FILTERING BY: CLEAR FILTER

Lumma Stealer: Bypassing Google Chrome App-Bound Encryption for Crypto Theft

Lumma Stealer has evolved its execution chain to bypass Google Chrome's App-Bound Encryption (ABE) by transitioning from offline file decryption to "living-off-the-browser" techniques. By utilizing Asynchronous Procedure Call (APC) and Remote Thread Injection into chrome.exe, or leveraging malicious Chrome extensions, the malware forces the legitimate browser process to decrypt sensitive data using its own internal APIs. This allows attackers to exfiltrate session cookies and non-custodial cryptocurrency wallet seeds, effectively neutralizing ABE and enabling MFA bypass via session hijacking. Impact is concentrated on high-value digital assets and corporate account access via SEO poisoning and malvertising delivery vectors.

Sapphire Sleet Targets HuggingFace and macOS for Cryptocurrency Exfiltration

North Korean state-sponsored actor Sapphire Sleet (UNC1069) has launched a targeted campaign against macOS users within the AI/ML and cryptocurrency sectors. The adversary utilizes HuggingFace as a delivery vector, deploying malicious models and repository-based lures coupled with AI-enhanced social engineering to compromise developer environments. Once execution is achieved via macOS-specific payloads, the threat actor deploys specialized modules to harvest SSH keys and exfiltrate cryptocurrency wallet data. This shift indicates a tactical pivot toward high-value individual targets and the exploitation of trust in AI model repositories to bypass traditional perimeter defenses.

US Sanctions Iranian Crypto Exchange Nobitex for Facilitating Ransomware

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has designated Nobitex, Iran's largest cryptocurrency exchange, on the Specially Designated Nationals (SDN) List. This enforcement action targets the exchange's role in providing critical financial infrastructure for ransomware operators and terrorist organizations to off-ramp illicitly obtained digital assets—specifically BTC, ETH, and USDT—into fiat currency. By leveraging blockchain obfuscation techniques and mixing services prior to ingress, threat actors have utilized Nobitex to bypass international sanctions. This designation aims to disrupt the nexus between decentralized finance and state-sponsored cybercrime by targeting the liquidity channels used for ransomware extortion payouts.


LINK COPIED TO CLIPBOARD