The North Korea-linked hacker group Sapphire Sleet is believed to have stolen over $10 million in cryptocurrency through social engineering attacks over six months. Microsoft found that multiple North Korean groups were using fake LinkedIn profiles, posing as recruiters or job seekers to scam people and fund the regime.

Active since at least 2020, Sapphire Sleet shares ties with other hacking groups like APT38 and BlueNoroff. In November 2023, Microsoft revealed the group set up fake...

Cybercriminals are using a new method called Ghost Tap to steal money from victims' accounts on a large scale. This technique relies on near-field communication (NFC) technology and allows thieves to steal funds from stolen credit cards linked to mobile payment services like Google Pay and Apple Pay.

ThreatFabric, a Dutch security company, explained to The Hacker News that criminals can use Google Pay or Apple Pay to transmit payment information anywhere in the world within seconds....

A new phishing tool called GoIssue is being used to target GitHub users with fake emails designed to steal login details. The tool, created by a hacker known as cyberdluffy, collects email addresses from public GitHub profiles and sends mass emails that look legitimate, tricking users into sharing their personal information or giving access to their code. Priced as low as $150, GoIssue allows attackers to reach many people at once, increasing the chances of success.

In some cases,...

A new strain of Android banking malware called ToxicPanda has infected over 1,500 Android devices, enabling cybercriminals to carry out fraudulent banking transactions.

According to researchers Michele Roviello, Alessandro Strino, and Federico Valentini from Cleafy, the main goal of ToxicPanda is to steal money by taking over bank accounts on compromised devices. This is done using a method known as on-device fraud (ODF), where the malware bypasses...

Recent reports indicate that North Korean hackers known as Jumpy Pisces have teamed up with the Play ransomware group between May and September 2024. This is notable as it marks the first collaboration between a state-sponsored group from North Korea and a ransomware network.

Jumpy Pisces, associated with North Korea’s Reconnaissance General Bureau, has previously used other ransomware strains. In August, three U.S. organizations were targeted by the group, but no ransomware was...

Hackers are trying to misuse the open-source EDRSilencer tool to interfere with endpoint detection and response (EDR) systems and hide their malicious activities.

Trend Micro has reported that these hackers are attempting to use EDRSilencer in their attacks to avoid being detected.

EDRSilencer, which is based on the NightHawk FireBlock tool from MDSec, is meant to block outgoing traffic from EDR processes using the Windows Filtering Platform (WFP).

It can stop various...

Google is launching a new pilot program in India to automatically block the sideloading of potentially harmful Android apps from third-party sources, following similar tests in Singapore, Thailand, and Brazil. The feature aims to protect users from apps that request sensitive permissions often exploited for financial fraud, such as accessing SMS messages or using accessibility services for malicious activities.

The initiative will start next month and will be gradually rolled out...

A large fraud scheme has been uncovered, involving fake trading apps on the Apple App Store and Google Play Store, along with phishing websites. This was reported by Group-IB.

This scam is part of a consumer investment fraud scheme known as "pig butchering." In this scheme, scammers trick people into investing in cryptocurrency or other financial products after gaining their trust, often pretending to be romantic partners or investment advisors.

These deceptive tactics usually...

Cybersecurity experts are warning about North Korean hackers trying to target potential victims on LinkedIn with malware called RustDoor.

According to Jamf Threat Labs, they discovered an attack where a user was approached on LinkedIn by someone pretending to be a recruiter for a legitimate decentralized cryptocurrency exchange called STON.fi.

This attack is part of a broader strategy by North Korean cybercriminals aiming to breach networks by pretending to conduct job...

Two men have been indicted in the U.S. for allegedly running WWH Club, a dark web marketplace specializing in sensitive personal and financial information. Alex Khodyrev, 35, from Kazakhstan, and Pavel Kublitskii, 37, from Russia, face charges of conspiracy to commit access device fraud and wire fraud.

From 2014 to 2024, Khodyrev and Kublitskii are accused of managing WWH Club and its associated sites, including wwh-club[.]ws, wwh-club[.]net, and skynetzone[.]org. These sites served...