#cryptocurrency — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cryptocurrency, aggregated by home.social.
-
FBI Seizes Over $8 Billion In Cryptocurrency https://www.byteseu.com/2061189/ #Crypto #CryptoCurrency #FBI #police #scams
-
#Ethereum (#ETHUSD) sank 4% to $1,992.21 as fear underscored trading activities in the #cryptocurrency market on Thursday following renewed attacks between the US and Iran.
https://dmarketforces.com/ethusd-ethereum-sinks-below-2k-as-fear-index-spikes/ -
FCC KYC proposals for prepaid phones would require ID, addresses, and existing numbers to curb robocalls, reducing anonymous access. 📱
Draft FCC rules also flag crypto payments and virtual offices, while telecoms face $2,500-per-call penalties for illegal traffic. 🔒#TechNews #FCC #Robocalls #Privacy #Phones #KYC #Telecom #Surveillance #Cryptocurrency #FOSS #Security #Transparency #Freedom #DigitalRights #Tech #ID
-
#Tether: Offizieller #Stablecoin in Georgien 🇬🇪 vor der Einführung | heise online https://www.heise.de/news/Tether-Offizieller-Stablecoin-in-Georgien-vor-der-Einfuehrung-11305724.html #cryptocurrency #cryptocurrencies
-
https://www.europesays.com/britain/51113/ Standard Chartered Says Ether Could Recover to 2021 Levels Versus Bitcoin #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #Cryptocurrency #Ethereum #solana #StandardChartered
-
A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.
Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault
-
A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.
Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault
-
A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.
Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault
-
A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.
Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault
-
A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.
Pulse ID: 6a181e409d755171f4ac356c
Pulse Link: https://otx.alienvault.com/pulse/6a181e409d755171f4ac356c
Pulse Author: AlienVault
Created: 2026-05-28 10:51:44Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault
-
A miner with a side of RAT: the unintended gift with your TV show or book
A cybercrime campaign active since at least 2022 has been distributing cryptocurrency miners and RAT malware through illegal streaming sites and digital libraries. Victims are tricked via fake video player plugin updates or browser crash pages into downloading ZIP archives containing legitimate executables and malicious DLLs. The malware employs DLL side-loading, establishes persistence through Windows services, and deploys multiple components including XMRig-based CPU miners, GPU miners, a watchdog module, and a RAT agent with remote control capabilities. The campaign leverages highly popular pirated content sites with monthly traffic reaching up to 40 million visits, significantly expanding the potential victim pool. The malware includes sophisticated anti-detection features, DNS tunneling for command-and-control, and domain generation algorithms based on dates.
Pulse ID: 6a181f75cd4fa08fe38dfc48
Pulse Link: https://otx.alienvault.com/pulse/6a181f75cd4fa08fe38dfc48
Pulse Author: AlienVault
Created: 2026-05-28 10:56:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #CyberCrime #CyberSecurity #DNS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #WatchDog #Windows #ZIP #bot #cryptocurrency #AlienVault
-
https://www.europesays.com/britain/50973/ Standard Chartered Likens Ethereum to Amazon After Dot-Com Bust, Keeps $4,000 Year-End Target #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #Cryptocurrency #Ethereum #solana #StandardChartered
-
The Next Phase of Crypto Exchange Innovation Is Already Beginning
Bitdeal develops next-generation Cryptocurrency Exchange solutions with scalable infrastructure, intelligent automation, liquidity integration, and enterprise-grade blockchain technology designed for tomorrow’s crypto economy.
Visit - https://www.bitdeal.net/cryptocurrency-exchange-development
#CryptoExchange #Cryptocurrency #Blockchain #Web3 #DeFi #CryptoTrading #DigitalAssets #AITrading #BlockchainTechnology #Fintech #CryptoInnovation
-
Check out today's BlockMap blog article "NFTs Explained: A Beginner’s Guide to Non-Fungible Tokens":
https://blockmap.one/blog/nfts-explained-a-beginners-guide-to-non-fungible-tokens/
#NFTs #Blockchain #Cryptocurrency #Web3 #DigitalCollectibles
-
🕵️ #Crypto Coin Fan Community Update
$CIA Price: $ 0.00001810 USD
1 Hour Change:
6 Hour Change: -1
24 Hour Change: -6$CIA Market Cap: $ 18,092 USD
Liquidity: $ 13,662 USD2tkoGDwxfhGhHQrFFMJeVKwif75yGwgoyE9WM7UDpump
#Solana #blockchain #cryptocurrency
⚠️ Disclaimer: This coin was named after @JohnKiriakou by fans and is not administered or controlled by him. All investments carry risk. This is not financial or investment advice.
-
BIS to Start Real-Value Trials for Blockchain Cross-Border Payments Project With BOK, Fed, ECB
The Bank for International Settlements (BIS) said it will begin real-value transaction trials for the blockchain-based cross-border payments…
#Europe #EU #EuropeanCentralBank #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #cryptocurrency #ethereum #solana
https://www.europesays.com/europe/54300/ -
Italy’s Financial Giant Banca Sella Bags Approval to Launch Crypto Services
Key Insights: Approval under MiCA from the Bank of Italy allows Banca Sella crypto services to offer c…
#Economy #altcoin #centralbank #CentralBanks #CentralBanksoftheEuropeanSystem #crypto #cryptomarket #cryptonews #cryptocurrency #DeutscheBundesbank #ECB #ESCB #Europe #European #EuropeanCentralBank #EuropeanCentralBanks #italy #News #THEBANKOFENGLAND #TheBankofFrance #TheBankofItaly
https://www.europesays.com/3021973/ -
https://www.europesays.com/iran/133964/ Iran Says Enriched Uranium, Strait of Hormuz Are Red Lines in Talks as Trump Ramps Up Pressure #Bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #Cryptocurrency #ethereum #Hormuz #solana #StraitOfHormuz
-
Live: ASX is set top open lower as price of oil drops
By Adelaide MillerThe Aussie share market is set to open lower as the price of oil drops. Follow the day's events and insights from our business reporters on the ABC News live markets blog.
#StockMarket #FinancialMarkets #Currency #CompanyNews #BusinessEconomicsandFinance #EconomicTrendsandIndicators #Cryptocurrency #AdelaideMiller
-
Musk Said to Be Weighing Potential Tesla-SpaceX Merger
Elon Musk is said to be considering a possible merger between Tesla and SpaceX. If the two companies…
#UnitedStates #US #USA #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #Coinstats #cryptocurrency #ElonMusk #ethereum #Musk #Solana
https://www.europesays.com/3021301/ -
Banca Sella Gets Italy’s First MiCA Approval for Crypto Services
Banca Sella said it received approval for a Crypto-Asset Service Provider (CASP) license from Italy’s central bank under…
#Italy #Europe #Europa #EU #bitcoin #bitcoincommunity #blockchain #bloomingbit #coincommunity #coininfo #coininvest #coinnews #coinreview #coinstats #cryptocurrency #ethereum #solana
https://www.europesays.com/italy/20083/ -
https://www.bytesde.com/1919450/ Mindestens 600 bis 750 Währungen sind im Laufe der modernen Geschichte vollständig ausgestorben #Crypto #CryptoCurrency #Currency #Krypto #Kryptogeld #Kryptowährung #Kryptowährungen #Währung
-
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.
Pulse ID: 6a1634fbefeffa7f0c6a52f5
Pulse Link: https://otx.alienvault.com/pulse/6a1634fbefeffa7f0c6a52f5
Pulse Author: AlienVault
Created: 2026-05-27 00:04:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault
-
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.
Pulse ID: 6a1634fbefeffa7f0c6a52f5
Pulse Link: https://otx.alienvault.com/pulse/6a1634fbefeffa7f0c6a52f5
Pulse Author: AlienVault
Created: 2026-05-27 00:04:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault
-
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.
Pulse ID: 6a1634fbefeffa7f0c6a52f5
Pulse Link: https://otx.alienvault.com/pulse/6a1634fbefeffa7f0c6a52f5
Pulse Author: AlienVault
Created: 2026-05-27 00:04:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault
-
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.
Pulse ID: 6a1634fbefeffa7f0c6a52f5
Pulse Link: https://otx.alienvault.com/pulse/6a1634fbefeffa7f0c6a52f5
Pulse Author: AlienVault
Created: 2026-05-27 00:04:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault
-
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft Defender Experts identified an active cryptojacking campaign leveraging AI-assisted delivery mechanisms alongside traditional SEO poisoning. Attackers create fake download sites impersonating trusted utilities like CrystalDiskInfo, HWMonitor, and FurMark, targeting users with high-performance GPUs. Victims download ZIP archives containing legitimate executables bundled with malicious DLLs that establish persistence via ScreenConnect remote access tools. The operation employs sophisticated techniques including DLL sideloading, process hollowing into Microsoft-signed .NET binaries, and comprehensive defense evasion. Beyond cryptocurrency mining, the campaign establishes persistent remote access that could enable data theft, lateral movement, or ransomware deployment. The threat actors deliberately target PC enthusiasts and hardware-focused users most likely to own discrete GPUs suitable for profitable mining operations.
Pulse ID: 6a1634fbefeffa7f0c6a52f5
Pulse Link: https://otx.alienvault.com/pulse/6a1634fbefeffa7f0c6a52f5
Pulse Author: AlienVault
Created: 2026-05-27 00:04:11Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CryptoJacking #CyberSecurity #DataTheft #InfoSec #Microsoft #MicrosoftDefender #NET #OTX #OpenThreatExchange #RAT #RansomWare #Rust #SEOPoisoning #SMS #ScreenConnect #SideLoading #ZIP #bot #cryptocurrency #AlienVault
-
The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournament
Researchers uncovered a massive fraud ecosystem targeting the 2026 FIFA World Cup, identifying over 4,300 fraudulent domains impersonating FIFA's official website since August 2025. At the center operates GHOST STADIUM, a Chinese-speaking threat actor running a sophisticated phishing campaign across 300+ domains using a pixel-perfect clone of FIFA's authentication system. The operation harvests credentials, sells fake tickets, and processes payments through five distinct channels including cryptocurrency. Estimated losses from premium ticket fraud alone range from $71 million to $474 million, with total campaign losses potentially reaching billions. Six distinct fraud schemes operate in parallel: credential phishing, fake ticket sales, counterfeit merchandise, fake streaming platforms, fraudulent betting sites, and infostealer-driven credential theft. Over 2,513 FIFA account credentials are already circulating on dark-web markets. The campaign exploits Facebook advertising as its primary distribution chann...
Pulse ID: 6a16d67df4a69d07c59516be
Pulse Link: https://otx.alienvault.com/pulse/6a16d67df4a69d07c59516be
Pulse Author: AlienVault
Created: 2026-05-27 11:33:17Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Chinese #CyberSecurity #Facebook #InfoSec #InfoStealer #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocurrency #AlienVault
-
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.
Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault
-
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.
Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault
-
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.
Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault
-
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.
Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault
-
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
A sophisticated phishing campaign distributes a PureLogs variant through deceptive purchase order emails containing malicious JavaScript files. The attack chain employs obfuscated JavaScript that drops PowerShell scripts, which then use process hollowing techniques to inject .NET modules into legitimate Windows processes. The malware communicates with command-and-control infrastructure to download additional plugins. PureLogs collects extensive sensitive information including credentials from web browsers, cryptocurrency wallets, email clients, Discord, and various applications. It also captures screenshots, system information, and clipboard data. The collected data is compressed, encrypted with AES, and exfiltrated to remote servers. The campaign demonstrates advanced evasion techniques through fileless execution, multiple encryption layers, and abuse of trusted processes like MsBuild.exe, making detection challenging for traditional security solutions.
Pulse ID: 6a15ba258c1acc516e08c0fd
Pulse Link: https://otx.alienvault.com/pulse/6a15ba258c1acc516e08c0fd
Pulse Author: AlienVault
Created: 2026-05-26 15:20:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Clipboard #CyberSecurity #Discord #Email #Encryption #InfoSec #Java #JavaScript #MSBuild #Malware #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Rust #Windows #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Threat actors exploited the EtherHiding technique to store ClearFake payload routing instructions within smart contracts on the BNB Smart Chain testnet, creating an immutable command-and-control infrastructure that cannot be taken down. The attack began with injected JavaScript on a compromised Swiss website that queried blockchain contracts to deliver malicious payloads. Victims passing anti-analysis checks were fingerprinted by operating system and routed to platform-specific ClickFix social engineering overlays. The campaign simultaneously deployed SectopRAT, a .NET-based remote access trojan capable of browser session hijacking, and ACRStealer, a C++ infostealer targeting credentials and cryptocurrency wallets. An on-chain execution tracker confirmed each compromise in real time. Four smart contracts shared a single deployer wallet, with the oldest deployed nearly a year before analysis, indicating a long-running, actively maintained operation.
Pulse ID: 6a15ba2632bd7e246e9c1250
Pulse Link: https://otx.alienvault.com/pulse/6a15ba2632bd7e246e9c1250
Pulse Author: AlienVault
Created: 2026-05-26 15:20:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #Browser #CandC #ClearFake #CyberSecurity #EtherHiding #InfoSec #InfoStealer #Java #JavaScript #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SocialEngineering #Trojan #bot #cryptocurrency #AlienVault
-
Crypto Exchanges Offering SpaceX Exposure Are Reshaping Digital Finance
Crypto exchanges are evolving beyond traditional trading by introducing tokenised and synthetic investment opportunities linked to major companies like SpaceX.
Bitdeal develops advanced Cryptocurrency Exchange solutions with tokenised asset support, AI-powered trading, scalable infrastructure, and secure blockchain
Visit - https://www.bitdeal.net/cryptocurrency-exchange-development
-
Check out today's BlockMap blog article explaining the basics of Smart Contracts:
-
Samsung Electronics Co. and its labor union have formally signed a 2026 wage agreement. The deal, reached a day before a planned general strike, ...#bloomingbit #coincommunity #bitcoincommunity #coinreview #coinnews #coinstats #coininvest #coininfo #bitcoin #ethereum #solana #cryptocurrency #blockchain
Samsung Electronics, Union Sign 2026 Wage Agreement After Members Approve Deal -
Samsung Electronics Co. and its labor union have formally signed a 2026 wage agreement. The deal, reached a day before a planned general strike, ...#bloomingbit #coincommunity #bitcoincommunity #coinreview #coinnews #coinstats #coininvest #coininfo #bitcoin #ethereum #solana #cryptocurrency #blockchain
Samsung Electronics, Union Sign 2026 Wage Agreement After Members Approve Deal -
Samsung Electronics Co. and its labor union have formally signed a 2026 wage agreement. The deal, reached a day before a planned general strike, ...#bloomingbit #coincommunity #bitcoincommunity #coinreview #coinnews #coinstats #coininvest #coininfo #bitcoin #ethereum #solana #cryptocurrency #blockchain
Samsung Electronics, Union Sign 2026 Wage Agreement After Members Approve Deal -
🕵️ #Crypto Coin Fan Community Update
$CIA Price: $ 0.00001882 USD
1 Hour Change:
6 Hour Change: 2
24 Hour Change: -2$CIA Market Cap: $ 18,808 USD
Liquidity: $ 14,055 USD2tkoGDwxfhGhHQrFFMJeVKwif75yGwgoyE9WM7UDpump
#Solana #blockchain #cryptocurrency
⚠️ Disclaimer: This coin was named after @JohnKiriakou by fans and is not administered or controlled by him. All investments carry risk. This is not financial or investment advice.
-
🕵️ #Crypto Coin Fan Community Update
$CIA Price: $ 0.00001882 USD
1 Hour Change:
6 Hour Change: 2
24 Hour Change: -2$CIA Market Cap: $ 18,808 USD
Liquidity: $ 14,055 USD2tkoGDwxfhGhHQrFFMJeVKwif75yGwgoyE9WM7UDpump
#Solana #blockchain #cryptocurrency
⚠️ Disclaimer: This coin was named after @JohnKiriakou by fans and is not administered or controlled by him. All investments carry risk. This is not financial or investment advice.
-
File this under #democrats (& #GOP) in the pocket of #crypto #cryptocurrency industry via industry #superPACs
Prominently #JasmineCrockett #RubenGallego — other lesser known Dems as well.
-
https://www.europesays.com/britain/49248/ Britain Imposes New Sanctions on Russian Crypto Infrastructure #Britain #Cryptocurrency #Sanctions #UnitedKingdom
-
https://www.bytesde.com/1918363/ MicroStrategy gibt 60 % der Barreserven aus, um Wandelschuldverschreibungen in Höhe von 1,5 Milliarden US-Dollar zurückzuzahlen. Jetzt sind nur noch 0,87 Milliarden US-Dollar Bargeld übrig (was nur 6,1 Monate STRC-Dividenden abdeckt) für die verbleibenden 6,7 Milliarden US-Dollar Schulden. #Crypto #CryptoCurrency #Currency #Krypto #Kryptogeld #Kryptowährung #Kryptowährungen #Währung
-
https://www.bytesde.com/1918161/ Sohn eines bekannten nordkoreanischen Überläufers wegen Kryptobetrugs in Höhe von 1,1 Millionen US-Dollar angeklagt #Crypto #CryptoCurrency #Currency #Krypto #Kryptogeld #Kryptowährung #Kryptowährungen #Währung
-
Expanded Support for #Cryptocurrency Payments (Over 100 Currencies Accepted) 📰 Expanded Support for #Cryptocurrency — Over 100 Digital Currencies Now Accepted at Rad Web Hosting 💱 A Major Step Forward in Payment Flexibility Rad Web Hosting is proud to ... Continued 👉 #paymentsaccepted
Expanded Support for Cryptocur...