, with total campaign losses potentially reaching billions. Six distinct fraud schemes operate in parallel: credential phishing, fake ticket sales, counterfeit merchandise, fake streaming platforms, fraudulent betting sites, and infostealer-driven credential theft. Over 2,513 FIFA account credentials are already circulating on dark-web markets. The campaign exploits Facebook advertising as its primary distribution chann...

    Pulse ID: 6a16d67df4a69d07c59516be
    Pulse Link: otx.alienvault.com/pulse/6a16d
    Pulse Author: AlienVault
    Created: 2026-05-27 11:33:17

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Chinese #CyberSecurity #Facebook #InfoSec #InfoStealer #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocurrency #AlienVault

  19. Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

    A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

    Pulse ID: 6a15ba258c1acc516e08c0fd
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

  20. Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

    A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

    Pulse ID: 6a15ba258c1acc516e08c0fd
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

  21. Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

    A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

    Pulse ID: 6a15ba258c1acc516e08c0fd
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

  22. Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

    A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

    Pulse ID: 6a15ba258c1acc516e08c0fd
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

  23. Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data

    A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.

    Pulse ID: 6a15ba258c1acc516e08c0fd
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault

  24. Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

    Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.

    Pulse ID: 6a15ba2632bd7e246e9c1250
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

  25. Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

    Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.

    Pulse ID: 6a15ba2632bd7e246e9c1250
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

  26. Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

    Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.

    Pulse ID: 6a15ba2632bd7e246e9c1250
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

  27. Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

    Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.

    Pulse ID: 6a15ba2632bd7e246e9c1250
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

  28. Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

    Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.

    Pulse ID: 6a15ba2632bd7e246e9c1250
    Pulse Link: otx.alienvault.com/pulse/6a15b
    Pulse Author: AlienVault
    Created: 2026-05-26 15:20:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault

  29. Crypto Exchanges Offering SpaceX Exposure Are Reshaping Digital Finance

    Crypto exchanges are evolving beyond traditional trading by introducing tokenised and synthetic investment opportunities linked to major companies like SpaceX.

    Bitdeal develops advanced Cryptocurrency Exchange solutions with tokenised asset support, AI-powered trading, scalable infrastructure, and secure blockchain

    Visit - bitdeal.net/cryptocurrency-exc

    #Crypto #Cryptocurrency #Blockchain #CryptoExchange #Web3

  30. 🕵️ #Crypto Coin Fan Community Update

    $CIA Price: $ 0.00001882 USD

    1 Hour Change:
    6 Hour Change: 2
    24 Hour Change: -2

    $CIA Market Cap: $ 18,808 USD
    Liquidity: $ 14,055 USD

    2tkoGDwxfhGhHQrFFMJeVKwif75yGwgoyE9WM7UDpump

    #Solana #blockchain #cryptocurrency

    ⚠️ Disclaimer: This coin was named after @JohnKiriakou by fans and is not administered or controlled by him. All investments carry risk. This is not financial or investment advice.

  31. 🕵️ #Crypto Coin Fan Community Update

    $CIA Price: $ 0.00001882 USD

    1 Hour Change:
    6 Hour Change: 2
    24 Hour Change: -2

    $CIA Market Cap: $ 18,808 USD
    Liquidity: $ 14,055 USD

    2tkoGDwxfhGhHQrFFMJeVKwif75yGwgoyE9WM7UDpump

    #Solana #blockchain #cryptocurrency

    ⚠️ Disclaimer: This coin was named after @JohnKiriakou by fans and is not administered or controlled by him. All investments carry risk. This is not financial or investment advice.

  32. bytesde.com/1918363/ MicroStrategy gibt 60 % der Barreserven aus, um Wandelschuldverschreibungen in Höhe von 1,5 Milliarden US-Dollar zurückzuzahlen. Jetzt sind nur noch 0,87 Milliarden US-Dollar Bargeld übrig (was nur 6,1 Monate STRC-Dividenden abdeckt) für die verbleibenden 6,7 Milliarden US-Dollar Schulden. #Crypto #CryptoCurrency #Currency #Krypto #Kryptogeld #Kryptowährung #Kryptowährungen #Währung

  33. Expanded Support for #Cryptocurrency Payments (Over 100 Currencies Accepted) 📰 Expanded Support for #Cryptocurrency — Over 100 Digital Currencies Now Accepted at Rad Web Hosting 💱 A Major Step Forward in Payment Flexibility Rad Web Hosting is proud to ... Continued 👉 #paymentsaccepted

    Expanded Support for Cryptocur...