Trust Wallet confirmed a supply chain attack let hackers push a malicious Chrome extension update, draining $8.5 million from 2,520 wallets.
Category: cybercrime/malcode
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox.
The activity is assessed to be the work of a Chinese threat actor that Koi Security is tracking under the moniker DarkSpectre. In all, the campaigns have collectively affected over 8.8 million users spanning a period of more than seven years.
ShadyPanda was first unmasked by the cybersecurity company earlier this month as targeting all three browser users to facilitate data theft, search query hijacking, and affiliate fraud. It has been found to affect 5.6 million users, including 1.3 newly identified victims stemming from over 100 extensions flagged as connected to the same cluster.
New ErrTraffic service enables ClickFix attacks via fake browser glitches
A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating ‘fake glitches’ on compromised websites to lure users into downloading payloads or following malicious instructions.
The platform promises conversion rates as high as 60% and can determine the target system to deliver compatible payloads.
ClickFix is a social engineering technique where targets are tricked into executing dangerous commands on their systems under believable pretenses, such as fixing technical problems or validating their identity.
US cybersecurity experts plead guilty to BlackCat ransomware attacks
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.
33-year-old Ryan Clifford Goldberg of Watkinsville, Georgia (in federal custody since September 2023), and 28-year-old Kevin Tyler Martin of Roanoke, Texas, who were charged in November, have now pleaded guilty to conspiracy to obstruct commerce by extortion and are set to be sentenced on March 12, 2026, facing up to 20 years in prison each.
Together with a third accomplice, the two BlackCat ransomware affiliates breached the networks of multiple victims across the United States between May 2023 and November 2023, paying a 20% share of ransoms in exchange for access to BlackCat’s ransomware and extortion platform.
How do I make clear ice at home? A food scientist shares easy tips
When you splurge on a cocktail in a bar, the drink often comes with a slab of aesthetically pleasing, perfectly clear ice. The stuff looks much fancier than the slightly cloudy ice you get from your home freezer. How do they do this?
Clear ice is actually made from regular water—what’s different is the freezing process.
With a little help from science, you can make clear ice at home, and it’s not even that tricky. However, there are quite a few hacks on the internet that won’t work. Let’s dive into the physics and chemistry involved.
Hacker arrested for KMSAuto malware campaign with 2.8 million downloads
A Lithuanian national has been arrested for his alleged involvement in infecting 2.8 million systems with clipboard-stealing malware disguised as the KMSAuto tool for illegally activating Windows and Office software.
The 29-year-old man was extradited from Georgia to South Korea following a related request under Interpol’s coordination.
According to the Korean National Police Agency, the suspect used KMSAuto to lure victims into downloading a malicious executable that scanned the clipboard for cryptocurrency addresses and replaced them with ones controlled by the attacker — known as ‘clipper malware’
Romanian energy provider hit by Gentlemen ransomware attack
A ransomware attack hit Oltenia Energy Complex (Complexul Energetic Oltenia), Romania’s largest coal-based energy producer, on the second day of Christmas, taking down its IT infrastructure.
The 40-year-old Romanian energy provider employs over 19,000 people, operates four power plants with an installed production capacity of 3,900 MWh, and provides about 30% of Romania’s electricity.
“As a result of the attack, some documents and files were encrypted, and several computer applications became temporarily unavailable, including ERP systems, document management applications, the company’s email service, and website,” it said over the weekend.