Kaspersky Warns of New Crypto-Stealing Malware on GitHub
The campaign abuses developer trust, posing as legitimate projects to slip infostealers past crypto investors who download what looks like routine open-source tooling.
Every Zipp story tagged #Malware, newest first.
The campaign abuses developer trust, posing as legitimate projects to slip infostealers past crypto investors who download what looks like routine open-source tooling.
The 21-year-old allegedly hid credential and wallet-draining malware inside five Steam titles, infecting about 8,000 machines and draining roughly $220,000 before agents traced crypto payouts to Uber…
Microsoft's threat team linked the campaign to a hacking group it tracks as CryptoBandits, which uses poisoned USB sticks to seed malware that rewrites browser extensions for wallet theft.
CryptoBandits shows a quiet escalation: clipboard hijacking plus live address-swapping during a copy-paste transfer turns a single USB plug-in into a full wallet drain, with Tor-based exfiltration to…
The threat spreads offline via USB and .lnk shortcuts, then runs bundled Tor to reach a hidden-service C2 — clipboard swap plus seed-phrase theft is the actual loss vector, not just an address swap.
Not a smart-contract bug — a single developer laptop compromised by malware exposed the admin hot wallet plus six Safe owner keys across Ethereum and BSC, draining over $31M.
The real target isn't a developer's wallet file — it's the workstation, where SSH keys, AWS credentials, GitHub tokens and live AI coding sessions all sit on the same machine.
Security researchers have flagged an active malware campaign dubbed TrapDoor, targeting developer environments across…