ChainCatcher message, Scam Sniffer posted on the X platform that the crypto conference malware "Meeten" has been renamed to "Meetio," reminding the community to stay vigilant, as the renamed application is just a "disguise" and still poses a security threat.

According to ChainCatcher news reported by Cointelegraph, North Korean hackers appear to have developed malware that can evade Apple's security checks. Researchers at Jamf Threat Labs, who focus on Apple, indicate that these applications seem to be experimental. This is the first time they have seen such technology used to infiltrate Apple's macOS operating system, but it does not run on the latest systems.Researchers found that Microsoft's VirusTotal online scanning service reported these applications as harmless, but they are actually malicious. Variants of these applications are written in Go and Python, utilizing Google Flutter applications. Flutter is an open-source development toolkit used for creating cross-platform applications.Out of six malicious applications, five are signed with developer accounts and have been temporarily notarized by Apple. Researchers wrote, "The domains and techniques in the malware are very similar to those used in other North Korean hacker malware, with indications that the malware was once signed and even temporarily passed Apple's notarization process."

ChainCatcher message, according to Scam Sniffer monitoring, the malware "EdtiProAI" is attempting to exploit X ads to target potential victims. If users mistakenly install this software, their wallet private keys will be at risk.

ChainCatcher news, according to Cointelegraph, based on a report from SentinelLabs, North Korean hackers known as BlueNoroff are using new malware to attack cryptocurrency companies. The malware operation, codenamed "Hidden Risk," spreads through multiple stages via PDF files, using fake news headlines and cryptocurrency market research to lure users into downloading it.The malware package contains multiple features designed to provide hackers with a backdoor for remote access to victims' computers, stealing sensitive information, including private keys for digital asset wallets and platforms. According to cybersecurity company Recorded Future, North Korean hacker groups have stolen approximately $3 billion since 2017.

ChainCatcher news, ZachXBT posted on his personal channel that the TapiocaDAO hack may have been caused by a team member downloading malware. This theft is also linked to other recent hacks, including Nexera, Concentric, Masa, SpaceCatch, Reach, Serenity Shield, and MurAll, triggered by a fake job scam.It is reported that approximately $4 million worth of stolen funds has been transferred from Arbitrum to BSC.

ChainCatcher news, researchers from the cybersecurity company Checkmarx have issued a warning about a dangerous malware uploaded to the Python Package Index (PyPI) that steals private keys. According to the company, this malware was automatically uploaded by suspicious users through several different packages, designed to mimic decoding applications of popular wallets and other mainstream industry products like MetaMask, Atomic, TronLink, and Ronin.The malware is cleverly embedded in various parts of the packages. Since this malware appears to be harmless code, it is essentially undetectable. However, upon closer inspection, once an unsuspecting user calls specific functions embedded in the package, certain parts of the data will allow hackers to control cryptocurrency wallets and transfer funds.

ChainCatcher news, the cybersecurity company Doctor Web recently reported that it has detected malware disguised as legitimate software, such as office programs, game cheat programs, and online trading bots. This cryptocurrency hijacking and stealing software has infected over 28,000 users, primarily in Russia, but also including Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.According to Doctor Web, the hackers have only obtained cryptocurrency worth about $6,000. However, it is unclear how much the creators of the malware have earned from cryptocurrency mining. The cybersecurity company stated that the sources of the malware include fraudulent GitHub pages and YouTube video descriptions with malicious links.Once a device is infected, the secretly deployed software hijacks computing resources to mine cryptocurrency. The "Clipper" also monitors cryptocurrency wallet addresses copied to the device's clipboard, then the malware replaces it with an address controlled by the attacker - this is how they steal small amounts of cryptocurrency.

ChainCatcher message, Scam Sniffer posted on the X platform stating that a certain cryptocurrency malware organization has created a fake "Docusign fast," and the domain has been blocked. Users need to be cautious about security.It is reported that DocuSign plays a role similar to that of an intermediary holding relevant documents by verifying and certifying users' digital signatures online. Therefore, DocuSign is not just about providing an electronic signature; it can help users achieve automated document management, including the entire process from data collection to the completion of the transaction.

ChainCatcher message, Binance stated that a global malware issue has been discovered, which changes withdrawal addresses during transactions. Users are advised to be cautious when using installed plugins and applications, especially Android and web applications, and to remain vigilant on iOS. The Binance security team is addressing this issue and actively blacklisting suspicious addresses.

ChainCatcher news, Binance stated in a blog post that a global malware issue has been discovered, which can change withdrawal addresses during transactions. This malware is commonly referred to as "Clipper malware," which intercepts data stored in the clipboard, primarily targeting cryptocurrency wallet addresses. When users copy and paste wallet addresses to transfer cryptocurrency, the malware replaces the original address with an address specified by the attacker. If users complete the transfer without noticing the change, the cryptocurrency will be sent to the attacker's wallet, resulting in financial loss.The activity of this issue has significantly increased, especially on August 27, 2024, leading to substantial financial losses for affected users. This malware is typically spread through unofficial applications and plugins, particularly on Android and web applications, but iOS users should also remain vigilant. Many users inadvertently installed these malicious applications while searching for software in their native language or through unofficial channels, often due to restrictions in their country/region.To protect against such malware, users should verify authenticity, carefully check addresses, and use security software.

ChainCatcher message, Scam Sniffer posted on X platform stating that a malware named Fato Reader has been detected, which targets cryptocurrency users. Due to the malware, cryptocurrency theft cases are rapidly increasing, and users need to remain vigilant.

ChainCatcher news, recently, McAfee discovered a new type of Android malware named SpyAgent, which can steal users' private keys by taking screenshots and using optical character recognition (OCR) technology on text within images. This malware spreads through malicious links in text messages; when users click the link, they are directed to a page disguised as a legitimate website and prompted to download a seemingly trustworthy application. Once installed, the malware can access users' contacts, messages, and local storage permissions. Currently, SpyAgent primarily targets South Korean users and has been found in over 280 fraudulent applications. Additionally, malware attacks are on the rise in 2024. The Cthulhu Stealer, discovered in August, affected MacOS systems and stole users' cryptocurrency wallet information. In the same month, Microsoft patched a vulnerability in Google Chrome that had been used by the North Korean hacker group Citrine Sleet to disguise fake cryptocurrency exchanges and spread malware through fraudulent job applications. The Federal Bureau of Investigation (FBI) has issued a warning, alerting the public that the cryptocurrency industry is becoming a primary target for North Korean hackers.

ChainCatcher news, according to Cointelegraph, Apple Mac users have recently received warnings about a new type of malware called "Cthulhu Stealer," which can steal users' personal information and cryptocurrency wallets. Cybersecurity company Cado Security stated, "There is a common belief that macOS is immune to malware. While macOS is known for its security, related malware has been on the rise in recent years.""Cthulhu Stealer" appears in the form of an Apple disk image (DMG) and disguises itself as legitimate software such as CleanMyMac and Adobe GenP. When users open the file, the macOS command line tools used to run AppleScript and JavaScript prompt users to enter their passwords, including a prompt for the password to the Ethereum wallet MetaMask. "Cthulhu Stealer" can also target other cryptocurrency wallet software, including wallets from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.

ChainCatcher news, according to Cointelegraph, cybersecurity solution provider Check Point Research has discovered a new malware called Styx Stealer. This malware can steal a large amount of data through a mechanism known as "cutting," including cryptocurrency.The malware can be rented for free on the developer's website, and because it relies on a vulnerability in Microsoft Windows Defender that was patched last year, Windows users with the latest operating systems will not be affected by this malware.Check Point Research identified eight wallets that are believed to belong to the Turkish Styx Stealer developer, who received approximately $9,500 in cryptocurrency as payment during the first two months of the malware's operation. Styx Stealer was launched in April, charging $75 per month and $350 for a lifetime subscription.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds stated on X that Mac users should be wary of a new malware named Cuckoo. This malware targets Intel and ARM-based Macs. It steals data from cryptocurrency wallets and messaging applications, spreading through music streaming channels.

ChainCatcher news, Slow Mist's Chief Information Security Officer (CISO) 23pds stated that the Lazarus organization is currently targeting the cryptocurrency industry through LinkedIn, stealing employee credentials or assets via malware.First, they contact target company managers or HR personnel through LinkedIn, pretending to be job seekers for React/blockchain developers. Then, the attackers claim to be experienced candidates and invite them to access their repository, running relevant code to assess their skill level, while in fact, the repository contains malicious code snippets.

ChainCatcher message, Kaspersky Labs has discovered new malware entering macOS users' computers through pirated applications, stealing users' cryptocurrency wallets. This malware targets macOS versions 13.6 and above, allowing hackers to access the user's computer security password when the user inputs their computer security password into the activator box; when the user attempts to open the cryptocurrency wallet compromised by the malware, hackers can access the private keys of the cryptocurrency wallet.Kaspersky Labs reminds cryptocurrency users that they can avoid the ongoing malware activities by using trusted websites, keeping their computer operating systems updated, and employing security solutions.

ChainiCatcher news, according to Cointelegraph, a new type of malware called "KandyKorn" related to the North Korean hacker group Lazarus has been discovered on Apple's macOS system, targeting the crypto community and engineers.According to analysis by Elastic Security Labs, "KandyKorn" is an invisible backdoor capable of data retrieval, directory listing, file upload/download, secure deletion, process termination, and command execution.Initially, the attackers impersonated community members through Discord channels to spread a Python-based module. Social engineering attacks lured community members into downloading a malicious ZIP archive named "Cross-platform Bridges.zip," which mimicked an arbitrage bot designed for automatic profit. However, the file imported 13 malicious modules that worked together to steal and manipulate information.

ChainCatcher message, ESET security researchers discovered an undocumented backdoor named LightlessCan while analyzing an attack against a Spanish aerospace company. LightlessCan is new malware from the North Korean hacking group Lazarus Group that can now bypass detection, and it has been using a new type of "sophisticated" malware as part of its fake job scheme.