-
Glassworm malware returns in third wave of malicious VS Code packages
The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.
- December 01, 2025
- 04:08 PM
1
-
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims.
- August 07, 2025
- 10:00 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Dozens of fake wallet add-ons flood Firefox store to drain crypto
More than 40 fake extensions in Firefox's official add-ons store are impersonating popular cryptocurrency wallets from trusted providers to steal wallet credentials and sensitive data.
- July 02, 2025
- 09:16 AM
- 0
-
PoisonSeed phishing campaign behind emails with wallet seed phrases
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.
- April 04, 2025
- 12:49 PM
- 0
-
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain.
- March 06, 2025
- 12:11 PM
- 0
-
Hacker steals record $1.46 billion from Bybit ETH cold wallet
Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets.
- February 21, 2025
- 11:41 AM
- 1
-
Crypto-stealing apps found in Apple App Store for the first time
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers.
- February 04, 2025
- 03:16 PM
- 0
-
Solana Pump.fun tool DogWifTool compromised to drain wallets
DogWifTools has disclosed on its official Discord channel that its software has been compromised by a supply chain attack that impacted its Windows client, infecting users with malware.
- January 29, 2025
- 07:33 PM
- 0
-
New Web3 attack exploits transaction simulations to steal crypto
Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000.
- January 10, 2025
- 01:12 PM
- 0
-
Cryptonator seized for laundering ransom payments, stolen crypto
U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator.
- August 02, 2024
- 01:27 PM
- 1
-
CoinStats says North Korean hackers breached 1,590 crypto wallets
CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors.
- June 24, 2024
- 10:56 AM
- 0
-
Indian man stole $37 million in crypto using fake Coinbase Pro site
An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials.
- May 25, 2024
- 10:11 AM
- 0
-
Fake Leather wallet app on Apple App Store is a crypto drainer
The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets.
- March 11, 2024
- 10:54 AM
- 0
-
Cracked macOS apps drain wallets using scripts fetched from DNS records
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts.
- January 22, 2024
- 05:27 PM
- 0
-
Trezor support site breach exposes personal data of 66,000 customers
Trezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal.
- January 22, 2024
- 09:16 AM
- 0
-
Crypto wallet founder loses $125,000 to fake airdrop website
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users.
- January 05, 2024
- 07:17 AM
- 1
-
Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts
Cryptocurrency scammers are abusing a legitimate Twitter "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs.
- December 20, 2023
- 03:17 PM
- 0
-
Ledger dApp supply chain attack steals $600K from crypto wallets
Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs.
- December 14, 2023
- 11:22 AM
- 0
-
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto
Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.
- November 07, 2023
- 06:06 PM
- 3
-
Claimants in Celsius crypto bankruptcy targeted in phishing attack
Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.
- September 19, 2023
- 07:38 PM
- 0
- 1
- 2
