Go to listing page

Cyware Daily Threat Intelligence, November 22, 2022

Cyware Daily Threat Intelligence, November 22, 2022

Share Blog Post

A series of cryptocurrency-linked cybercrimes were observed in the last 24 hours. In one incident, an information-stealing malware named ViperSoftX was used to drain cryptocurrency via a malicious Chrome extension called VenomSoftX. In another incident, a cybercriminal gang was found operating four different campaigns that targeted Coinbase, MetaMask, Crypto.com, and KuCoin users. A deepfake crypto giveaway scam was also discovered circulating on Twitter, promising FTX customers to make up for their losses by doubling their cryptocurrency. 

In other updates, cybercriminals have found a new interest in Aurora info-stealer malware owing to its low detection rates. At least seven cybercriminal gangs have adopted the malware exclusively, or with RedLine and Raccoon.

Top Breaches Reported in the Last 24 Hours

DraftKings’ customers suffer loss of $300,000
Sports betting company DraftKings suffered a credential stuffing attack that led to a loss of up to $300,000. The firm claims that the hackers accessed their customers’ accounts by using login information that was compromised on other websites. It has urged users to enable 2FA to secure their accounts while assuring them to make up for the lost funds.  

Mobile apps leak API keys
Around 1550 mobile apps were found leaking Algolia API keys, giving attackers a way to access sensitive user information or modify app index records and settings. Of those apps, 32 exposed admin secrets including 57 unique admin keys. The Algolia API is used in websites and applications by over 11,000 companies. 

Top Malware Reported in the Last 24 Hours

Aurora info-stealer in demand
Cybercriminals are turning to a new Golang-based information stealer named Aurora to steal sensitive information from browsers and cryptocurrency apps. The malware is also capable of exfiltrating data from disks and executing additional payloads. At least seven notable cybercriminal gangs have significantly adopted the malware, either exclusively or along with RedLine and Raccoon. The reason for the rise in the use of this malware is its low detection rates. 

ViperSoftX drains cryptocurrency
An information-stealing malware named ViperSoftX is draining cryptocurrency via a malicious Google Chrome extension called VenomSoftX. ViperSoftX is mostly spread via torrents and software-sharing sites. Avast analyzed that the attackers behind the campaign have earned approximately $130,000 by November 8. 

Top Vulnerabilities Reported in the Last 24 Hours

Amazon addresses a vulnerability
Amazon addressed a cross-tenant vulnerability found in its AWS AppSync service. The flaw could allow attackers to assume Identity and Access Management (IAM) roles in other AWS accounts. This ultimately could enable attackers to pivot into a victim organization and access resources associated with those accounts.    

Top Scams Reported in the Last 24 Hours

Fake crypto giveaway scam
A deepfake video of FTX founder Sam Bankman-Fried was circulated on Twitter to trap users in a fake crypto giveaway scam. To make it look convincing, the account mimicked the original account of Sam Bankman-Fried and had a blue tick mark. In the fake video, the founder of the collapsed cryptocurrency exchange promises users to make up for their losses by doubling their cryptocurrency. To do this, it asks users to visit the site ftxcompensation[.]com. 

Domains of pig butchering scheme seized
The DoJ announced that it seized seven domains associated with pig butchering schemes where cybercriminals developed relationships with victims before stealing their cryptocurrency funds. A total of five victims lost over $10 million in the scheme between May and August. Each of the domains pretended to belong to the Singapore International Monetary Exchange.

Crypto-stealing phishing campaign
A crypto-stealing phishing campaign is underway, impersonating different cryptocurrency exchanges and wallets. The campaign has been active since 2021 and abuses the Microsoft Azure Web Apps service to host phishing sites. Victims are targeted via phishing messages that pretend to be from Coinbase, MetaMask, Crypto.com, and KuCoin, informing them about suspicious activity detected in their accounts.


crypto giveaway scam
crypto stealing phishing
ftx founder
identity and access management iam roles

Posted on: November 22, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite