A disguised browser add-on linked to a crypto clipper campaign shows how transaction tampering can happen inside the browser, not on the blockchain.
Researchers flagged a browser-extension campaign that impersonates a familiar note-taking tool and aims to swap cryptocurrency wallet addresses at transaction time.
A critical weakness in remote-support software shows how one privileged login path can become a launch point for malware, secret theft, and broader endpoint risk.
Ukraine’s asset recovery agency moved more than $8.3 million in cryptocurrency into an official wallet, showing how custody, legality, and blockchain controls collide once criminal proceeds become public funds.
The malware campaign tied to Rokarolla shows how mobile fraud tooling can survive pressure on one control channel by pairing impersonation sites with backup command infrastructure and permission abuse.
A new phase of disruption against infrastructure linked to SocGholish, Amadey, and StealC shows how loaders and stealers help turn one intrusion into many crimes.
A surge of scam websites is using the promise of “VIP” access to Grand Theft Auto 6 to pressure hopeful players into sending cryptocurrency and, in some cases, hundreds of dollars.
A polished impersonation scam is using the pull of Grand Theft Auto VI to push victims toward cryptocurrency payments for access that never arrives.
A new Windows malware family is reported to spread through USB devices and use Tor, while altering wallet addresses to steal cryptocurrency.
A deceptive trust layer is being abused to make a crypto clipper look safer than it is, turning stars, reviews, and clipboard swaps into a quiet route to theft.
A malicious dependency found in more than 140 Mastra packages shows how a software supply-chain incident can move from build tools to browser-facing cryptocurrency surfaces.
A newly spotted lightweight backdoor combines removable-media spread with cryptocurrency theft, showing how compact malware can still punch through modern defenses.
Microsoft says a Windows-based cryptocurrency clipper has been active since February 2026, and its design leans on built-in scripting, shortcut abuse, and Tor-hosted command infrastructure.
A reported campaign pairs AI-style narration, fake reputation signals, and a Rust-based clipboard hijacker to quietly redirect cryptocurrency payments.
A coordinated law-enforcement action against a suspected laundering service puts the spotlight on the infrastructure that helps illicit crypto move, layer, and reach spendable value.
A coordinated international operation has disrupted AudiA6, a cryptocurrency laundering service believed to have moved more than EUR 336 million and helped criminal networks turn stolen value into spendable money.
Weaponized DMG installers are turning a normal macOS software flow into a fast credential-theft path, with infostealers built to grab browser sessions and wallet data before defenders notice.
A reported Lucid Stealer build uses a Node.js Single Executable Application wrapper, showing how familiar software packaging can blur the line between benign delivery and criminal tooling.
Researchers described a threat actor alias linked to an exposed working environment, where Gemini API keys, Telegram automation, and fraud tooling appeared to support a broader influence operation.
Criminal finance is increasingly described as a blend of cash, digital wallets, cryptocurrencies, and blockchain, a mix that changes both the hiding places and the clues investigators can use.