Researchers warn attackers are buying Facebook ad space to promote bogus Windows 11 update installers that deploy crypto-stealing malware. Clicks lead to malicious executables that harvest wallets, browser extensions, and credentials.
Google Cloud’s Mandiant unit says a North Korea-linked malware campaign targeting crypto users, tracked since 2018, has sharply increased in scale after adopting AI-driven techniques in November 2025. The detection highlights growing automation risks for the crypto ecosystem.
State-backed North Korean group UNC1069 is actively targeting crypto companies with custom malware deployed through social-engineering schemes, including fake Zoom calls, to exfiltrate data from Windows and macOS devices. The campaigns appear designed to enable large-scale financial theft.
South Korea has extradited a 29‑year‑old Lithuanian accused of using malware to alter crypto wallet addresses and steal about ₩1.7 billion (~$1.8M). Authorities say the suspect redirected victims' transfers to wallets he controlled.
A newly reported React vulnerability is being exploited to install malware and crypto-miners, risking token theft and potential wallet interception on thousands of sites.
A researcher found Shai Hulud malware in more than 400 NPM libraries, including at least 10 crypto packages tied to ENS. The intrusion heightens supply-chain risk for developers and ENS users.
A worm propagating through WhatsApp is distributing a banking trojan across Brazil, specifically aiming to harvest crypto wallet credentials and online banking logins. Cybersecurity firms and authorities are warning users to be cautious with messages and links.
Security researchers say a new 'ClickFix' malware uses a social engineering trick to get victims to run a command and then siphon Bitcoin from their wallets. Users are urged to treat unexpected CAPTCHA-like prompts with suspicion and secure private keys.