Hackers Use Fake Job Ads to Steal Cryptocurrency from the Industry

Once the Enigma loader is executed, it begins the process of registering and downloading the second-stage payload. This malware is constantly being developed, so the attacker can use the logging server to improve its performance. The downloader, written in C++, is called Exe and its main purpose is to download, deobfuscate, decompress, and launch the secondary payload. To avoid detection, the malware uses API hashing, string encryption, and irrelevant code. To decrypt strings and resolve Windows API hashes, the malware uses the Mw resolveAPI function. This function takes two arguments, the library name index number and the export function name hashed value. The malware also has its own version of GetProcAddress to retrieve the address of functions like LoadLibrary. To track the infection, the malware creates a mutual exclusion object and retrieves the MachineGuid from the registry. It then sends a request to the attacker-controlled Telegram channel to download the next stage binary file. After the file is downloaded, deobfuscated, and decompressed, the malware attempts to elevate its privileges by executing the mw UAC bypass function. If successful, it will exploit CVE-2015-2291 to load the malicious driver and download and execute the third-stage payload. The malware also creates scheduled tasks to establish persistence on the system and accepts commands from the Telegram channel. Finally, the malware downloads and executes the Enigma Stealer, a modified version of an open-source information stealer project. This case shows how modular malware can use highly obfuscated and evasive techniques, as well as continuous integration and delivery principles, to continuously develop malware.

This Cyber News was published on www.trendmicro.com. Publication date: Thu, 09 Feb 2023 11:54:02 +0000


Cyber News related to Hackers Use Fake Job Ads to Steal Cryptocurrency from the Industry

North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
1 year ago Therecord.media
How Businesses Can Manage Cryptocurrency Fraud - With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. Businesses across the US are seeking innovative payment methods, with an estimated 75% of retailers looking to embrace cryptocurrency payment ...
7 months ago Cyberdefensemagazine.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
8 months ago Bleepingcomputer.com
How to Protect Yourself from Job Scams: Essential Tips - The internet is a powerful tool in our career search, but it also provides cyber criminals with information and tactics they can use to exploit and deceive people looking for work. Job scams are sadly prevalent on the web, and if you’re job ...
1 year ago Tripwire.com
North Korean Hackers Amass $3bn in Cryptocurrency Heists - North Korean hackers have reportedly stolen a total of $3bn in cryptocurrency since 2017, as revealed in a recent report by Recorded Future's Insikt Group. The revelation underscores the prolonged engagement of the regime in the cryptocurrency ...
10 months ago Infosecurity-magazine.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
10 months ago Bleepingcomputer.com
New Research Delves Into the World of Malicious Cryptocurrency Mining - As cryptocurrency prices have soared in recent years, malicious cryptocurrency miners have increasingly targeted vulnerable computer systems with malicious crypto-mining software in search of profits. In a new research paper, security researchers at ...
1 year ago Thehackernews.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
8 months ago Bleepingcomputer.com
Crypto drainer steals $59 million from 63k people in Twitter ad push - Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they ...
9 months ago Bleepingcomputer.com
Cybercrime Groups Offering Six-Figure Salaries for IT Talents - Increasingly, organized crime organizations are operating as businesses rather than criminal organizations, advertising jobs on the dark web with a number of advantages for members. A recent Kaspersky study found that 61% of job ads posted by hacking ...
1 year ago Cybersecuritynews.com
Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
8 months ago Bleepingcomputer.com
Chainalysis observes decrease in cryptocurrency crime in 2023 - While the ransomware market is rising and cybercriminals continue to rack up bitcoin payments, illicit cryptocurrency activity is declining, according to new research from Chainalysis. Funds sent to illicit cryptocurrency addresses dropped from $39.6 ...
8 months ago Techtarget.com
How One Industry Exemplifies the Importance Of Cybersecurity In Critical Infrastructure Assurance - Based on the author's more than 25 years of experience of management in the aluminum industry, this article sets out replicable ways of dealing with and harmonizing competing priorities. Currently within the purview of the Department of Homeland ...
5 months ago Cyberdefensemagazine.com
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
10 months ago Bleepingcomputer.com
Fake browser updates spread updated WarmCookie malware - The latest campaign was discovered by researchers at Gen Threat Labs, who observed the WarmCookie backdoor being distributed as fake Google Chrome, Mozilla Firefox, Microsoft Edge, and Java updates. FakeUpdate is a cyberattack strategy used by a ...
3 days ago Bleepingcomputer.com
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data - A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital ...
4 days ago Thehackernews.com
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns - On January 3, 2024, Mandiant's X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. The following blog post provides additional insight into the drainer leveraged in this campaign, ...
8 months ago Mandiant.com
North Korean Hackers Have Stolen Over $3 Billion in Cryptocurrency: Report - North Korean threat actors are believed to have stolen more than $3 billion in cryptocurrency to date, according to a report from threat intelligence firm Recorded Future. Collectively tracked as the Lazarus Group, the North Korean hackers specialize ...
10 months ago Securityweek.com
Fake KeePass site uses Google Ads and Punycode to push malware - A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware. Google has been battling with ongoing malvertising campaigns that allow ...
10 months ago Bleepingcomputer.com
'ResumeLooters' Attackers Steal Millions of Career Records - Attackers used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites with legitimate penetration-testing tools, stealing databases containing more than 2 million emails and other personal records of job ...
7 months ago Darkreading.com
Fake Recruiters Defraud Facebook Users via Remote Work Offers - A fresh wave of job scams is spreading on Meta's Facebook platform that aims to lure users with offers for remote-home positions and ultimately defraud them by stealing their personal data and banking credentials. The attackers dangle offers of ...
8 months ago Darkreading.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
10 months ago Securityboulevard.com
Fake and Stolen X Gold Accounts Flood Dark Web - A surge of fake or stolen X Gold accounts has been flooding marketplaces and forums both on the surface web and the dark web over the past year, according to CloudSEK. Threat actors have used multiple techniques to forge or steal X Gold accounts ...
9 months ago Infosecurity-magazine.com
Fraudsters make $50,000 a day by spoofing crypto researchers - Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X. To lure potential victims, the scammer uses a breach on major ...
10 months ago Bleepingcomputer.com
Meta says it will begin labeling political ads that use AI-generated imagery - WASHINGTON - Facebook and Instagram will require political ads running on their platforms to disclose if they were created using artificial intelligence, their parent company announced on Wednesday. Under the new policy by Meta, labels acknowledging ...
10 months ago Apnews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)