26 articles tagged with #malware. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
Microsoft has identified an active Windows clipper malware campaign targeting cryptocurrency users that spreads via USB drives, intercepts wallet addresses, and routes traffic through Tor to steal funds. The malware represents an escalating threat to crypto holders by combining traditional distribution methods with sophisticated evasion techniques.
Kaspersky discovered dozens of malicious Wallpaper Engine packages on Steam's Workshop containing Lumma and Vidar infostealers designed to harvest cryptocurrency wallet data and browser credentials. The malware, which accumulated thousands of installations, represents a sophisticated supply-chain attack exploiting a legitimate platform to target crypto users.
Researchers discovered malicious Wallpaper Engine downloads on Steam Workshop injecting infostealers, backdoors, and account-hijacking malware into gaming systems. The threat targets cryptocurrency holders who use Steam, exploiting the platform's trusted distribution channel to compromise digital assets and personal accounts.
Microsoft has identified a USB-distributed clipboard-hijacking malware targeting Bitcoin and Ethereum wallet addresses on Windows systems since February 2026. The malware intercepts and replaces cryptocurrency wallet addresses copied to the clipboard, potentially redirecting transactions to attacker-controlled addresses.
Microsoft identified a sophisticated malware strain that hijacks cryptocurrency wallets by intercepting Windows shortcut files and installing a worm capable of stealing private keys from the clipboard and redirecting transactions to attacker-controlled addresses. The malware spreads via USB drives, posing a significant threat to desktop-based crypto holders.
Microsoft has identified CryptoBandits, a sophisticated malware campaign that spreads through infected USB drives to steal cryptocurrency wallet credentials, including seed phrases and private keys. The threat highlights growing security risks in the crypto ecosystem and underscores the need for enhanced user vigilance and endpoint protection.
Humanity Protocol's token crashed 85% after hackers exploited a compromised employee laptop to steal $32 million in private keys used for interchain transfers. The security breach exposes critical vulnerabilities in how decentralized identity projects manage cryptographic materials, raising questions about operational security practices across the sector.
Humanity Protocol suffered a major security breach after malware infected a developer's machine, resulting in the theft and unauthorized minting of approximately 447 million H tokens across Ethereum and BNB Smart Chain. The attacker compromised seven private keys from a single device, highlighting critical vulnerabilities in key management practices within crypto projects.
Microsoft-packaged software repositories were compromised for the second time in weeks with 73 malicious packages containing credential-stealing malware that automatically executes when opened by AI agents. This represents a significant supply chain vulnerability affecting automated development workflows and highlights growing threats to AI-driven software development practices.
IBM's Trusteer division has identified OverlordMX, a sophisticated 'man-in-the-browser' cyberattack campaign discovered in March 2026 that targets banking customers in Latin America. The malware traps users on fake bank screens while attackers monitor sessions in real time and drain accounts, representing a significant evolution in financial credential theft techniques.
Microsoft has identified two malicious npm packages that distribute remote access trojan (RAT) malware capable of stealing cryptocurrency wallet credentials, screenshots, and keystrokes through Hugging Face infrastructure. The discovery highlights a critical supply chain vulnerability in JavaScript development ecosystems that directly threatens crypto users and developers.
Microsoft has identified a sophisticated malware campaign targeting cryptocurrency investors by embedding malicious code within popular npm open-source packages. The trojan poses a direct threat to developers and crypto users who rely on these widely-used libraries, highlighting a critical vulnerability in the open-source software supply chain.
Cyble has identified OverlayPhantom, a new Android banking trojan targeting over 180 banking, financial, and cryptocurrency applications across 10 countries. The malware uses fake overlay screens to capture PINs and credentials, enabling account takeover through a two-stage infection chain distributed via malicious URLs impersonating legitimate apps.
Researchers identified 76 confirmed malicious AI agent skills across major marketplaces, with 13.4% of 3,984 analyzed skills containing critical security vulnerabilities. The findings highlight urgent risks as AI agents gain access to sensitive credentials and systems, with malicious payloads still publicly available on platforms like clawhub.ai.
CrowdStrike and Google successfully dismantled the Glassworm botnet, which targeted software developers and compromised cryptocurrency wallets. The takedown underscores critical vulnerabilities in open source supply chains and blockchain security infrastructure that pose systemic risks to the ecosystem.
Microsoft Threat Intelligence has identified a sophisticated cryptojacking campaign targeting PC gamers and hardware enthusiasts, exploiting their high-end systems to mine cryptocurrency without consent. This threat highlights the ongoing security risks in the cryptocurrency ecosystem and the targeting of users with valuable computational resources.
SlowMist, a blockchain security firm, has identified a sophisticated 'TrapDoor' virus executing a cross-registry supply chain attack targeting developers in Solana, DeFi, and AI sectors to steal private keys. The campaign demonstrates evolving threats beyond traditional exchange hacks, directly compromising developer wallets and private key infrastructure.
Google's Threat Intelligence Group warns that AI is being weaponized by state-linked hackers and criminal actors to create autonomous malware and zero-day exploits at scale, posing a direct threat to cryptocurrency users relying on standard security measures. This represents a significant escalation in the sophistication and speed of cyberattacks targeting digital assets.
Google's Threat Intelligence Group discovered and blocked the first known zero-day exploit developed with AI assistance, which cybercriminals planned to use for mass exploitation of an open-source web administration tool to bypass two-factor authentication. Google identified AI involvement through telltale signs in the Python script, including hallucinated CVSS scores and LLM-style formatting, marking a significant escalation in AI-enabled cyber threats.
Cybersecurity firm iZOO Logic has identified BankGhost Builder, a malware-as-a-service threat advertised on Telegram that targets over 700 banks globally. The tool enables criminals to steal banking credentials and hijack user accounts, representing a significant evolution in financial cybercrime infrastructure.
Cybercriminals are deploying PHANTOMPULSE malware through compromised Obsidian plugins, targeting cryptocurrency users via social engineering on LinkedIn and Telegram. This attack demonstrates how legitimate developer tools can be weaponized to compromise crypto wallets and assets through sophisticated credential theft campaigns.
Elastic Security Labs has identified an elaborate multi-step social engineering scam targeting cryptocurrency and finance users through a malicious community plugin on a popular note-taking application. The scam distributes device-controlling malware, posing a significant security threat to the crypto community's operational security practices.
Google Cloud's Mandiant has identified a North Korea-linked cryptocurrency malware campaign that has been tracked since 2018. The security firm reports that AI technology has enabled these malicious actors to significantly scale up their attacks since November 2025.
On June 23, 2024, hackers compromised the official Ethereum blog mailing list and sent phishing emails to 35,794 subscribers using the legitimate updates@blog.ethereum.org address. The malicious emails directed users to a fake website that ran crypto drainer malware in the background to steal users' cryptocurrency funds.
Researchers propose a novel framework for detecting Advanced Persistent Threats (APTs) across different operating systems without labeled target data, using semantic embeddings and Optimal Transport theory. The source-only approach combines language models, graph autoencoders, and transport-based anomaly scoring to identify malicious processes in cross-OS environments, demonstrating improved detection performance across Linux, Windows, BSD, and Android platforms.
