According to recent reports, scores of crypto users were hit last week by SIM-swapping attacks in what appears to have been a coordinated wave of attacks. SIM swapping, also known as SIM jacking, is a form of account takeover (ATO) attack, where hackers use techniques like social engineering to transfer a victim's phone number to their own SIM card in order to reset passwords or obtain two-factor verification codes to access protected accounts. Victims of the recent attacks were reportedly all members of the crypto community living in the United States, with one victim admitting to losing over $100,000 of cryptocurrency.
A China-based malware campaign dubbed the "Nansh0u campaign" has been in progress since February, reportedly breaching more than 50,000 servers across the world and infecting more than 700 new victims a day with crypto-mining malware. According to reports, most of the firms affected are in the healthcare, telecom, media and IT sectors, and the malware packages were written using sophisticated Chinese language tools and placed on Chinese language servers.
According to recent reports, a new malware called BlackSquid employs at least eight of the most dangerous exploits currently available to hackers to infect servers and install Monero coin mining software on them. The majority of BlackSquid attacks so far apparently have occurred in Thailand and the United States, with the last week of May having been the most active period for the malware yet. Another recently reported crypto-mining malware campaign involves a fraudulent website impersonating the Cryptohopper trading platform. When visited, the malicious website reportedly executes an attack that installs crypto-mining malware and a "clipboard hijacker."
A popular crypto exchange unexpectedly shut down its services in April and has allegedly disappeared with customer funds. Though the exact amount involved in the alleged fraud by Coinroom, the Polish crypto exchange, is not yet known, customers with deposits ranging from around $79 to $15,660 recently reported the theft. Founded in 2016, Coinroom was one of the most widely used digital asset exchanges in Poland and offered fiat-based crypto trading to its clients.
A recent report by blockchain analytics firm Chainalysis found that upwards of 64% of ransomware attack cash-out strategies use crypto exchanges to launder funds. The report also indicated a shift in how ransomware attacks are carried out. According to the report, while the tendency before had been to conduct wide and shallow attacks, infecting myriads of random victims and demanding small amounts to decrypt the files, criminals are beginning to home in on targets with legally or politically sensitive data and demanding larger payments to ransom the data.
For more information, please refer to the following links:
- Wave of SIM swapping attacks hit US cryptocurrency users
- THE NANSH0U CAMPAIGN – HACKERS ARSENAL GROWS STRONGER
- Hackers Infect 50,000 Servers With Sophisticated Crypto Mining Malware
- BlackSquid malware uses bag of exploits to drop cryptocurrency miners
- BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
- Trend Micro: BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software
- Fake Cryptocurrency Trading Site Pushes Crypto Stealing Malware
- Coinroom Exchange Disappeared Overnight with Customers' Funds
- Chainalysis: 64% of Ransomware Attackers Launder Proceeds via Crypto Exchanges
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.