It seems not a day goes by without news of another crypto scam targeting unsuspecting holders. Those owning…

It seems not a day goes by without news of another crypto scam targeting unsuspecting holders. Those owning popular cryptocurrencies like Bitcoin (BTC) and Litecoin (LTC) are also exposed to cyberattacks.

While Bitcoin is often referred to as the gold of crypto, Litecoin is considered its silver, valued for speed, lower fees, and practical use. But, in the end, both are targets of scams including phishing and malware attacks. In this article, we are discussing security for LTC wallets and protecting yourself from scams that have become nothing but sophisticated.

****Spotting Common Litecoin Scams****

Knowledge is your first line of protection against crypto fraud types because scammers aren’t getting any less creative. They exploit both the need for urgency in humans and security vulnerabilities in systems to separate you from your funds. Knowing how these scams work makes it easier to spot them, especially social engineering tricks common in crypto. The key rule is don’t just trust; verify. It’s one of the best ways to protect your Litecoin.

****Phishing and Malicious Links****

The most common type of crypto scam there is? Phishing attacks masquerading as legitimate emails, social media messages, or fake Litecoin websites. Scammers create spoofing attacks that look identical to trusted platforms, using subtle URL misspellings or deceptive subdomains to fool even careful users.

How to recognize phishing?

*   A link may look like a legitimate site but have a slightly different URL

*   The website requests sensitive data like private keys or seed phrases

How not to fall for email phishing crypto scams?

*   Double- and triple-check URLs before clicking anything

*   Remember: legitimate services never request your private keys or seed phrases

*   Open websites directly from bookmarks rather than clicking malicious links

****Fake Giveaways, Investment Scams, and Impersonation****

Scammers love exploiting Fear of Missing Out (FoMO) with Litecoin giveaway scams and crypto investment fraud. The classic “send LTC to receive more” scheme never gets old. Imposter scams often involve celebrities (from Charlie Lee to Elon Musk), exchanges, or support staff sliding into your DMs with unsolicited offers.

How to recognize these social media crypto scams?

*   You’re being asked to send crypto to “verify” your wallet

*   The persuasion comes from someone masquerading as a trusted party

*   Fake customer service accounts demand remote access or sensitive information

How to not fall for these schemes?

*   If an offer seems too good to be true, it probably is

*   Verify identities directly through official channels, not DMs

*   Take responsibility for your own choices, when things get sketchy, dip out

****Malware and Malicious Software****

Crypto malware are sophisticated that can steal your funds through keystroke logging, clipboard hijacking, or directly accessing wallet files. The worst part? They’re often disguised as legitimate wallet software, browser extensions, or crypto tools.

How to avoid wallet draining software?

*   Be extra cautious with unofficial apps or browser extensions

*   Only download from official sources and verify file authenticity

*   Keep an escape plan in mind if something feels off about new software

Even an apparently harmless download can contain a script that hijacks your transactions or drains your account entirely.

****What Can You Do to Safeguard Your LTC?****

Getting Litecoin is simple enough with a trustworthy provider such as ChangeHero, which has been around since 2017 and now supports 200+ coins and tokens in addition to Litecoin. With their crypto exchange with the lowest fees, getting your own LTC securely is easier than a walk in the park. Securing it, though, is a tad more complicated.

Protecting your Litecoin requires more than wishful thinking; you need battle-tested crypto protection tips that work. The best defence? Proactive measures rooted in solid Litecoin security best practices. This section arms you with actionable strategies to prevent crypto fraud, from hardware wallets to from hardware wallets to thinking critically online. Your online security is up to you, stay prepared and protect yourself from whatever scammers try next.

****Hardware Wallets and Authentication****

If you take your Litecoin holdings seriously, cold storage crypto through a hardware wallet is a must. Devices like Ledger and Trezor keep your private keys offline and away from internet vulnerabilities, making it nearly impossible for hackers to reach your funds remotely. And, it shouldn’t end with a hardware wallet. Strengthen your Litecoin security by using solid authentication methods:

*   **Strong, unique passwords**: Never reuse passwords across platforms. Each crypto-related account should have its own unique password.

*   **Enable 2FA crypto the right way**: Use authenticator apps like Google Authenticator or physical keys like YubiKey. SMS-based 2FA? Skip it: SIM-swapping attacks make it vulnerable.

*   **Secure your backup seeds**: Store them offline, never digitally. A piece of paper in a safe beats a screenshot on your phone every time.

****Keeping Software Updated****

Stay up to date with crypto security updates. Running outdated software increases the risk of attacks. Make sure your operating system, browser, and antivirus tools are regularly updated to patch known security issues.

Staying updated on software is just one part of the equation. Cybersecurity training and education against scams are keys to staying protected against new threats. Follow credible crypto news sources and security professionals, but always verify the information. Avoid click-driven content and cross-check facts before acting.

****What If It’s Too Late?****

Think you’ve been targeted by Litecoin fraud or a crypto hack? Time is critical. Acting quickly can help reduce the damage. The first rule is to stop all communication with the scammer immediately. Don’t engage, don’t negotiate, don’t try to outsmart them! Just cut contact to prevent further exposure.

Start by changing the passwords on all affected accounts, making sure each one is strong and unique. If your wallet has been compromised, transfer your funds to a new, secure wallet, preferably a hardware wallet.

Additionally, disconnect any devices you think may be infected to stop further malicious activity. Time is critical in these situations. The faster you respond, the better your chances of protecting what’s left and blocking further access.

****Report and Document****

Document everything, and we mean everything. Screenshots, transaction IDs, emails, messages, phone numbers, website URLs. This crypto scam evidence isn’t just for your records; it’s ammunition for investigators trying to track down these scammers.

Where to report crypto fraud:

*   Your exchange’s security team (they need to know ASAP)

*   Local police and national cybercrime units like the FBI’s IC3

*   Cybersecurity organizations for broader community awareness

The crypto space offers real opportunities, but when it comes to Litecoin security, it’s your responsibility, no one else’s. Protecting your digital assets is up to you. By staying alert, using hardware wallets, and keeping your knowledge up to date, you make it harder for scammers to succeed.

(Image by Eivind Pedersen from Pixabay)

Litecoin Security: How to Spot, Avoid, and Recover from Crypto Scams

Grab a large sweet tea or a cup of coffee and read  the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found this year's report noticeably longer, but the depth and detail didn’t disappoint. In fact, one notable addition to this year’s report is the discussion of AI. The numbers game: up, up, and...wait, what?First, let’s break down the raw numbers. Red Hat Security Advisories (RHSA) hit a new peak in 2024, clocking in at 2975. There has been a steady increase over the pa

Grab a large sweet tea or a cup of coffee and read  the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found this year's report noticeably longer, but the depth and detail didn’t disappoint. In fact, one notable addition to this year’s report is the discussion of AI. 

**The numbers game: up, up, and...wait, what?**

First, let’s break down the raw numbers. Red Hat Security Advisories (RHSA) hit a new peak in 2024, clocking in at 2975. There has been a steady increase over the past few years. Interestingly, while _Important and Moderate_ advisories saw a significant jump, _Critical_ advisories decreased slightly, leaning towards more proactive security practices and faster detection.

The common vulnerabilities and exposures (CVE) count skyrocketed to 4272, a significant increase from previous years, which were relatively stable. What caused this? The report highlights the Linux Kernel Organization becoming a CVE Numbering Authority (CNA) in February 2024. They began assigning CVEs to numerous kernel issues, many of which wouldn't have received assignments previously. If you filter out those new kernel.org CVEs, the trend line appears more familiar, with a slight increase, likely reflecting Red Hat's growing portfolio but nothing alarming. 

Digging deeper, most new kernel CVEs are rated _Moderate and Low,_ and only 45% of the CVEs assigned by kernel.org in 2024 affected current Red Hat Enterprise Linux (RHEL) kernels. Further, the focus should remain squarely on those _Critical and Important_ vulnerabilities that align with where actual exploitation attempts are seen. This approach is validated by Red Hat’s rapid turnaround for over half of the _Critical_ CVEs, providing the first fixes in 7 days or less, and 3 fixes on Day 0.

Without the above context when looking at these metrics, you might think, what is Red Hat doing? The raw CVE count increased significantly, but the underlying risk profile for Red Hat products didn’t actually change in parallel. These numbers reinforce that relying solely on the CVE count is insufficient; you must also consider severity, exploitability and relevance. Red Hat's focus on patching _Critical and Important_ issues is validated by the data, showing that's where most real-world exploitation occurs, proving that a risk-based approach makes the most sense.

**XZ Backdoor: the elephant in the room**

Who can talk about security in 2024 without mentioning the XZ Backdoor incident? It was a well-thought-out supply chain attack that still haunts the dreams of the open source community. A trusted maintainer who spent over 2 years building rapport in the community introduced a sophisticated backdoor into the XZ library. If Andres Freund hadn't noticed the performance lag it caused, it could have compromised Secure Shell (SSH) access across countless systems.

In this report, Red Hat reflects on the open source response, while taking a moment to highlight the inherent risks and showcase the open source model's strengths. The rapid, collaborative analysis and information sharing were possible because the source code and interactions were public. The report also discusses the barriers within their own pipeline, like Fedora testing and RHEL quality engineering, that _could_ have caught it, though it's impossible to say for sure.  

The XZ Backdoor incident was a wake-up call. This incident will have long-lasting effects on trust and contribution processes in open source. Supply chain attacks are growing in number and sophistication. Attackers are finding ways to target common tools and shared code that developers use daily, hoping to cause widespread problems. These types of attacks show that software vendors need multiple layers of protection: automatically checking the safety of any prebuilt code parts used, having a secure assembly line for building software and carefully inspecting any new pieces before adding them. It's good to know that Red Hat had several checks in place that could and would have caught the recent XZ security problem, emphasizing that these layers of security truly help. Security will never be a one-and-done activity.

**Supply chain woes**

The escalating number of Software Supply Chain Attacks (SSCAs) and the reliance on open source components is almost unbelievable yet statistically true. Black Duck’s analysis paints a troubling picture: a staggering 97% of commercial codebases rely on open source components. While this increases the speed of innovation and development, it can create an extremely attractive target for malicious actors with data showing that they aren't passing up any chances. Red Hat's tracking of publicly reported SSCAs revealed 89 incidents in 2024, a jarring 68% increase year-over-year. Sonatype's report echoes this unsettling trend. Software supply chains are increasingly under siege.

The XZ Util compromise and North Korean threat actors who used elaborate employment fraud schemes to gain insider access were just 2 examples of the evolving tactics used by malicious actors. The problem with this is that for most of these attacks the motive is largely unknown, and a massive amount remains unclaimed. It's hard to defend effectively when you don't fully understand who is attacking or why. We know some attackers want money or are trying to spy, but we don’t know the goal for many attacks. This complicates the whole situation with cyber threats and is hard to predict or model. Targeting developers and their access points makes perfect sense from an attacker's perspective, as they hold the keys to the kingdom, but it also means that the very human element of building our digital world is a prime target.

These SSCAs demonstrate the escalating exploitation of critical open source dependencies by skilled, anonymous attackers. We can't simply stop using open source given that it substantiates modern software. Therefore, we need a fundamental shift moving forward. We need more proactive security protocols embedded throughout the development lifecycle, not just when we are reacting to breaches. This includes better vetting of dependencies, robust security practices for developers, and, as highlighted by the XZ response, a shared responsibility model where vendors, communities and users invest in securing the ecosystem. The sheer scale of our reliance demands a proportional investment in its security. We’re still playing catch-up against adversaries who are clearly several steps ahead.

**Ode to AI**

In case you missed it, over the last year, generative AI (gen AI) has exploded—from chatbots to coding assistants to creative tools. The momentum is not slowing down, with gen AI predicted to grow at a rate of 37% every year until 2030. That is mindboggling, to say the least. 

But like with any shiny new technology, there’s a honeymoon phase where everyone is focused on what it can do. How fast can it work? How much can it create? How might it change the way we do just about everything?

But now that we see the real value, especially in highly regulated industries like healthcare, finance and government, where mistakes can have major implications, we have to start thinking  about the serious stuff. How do we keep AI usage safe, secure and trustworthy? Can we trust it not to mess things up or leak private information? Decision makers say that keeping data safe is already the biggest worry people have about AI for this year. That makes total sense. You don't want your personal information getting out or AI making bad decisions because it wasn't built securely. As you’ve read above, we already have some high visibility targets in open source. 

What I appreciate is that we’re not just jumping on the AI bandwagon; we’re actually working to figure out how to make AI secure and safe. But, that’s not an easy task. 

One of the first things Red Hat points out in Building Trust: Foundations of Security, Safety and Transparency in AI is the need to separate an AI security vulnerability from an AI safety issue:

*   Security vulnerability: A hacker finding a way to break into the AI system.
*   Safety issue: The AI itself saying something inaccurate, biased or even harmful, even if no one "hacked" it.

These issues need to be addressed differently because fixing a bug is not the same as teaching AI to not be toxic or make things up. They need different rulebooks.

It's reassuring to see that companies like Red Hat, governments like the EU and the US, and various industry groups are working hard to figure this out. They're trying to create guidelines, standards and ways to track these different AI risks. They're looking to build this technology responsibly from the ground up, training their engineers and creating secure designs. What’s significant is that Red Hat isn’t just talking, we're building.

So, what does all this mean? The AI boom is exciting and it could change many things. However, it comes down to trust. As with any good relationship, trust is foundational. Our relationship with AI has to be built on trust for us to get the full benefit of it, and that is more than flashy demos. It comes from working hard behind the scenes to make sure the tech is safe, secure and behaves as expected. It sounds like the right people are focused on that, which is good news. We need to be careful and build guardrails now, rather than trying to fix huge problems later. We need people who trust AI to do this!  

**Behind-the-scenes, the SDLC hustle**

In 2024, Red Hat proved that behind every reliable product is a whole lot of hustle to make sure nothing falls through the cracks. Our approach goes beyond merely following NIST security standards. Red Hat is developing its own unique methods to help verify that everything we build, including AI technologies, is reliable and trustworthy from the start.

The Red Hat Secure Software Development Lifecycle (RHSDLC), which provides our plan for building software focused on security, is now smarter and even more aligned with the current real-world security challenges. But we aren’t just checking the boxes. We’re creating our own standards, such as the RHSDLC, to make sure the software supply chain is security-hardened from start to finish by maturing the Security Operating Approvals (SOA) procedure. This includes verifying third-party tools, automating checks and flagging risks before they become problems. It’s like catching the leak while it’s still a drip, instead of waiting for the flood. We are dedicated to empowering customer confidence in our products by thoroughly exploring security details and prioritizing trust, transparency and resilience.

I loved seeing the standardization of Security Architecture Reviews (SARs) into the RHSDLC. These reviews support the classic, battle-tested security principles, such as _“only give access to what’s absolutely necessary,” “layer your defenses”_ and ensure security is baked into the product design from day one. 

Lastly, there’s RapiDAST. If you’re into open source or even application development, this tool is a hidden gem. It’s Red Hat’s dynamic application security testing tool, and in 2024, it got some serious upgrades. RapiDASTS didn’t just become more powerful, it became easier to use. For example, it’s able to provide support for Kubernetes operator testing, better automation and a much simpler interface. Now, it can export results straight to Google Cloud Storage, making collaboration more efficient.

Red Hat is building all this directly into our CI/CD pipelines, the very systems that developers use daily to build and release products. And for those who rely on tools, whether you’re developers, IT pros or end users trying to keep systems safe, a commitment to security-focused development really matters. In a world with constant cyber threats, knowing your software vendor is intensely focused on security, from the design phase through testing and component tracking, is reassuring. Red Hat treats security as a core part of quality, not just an afterthought.

**‘Till we meet again in 2025**

This year’s report is a reminder that security is always moving. With changes in how CVEs are reported, ongoing supply chain risks, the growing impact of AI and prioritizing vulnerabilities, there’s a lot that users must consider.

Having transparent reports like this one is so important. They help all of us—from developers to IT teams to curious readers like me—see what’s going on, understand the challenges and more informed choices. From my perspective,  it’s not just about preventing problems; how we respond to them is just as critical. The way the open source community came together during incidents like the XZ Backdoor? That’s the power of collaboration in action!

Read the full Red Hat Product Security Risk Report 2024.

The 2024 Red Hat Product Security Risk Report: CVEs, XZ Backdoor, SSCAs, AI…oh my!

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.

The Andersons are Christmas traditionalists. Dan says it’s more his wife Paige than him, but secretly he also loves all the fuss.

So, there they were on the sofa in their pajamas in front of the twinkling Christmas tree before the sun had risen over a chilly morning in Buffalo, New York. Thirty-two-year-old Dan was proud and smug as he handed over his gift to Paige—a “fancy new Kindle Voyage.” She loved it. Then it was his turn, and he excitedly ripped into the wrapping paper watched over by his confused dogs—one of which was tellingly named after Dan’s favorite computer-game character (Vivi from _Final Fantasy_). As the present revealed itself, the avid gamer saw the instantly recognizable and much-loved logo—it was a brand-new PlayStation 4. Straight away he unpacked it, rigged it up to the TV, and switched it on. The plan was to get it fired up and download _LittleBigPlanet 3_ to play for a few hours before meeting up with family.

Paige had been looking forward to it since she bought the new console. However, it wasn’t to be. “We didn’t even make it as far as starting to download the game, because it wouldn’t let me log in to PlayStation Network,” Dan said. “Nothing was online at all, so we couldn’t even try and download games.” Disappointedly they headed out for the day’s events and couldn’t try again until that evening, when they discovered that the network was still down. A $400 gift they couldn’t play. Dan had to work the next day too, so he couldn’t even try it then. He was gutted.

Five hundred and fifty miles north, in Toronto, 16-year-old Mustafa Aijaz was pumped. Christmas Day—particularly the evening—was the best game time of the year. It’s always been a bit of a holiday within the holiday for serious players. The tradition revolves around a phenomenon called “Christmas Noobs.” At Christmas, so many new players receive new games and consoles that online games are flooded with a tidal wave of gamers who often fumble their way through the top games and act like cannon fodder for the waiting legions of seasoned veterans. Mustafa and his mates were skilled at _Call of Duty: Advanced Warfare_. “We were all ready for a night of easy wins, quick XP \[experience points\] farming, and were looking forward to leveling up like crazy.” So, they waited like crocodiles anticipating herds of migrating buffalo to enter the river. But just as the bullets started flying they were all unceremoniously chucked out of their matches and knocked offline. “None of us could log back in, and party chat was down too, so we couldn’t even talk to each other to figure out what was happening,” Mustafa said.

It was all over social media: A group of hackers called Lizard Squad were bragging about their massive DDoS attack on Xbox Live and PlayStation Network—the crucial services that linked tens of millions of gamers to the Microsoft and Sony servers. Mustafa had seen that the group had already carried out smaller-scale attacks and had for weeks been taunting and threatening a big attack. Apparently it was all linked to some silly and incomprehensible spat with a rival but minor hacking group. Mustafa was angry but also fascinated by the attack and the incredible reaction online. “The fallout was instantaneous. People were furious,” he said.

PlayStation Network at the time had about 110 million subscribers, and Xbox Live had roughly 48 million. Xbox was back to normal within 24 hours—on Boxing Day. But PlayStation struggled for longer. It didn’t just affect existing subscribers. Before you can use any new games, consoles, or vouchers, you need to register them via the gaming company’s servers. It was a catastrophe for the games industry, especially Sony, which had already been having a tough time after a different cyberattack the previous month.

Services were down around the world. Error messages in dozens of languages were being posted as screenshots on YouTube and Twitter. There was nothing anyone could do until the engineers at Sony and Microsoft figured it out or Lizard Squad stopped the attack.

Late in the evening on Boxing Day, BBC Radio 5 Live aired an interview with two members of the group. They showed zero remorse for the impact they’d had on people around the world. Twelve hours later I walked into the newsroom and was given the seemingly impossible task of “getting a Lizard” on the evening TV bulletin at Sky News.

It took hours of trawling Twitter and speaking to dozens of wannabes and fakes, but I eventually succeeded in finding contact details for a British man called Vinnie Omari. Incredibly, he lived a few miles from our newsroom in west London. He agreed to come to us for the interview and was pale, skinny, wore all black and talked fast. He was at pains to distance himself from the gang but left the studios promising that a Lizard Squad hacker called “Ryan” would be in touch. I had no idea at the time of course that this “Ryan” was Julius Kivimäki—an already infamous teenage hacker and delinquent from Finland. It was later that afternoon—at around 3 pm —that “Ryan” called through on Skype. Just in time for us to edit our conversation with him into our news piece.

The 17-year-old looked very young and pale and had a shaved head and soft features. In spite of everything, he was polite and seemed in no rush. But he was also utterly unremorseful and arrogant, struggling to stifle a smirk throughout the interview. When I started by asking him why he wanted to ruin Christmas for tens of millions of people, he gave me the same boilerplate answer about the boys doing it to amuse themselves and embarrass these tech mega corps. “These companies make tens of millions every month from just their subscriber fees, and they should have more than enough funding to be able to protect against these attacks.” We went back and forth for about 15 minutes without him giving any hint of regret or awareness for how many people had been affected by his stunt.

“I’d be worried if those people didn’t have anything better to do than play games on their consoles at Christmas Eve and Christmas Day,” he said. “I mean, I can’t really say I feel bad. I might have forced a couple of kids to spend their time with their families instead of playing games.”

The interview blew up online, with more than a million views on YouTube and thousands of comments on Twitter, where many four-letter words were hurled at the Lizards. PlayStation and Xbox also received a torrent of abuse. Later they would offer a five-day extension to players’ subscription periods and 10 percent off as compensation. The resulting bill for the company must easily have been in the millions.

Kivimäki went on to speak to other reporters, sometimes calling himself Ryan Cleary (a reference to another hacker he had vague and likely acrimonious link to from a previous teen hacker gang called LulzSec). In one interview and debate on YouTube channel DramaAlert he is implored by Kim Dotcom to stop the silly hacker rivalries that were impacting so many innocent people. “Hackers used to be respected; they used to have a magic about them,” Kim said, accusing Lizard Squad of harming the image of hackers around the world with their actions. Kivimäki’s response is fascinating: He laughed it off as old-fashioned thinking. “It’s wrong to connect groups like Lizard Squad with, for example, L0pht from a couple of decades back,” he said. “There’s really no connection with the hacking groups of today and the hacking groups of two decades ago. The meaning is totally different now.”

Although many security experts angrily railed against the media’s portrayal of Lizard Squad as “sophisticated,” people grudgingly came to accept that the Christmas attack did have a big impact on cybersecurity and the gaming industry. There’s little doubt that this was not the group’s motive—despite their clumsy attempts to claim so in interviews. But it was a wake-up call. Security website SecurityAffairs wrote a “lessons learned” piece by dissecting my interview with Kivimäki. Many people considered Lizard Squad script kiddies, they wrote, adding, “This approach is totally wrong.”

The size of the attack unleashed on that day would be shrugged off by most modern sites, but DDoS attacks are still commonplace and are getting more powerful. Expensive protection services are now a must-have for any organization that needs to stay online.

The attacks also started something of a cybercrime trend. In 2024 Europol unveiled an international law enforcement operation to take DDoS services down in December: “The festive season has long been a peak period for hackers to carry out some of their most disruptive DDoS attacks, causing severe financial loss, reputational damage, and operational chaos for their victims,” the organization said in a statement.

At the time of Lizard Squad’s attacks, the general public was stunned. Despite Lizard Squad being on the tail end of a wave of teenage hacking groups in the 2010s, there was little awareness of the power that could be wielded by these otherwise amateur attackers. There might have been a vague feeling in the zeitgeist that “hackers in hoodies in their bedrooms” were increasingly causing problems, but this attack was immediate, unmissable, and easy to understand. It was of course also easy to get angry about. Over the next couple of days I came back to the story with follow-ups about the fallout as other Lizard Squad members spoke to YouTubers about the so-called “drama.” But the big thing the newsroom kept asking me was, When would these kids be arrested?

Vinnie Omari was the first. On New Year’s Eve he was raided by the South East Regional Organized Crime Unit, which collared him on suspicion of cyber fraud offenses committed in 2013 and 2014. It looked like the raid was for other alleged offenses involving PayPal fraud, but the search warrant, which later surfaced online, also referenced the Christmas DDoS attacks. “They took everything: Xbox One, phones, laptops, computer USBs, etc.,” Omari told reporter William Turton from the Daily Dot. He was later cleared of any involvement.

After Omari’s arrest, other Lizards were taken out too. On January 16, 2015, police announced that they had arrested an 18-year-old in Southport, near Liverpool. They didn’t give a name, but reporters at the Daily Mail identified him: “The ‘quiet’ teenager, named locally as Jordan Lee-Bevan, was arrested during a raid at his semi-detached home in Southport, Merseyside, today, with officers seizing computers as he was taken away in a police car.”

In 2016 teenager Zachary Buchta from Maryland was also arrested for his role in Lizard Squad and another group called PoodleCorp. As a boy he had been warned in 2014 about his criminal path by police who had caught him carrying out minor cybercrime activity. But he was undeterred and even changed his Twitter profile at one stage to @fbiarelosers to taunt the cops.

At the same time that Buchta was arrested, Dutch police raided and arrested another 19-year-old. Bradley van Rooy, who used the names “Uchiha” or “UchihaLS,” was accused of conspiring with other members of Lizard Squad to operate websites that provided cyberattack-for-hire services, facilitating thousands of DDoS attacks and trafficking stolen payment card account information for thousands of victims.

Bradley was put on bail for two years and eventually given a two-year suspended sentence and 180 hours of community service. The vast majority of charges against him were dropped as they had taken place when he was a minor. He ended up being convicted of the DDoS-for-hire operation and handling stolen credit cards. I tracked him down, and he openly talked about that period of his life, which he had put behind him a long time ago. “I’m now 27, and I see the damage that I did and understand that there could have been a higher punishment,” he says. “But then I also see that I was just a kid, and I had a troubled time at school and just fell into the hacking life after meeting the wrong people when I was playing the game _RuneScape_.”

Bradley’s journey and words track so perfectly to the experiences of almost every hacker I have met or interviewed. It’s as though there is a universal constant, whereby a subset of gamers in every generation is pulled into cybercrime in exactly the same way. There are literally billions of gamers in the world, so these people represent only a tiny fraction. But it seems to be inevitable and cyclical as hacker groups rise and fall.

The differentiating and more important aspect, though, is how these boys and young men react when they cross the line and are caught.

So what of Julius Kivimäki, aka “Ryan,” aka “Ryan Cleary” and many other aliases including the by now infamous “Zeekill”?

Surely, after appearing on TV and radio admitting that he was part of the gang, he too would be rearrested sharpish? Officers did indeed visit Kivimäki to interview him, but they did not arrest him—contrary to reports in the international media. It’s not clear why they took no further action, but perhaps when the teenager confidently said that police would find nothing on his computer he was right. “They’d have to let me go,” he had cockily asserted in our interview. If so, maybe his run-in with police years earlier had taught him to cover his tracks more effectively. Or maybe he hadn’t taken as much of a leading role in the DDoS attacks as he had claimed.

For Finnish cybercrime cop Antti Kurittu, seeing Kivimäki on TV was especially galling. Antti had raided and arrested Kivimaki two years earlier for other cyberattacks carried out with a different teenage cyber gang called HTP. “I remember watching your Sky News interview and just thinking ‘wow, this guy is not even trying to cover up his crimes. He’s just a different sort of person,’” Antti recalls.

It wasn’t until July 2015 that Kivimäki received his first criminal conviction. He was found guilty of the rather preposterous total of 50,700 instances of aggravated computer break-ins—one for every computer enslaved into HTPs botnet. He was also convicted of other offenses including data breach, money laundering, and being in possession of, and using, stolen credit cards. For all of these offenses, he was handed a two-year suspended sentence. If he had been an adult he could have got years behind bars, but as a minor and first-time offender he served no time in prison. So Kivimäki, just a few weeks from his 18th birthday, remained free. He began calling himself the “Untouchable Hacker God” on Twitter.

A year after Kivimäki’s sentencing, in a bizarre coincidence, Antti bumped into Kivimäki in Amsterdam. It was April 2016 and Antti was walking through the departures lounge of Schiphol Airport when he passed the by-then 18-year-old. Antti did a double take, gobsmacked to see him. It was so surreal that they both found it amusing and took a selfie. After a short chat, Antti asked Kivimäki if he was now “staying out of trouble.” Kivimäki replied, “Of course.” But when Antti asked him for a contact email address, he made one up with “@FBI.gov” at the end. They laughed and went their separate ways.

But, as Antti predicted, the Untouchable Hacker God would be back. Four years later he was. And this time he was linked to the cruelest cyberattack in history and had a new alias: ransom\_man.

_Excerpt adapted from_ Ctrl+Alt+Chaos: How Teenage Hackers Hijack the Internet _by Joe Tidy. Published by arrangement with Elliott & Thompson. Copyright © 2025 by Joe Tidy._

What Really Happened in the Aftermath of the Lizard Squad Hacks

The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.

Imagine you meet someone new. Be it on a dating app or social media, you chance across each other online and get to talking. They’re genuine and relatable, so you quickly take it out of the DMs to a platform like Telegram or WhatsApp. You exchange photos and even video call each over. You start to get comfortable. Then, suddenly, they bring up money.

They need you to cover the cost of their Wi-Fi access, maybe. Or they’re trying out this new cryptocurrency. You should really get in on it early! And then, only after it’s too late, you realize that the person you were talking to was in fact not real at all.

They were a real-time AI-generated deepfake hiding the face of someone running a scam.

This scenario might sound too dystopian or science-fictional to be true, but it has happened to countless people already. With the spike in the capabilities of generative AI over the past few years, scammers can now create realistic fake faces and voices to mask their own in real time. And experts warn that those deepfakes can supercharge a dizzying variety of online scams, from romance to employment to tax fraud.

David Maimon, the head of fraud insights at identity verification firm SentiLink and a professor of criminology at Georgia State University, has been tracking the evolution of AI romance scams and other kinds of AI fraud for the past six years. “We’re seeing a dramatic increase in the volume of deepfakes, especially in comparison to 2023 and 2024,” Maimon says.

“It wasn’t a whole lot. We’re talking about maybe four or five a month,” he says. “Now, we’re seeing hundreds of these on a monthly basis across the board, which is mind-boggling.”

Deepfakes are already being used in a variety of online scams. One finance worker in Hong Kong, for example, paid $25 million to a scammer posing as the company’s chief financial officer in a deepfaked video call. Some deepfake scammers have even posted instructional videos on YouTube, which have a disclaimer as being for “pranks and educational purposes only.” Those videos usually open with a romance scam call, where an AI-generated handsome young man is talking to an older woman.

More traditional deepfakes—such as a pre-rendered video of a celebrity or politician, rather than a live fake—have also become more prevalent. Last year, a retiree in New Zealand lost around $133,000 to a cryptocurrency investment scam after seeing a Facebook advertisement featuring a deepfake of the country’s prime minister encouraging people to buy in.

Maimon says SentiLink has started to see deepfakes used to create bank accounts in order to lease an apartment or engage in tax refund fraud. He says an increasing number of companies have also seen deepfakes in video job interviews.

“ Anything that requires folks to be online and which supports the opportunity of swapping faces with someone—that will be available and open for fraud to take advantage of,” Maimon says.

Part of the reason for this increase is that the barriers for creating deepfakes are getting lower. There are a lot of easily accessible AI tools that can generate realistic faces and a lot of tools that can animate those faces or create full-length videos out of them. Scammers often use images and videos of real people, deepfaked to slightly change their faces or alter what they’re saying, to target their loved ones or hijack their public influence.

Matt Groh, a professor of management at Northwestern University who researches people’s ability to detect deepfakes, says that point-and-click generative AI tools make it much easier to make small, believable changes to already-existing media.

“If there’s an image of you on the internet, that would be enough to manipulate a face to look like it’s saying something that you haven’t said before or doing something you haven’t done before,” Groh says.

It’s not just fake video that you need to be worried about. With a few clips of audio, it’s also possible to make a believable copy of somebody’s voice. One study in 2023 found that humans failed to detect deepfake audio over a quarter of the time.

“ Just a single image and five seconds of audio online mean that it’s definitely possible for a scammer to make some kind of realistic deepfake of you,” Groh says.

Deepfakes are becoming more pervasive in contexts other than outright scams. Social media has been flooded over the past year with AI-generated “influencers” stealing content from adult creators by deepfaking new faces onto their bodies and monetizing the resulting videos. Deepfakes have even bled over into geopolitics, like when the mayors of multiple European capital cities held video calls with a fake version of the mayor of Kyiv, Ukraine. People have started using deepfakes for personal reasons, like bringing back a dead relative or creating an avatar of a victim to testify in court.

So, if deepfakes are everywhere, how do you spot one? The answer is not technology. A number of technology companies, including OpenAI, have launched deepfake detection tools. Researchers have also proposed mechanisms to detect deepfakes based on things like light reflected in a person’s eyes or inconsistent facial movements, and have started investigating how to implement them in real time.

But those models often cannot reliably detect different kinds of AI fakes. OpenAI’s model, for example, is specifically designed only to report content generated with the company’s own Dall-E 3 tool but not other image generation models.

There’s also the risk that scammers can abuse AI detectors by repeatedly tweaking their content until it fools the software.

“ The major thing we have to understand is that the technology we have right now is not good enough to detect those deepfakes,” Maimon says. “ We’re still very much behind.”

For now, as video deepfakes get more popular, the best way to detect one relies on humans. Studies on deepfake detection show that people are best at distinguishing whether videos are real or fake, as opposed to just audio or text content, and are in some cases even better than leading detection models.

Groh’s team conducted one study which found that taking more time to determine whether an image was real or fake led to a significant increase in accuracy, by up to eight percentage points for just 10 seconds of viewing time.

“ This sounds almost so simple,” Groh says. “But if you spend just a couple extra seconds, that leads to way higher rates of being able to distinguish an image as real or fake. One of the ways for any regular person to just be a little bit less susceptible to a scam is to ask, ‘Does this look actually real?’ And if you just do that for a few extra seconds, we’re all going to be a little bit better off.”

Deepfakes’ popularity could be a double-edged sword for scammers, Groh says. The more widespread they are, the more people will be familiar with them and know what to look for.

That familiarity has paid off in some cases. Last summer, a Ferrari executive received a call from someone claiming to be the CEO of the company. The person convincingly emulated the CEO’s voice but abruptly hung up the call when the executive tried to verify their identity by asking what book the CEO had recommended just days earlier. The CEO of WPP, the world’s biggest advertising agency, was also unsuccessfully targeted by a similar deepfake scam.

“I think there’s a balancing act going on,” Groh says. “ We definitely have technology today that is generally hard for people to identify. But at the same time, once you know that there’s a point-and-click tool that allows you to transform one element into something else, everyone becomes a lot more skeptical.”

Deepfake Scams Are Distorting Reality Itself

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.

Mobile scams are becoming increasingly sophisticated, leaving people vulnerable to cybercriminals.  

We recently reported on the ever-increasing number of scams that are created by AI-supported tools, with attackers crafting highly convincing phishing emails that target both individuals and businesses, resulting in devastating financial losses, reputational damage, and compromised personal data.  

Elaborate sextortion scams manipulate victims by using shame as a tactic to coerce them into taking action, sometimes draining their life savings.  

And the list goes on. Scammers are always finding new ways to trick their victims into giving them their hard-earned money or sensitive information. 

These tactics include urging individuals to change their address information on a non-existent delivery, promoting job opportunities that just seem too good to be true, or having a long-lost family member reach out on WhatsApp to invite you to share their newfound fortune with you.  

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.  

Scam Guard simplifies scam prevention by providing real-time feedback via an easy-to-use AI-powered chat. Just submit a screenshot, paste suspicious content, or share texts and numbers, and we’ll give you immediate personalized guidance and safety tips. 

Scam Guard is unique in that it’s backed by Malwarebytes extensive threat research knowledge base, making it both effective and efficient.  

Whether users come across a suspicious message on social media, a phishing attempt in their email, or a questionable text message, Scam Guard provides immediate, expert advice to keep them secure. 

**Key features of Scam Guard**

*   **AI-powered chat companion**: An intuitive, mobile-first advisor available 24/7 that provides guidance to users on suspicious content or activities. 

*   **Comprehensive scam detection**: Scam Guard is trained to recognize various scams, including romance, phishing, financial fraud, text, robocall, and shipping fraud, helping you stay ahead of cybercriminals at all times.  

*   **Constantly evolving:** Scam Guard learns from users who submit new or unknown scams, which in turn helps protect the broader community.  

*   **24/7 support**: Scam Guard is available around the clock, ensuring that users receive timely advice and assistance, no matter where they are or what time it is. 

*   **Holistic mobile security**: Embedded within the Malwarebytes Mobile Security app, Scam Guard works alongside our all-in-one advanced protection for iOS and Android. 

Reporting suspicious content has never been easier—simply tap to submit right in the app.  

Scam Guard is available for both free and paid users of Malwarebytes Mobile Security (iOS and Android), without having to install an additional app.  

Try it out for yourself: Download Malwarebytes Mobile Security for iOS or Android.

 Scammers are constantly changing the game, but so are we. Introducing Malwarebytes Scam Guard 

Silver Spring, Maryland, 3rd June 2025, CyberNewsWire

**Silver Spring, Maryland, June 3rd, 2025, CyberNewsWire**

Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windows Server, Active Directory, Microsoft Entra ID, and Azure – while extending that same access model to third-party clouds, SaaS tools, and partner environments.

Modern infrastructure rarely lives in one place. While Microsoft technologies remain core to many enterprises, workloads routinely connect across trust boundaries – from on-prem infrastructure to Azure, AWS, Google Cloud, and external APIs.

As infrastructure shifts to the cloud, identity and access management across all these resources becomes increasingly fragmented and complex, especially for non-human entities such as applications, scripts, AI agents, and services. With this launch, Aembit enables a unified approach to secure workload access management across the Microsoft ecosystem and beyond, reducing operational complexity while improving visibility, automation, and risk posture.

> “Security teams require consistent enforcement across all environments – not different tools and rules for every platform,” said Kevin Sapp, co-founder and CTO of Aembit. “We built this integration to help enterprises modernize without compromise, providing policy-driven access across all Microsoft workloads, whether they run on-prem or in the cloud.”

With this launch, Aembit delivers:

*   **Consistent access control for non-human identities**: Teams can now centrally define and enforce access policies for applications, agents, and services across Windows Server, Active Directory, Microsoft Entra ID, and Azure. They can extend the same model to non-Microsoft resources such as AWS, GCP, or SaaS services.
*   **Accelerated cloud migrations without added risk**: As workloads move from on-prem to Azure, Aembit ensures their access remains secure, secretless, and aligned with zero trust principles.
*   **Elimination of static credentials**: By replacing long-lived secrets with short-lived, identity-based access, Aembit helps reduce attack surface and developer overhead.
*   **Unified visibility for audit and compliance**: All workload access is logged and attributed, making it easier to investigate incidents and meet compliance requirements across hybrid Microsoft environments.

These features build on Aembit’s mission to proactively secure access for the growing number of non-human identities operating across modern IT environments. Aembit replaces static credentials with just-in-time, identity-based access – helping builders move faster while giving security teams confidence in how workloads connect across hybrid environments.

Aembit is now available in the Azure Marketplace, making it easier for organizations to integrate workload IAM into their Microsoft-based infrastructure with familiar procurement workflows.

**About Aembit**

Aembit is the leading provider of workload identity and access management solutions, designed to secure non-human identities like applications, AI agents, and service accounts across on-premises, SaaS, cloud, and partner environments. Aembit’s no-code platform enables organizations to enforce access policies in real time, ensuring the security and integrity of critical infrastructure. Users can visit aembit.io and follow us on LinkedIn.

**Contact**

**Apurva Davé**  
**Aembit**  
**\[email protected\]**

Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities

The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…

The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering crypto scams. This move targets the backbone of fraudulent virtual currency investment platforms, aiming to protect Americans from billions in losses.

The US government has taken a major step to fight online financial scams, particularly those involving cryptocurrency. On May 29, 2025, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced strict financial penalties (sanctions) against Funnull Technology Inc.

This Philippines-based company and its administrator, Liu Lizhi, are accused of providing the essential tools and support for a huge number of fake online investment schemes. These widespread frauds, aka pig butchering scams, have already caused Americans to lose billions of dollars, and the government’s action aims to stop these criminals by cutting off their financial lifelines.

****Understanding Pig Butchering Scams****

Pig butchering refers to a sophisticated type of scam where criminals build trust with victims, often through social media or dating apps, over an extended period. Once a relationship is established, the scammers convince victims to invest in fake virtual currency platforms, promising high returns.  Victims are led to believe their investments are growing, only to find they cannot withdraw funds, and the scammers disappear, taking all their invested money.

Reportedly, in 2024, US citizens lost billions of dollars to these scams, with Funnull-linked operations being responsible for over $200 million in reported losses. The average individual loss for victims linked to Funnull’s network was over $150,000.

Source: Chainalysis

****Funnull Technology’s Role****

Reportedly, Funnull Technology Inc. was a key player in fraudulent activities by buying large numbers of IP addresses from global cloud service providers and selling them to cybercriminals. This allowed them to create fake websites that resembled legitimate investment platforms. Funnull also provided web design templates and used domain generation algorithms to create similar website names.

Source: Chainalysis

In 2024, Funnull acquired web development code and used it to redirect visitors to scam and online gambling sites, some connected to Chinese criminal money laundering. Liu Lizhi, a Chinese national, managed Funnull’s daily operations, overseeing tasks like assigning domain names for fraud, phishing, and illegal gambling sites.

****Consequences of the Sanctions****

OFAC’s sanctions included two cryptocurrency addresses, Ethereum and TRON, likely used for Funnull’s services. These addresses are linked to other illicit financial activities, including Huione Pay, a company identified by FinCEN (Financial Crimes Enforcement Network) as a primary money laundering concern. The FBI has issued a cybersecurity advisory (PDF) to help the private sector identify and remove websites linked to Funnull.

As a result of these sanctions, all property and assets of Funnull and Liu Lizhi within the United States or under US control are blocked. Additionally, US individuals and companies are prohibited from doing business with them and any entity owned 50% or more by Funnull or Liu. The public is encouraged to report any online scams or illegal activities to the FBI’s Internet Crime Complaint Center (IC3).

US Sanctions Philippines’ Funnull Technology Over $200M Crypto Scam

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.
"The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.

'Everest Group' Extorts Global Orgs via SAP's HR Tool

Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.

Thursday, May 29, 2025 14:00

Welcome to this week’s edition of the Threat Source newsletter. 

In the words of Game Changer host Sam Reich, “And your host, me! I’ve been here the whole time!”  

Okay, maybe it’s not the whole time, but for the past three months, I've been settling into my role here at Cisco Talos. Editing blogs, writing and publishing social media posts, and organizing this newsletter every week — I've been working behind the scenes to ensure everything runs smoothly and delivers the most helpful information to the cybersecurity community. 

I often get raised eyebrows when I mention that, prior to my last job as a technical writer, I had never worked in STEM. I don't blame them, because how could someone who had never opened Terminal (and admittedly, up until last month sometimes forgot what it was called) end up with a job offer from Talos? 

My college degree is in anthropology, or the study of humans and culture, past and present. Though my niche research interest was/is Malaysian culture, LGBTQ+ history, and politics (even getting a research grant to travel to peninsular Malaysia for a month), my first career out of college was fundraising for a homeless services nonprofit in Arlington, Virginia. After I moved to another state, I held a content writing position at a startup, where I wrote fundraising letters and emails for a portfolio of over 200 nonprofits.

Learning the four-string Malaysian sape’. 

While I felt invested in these organizations' missions, I began to feel understimulated. I craved a career that would build on my experiences and skills while giving me the chance to learn and grow in new, exciting ways. While searching for new jobs on LinkedIn, I happened upon a nearby physical layer encryption startup that was seeking a technical writer. I had no clue what the physical layer even was, so I was grateful when they took a chance on hiring me. I found that my background in anthropological research, as well as my ability to adapt content for a lot of different audiences, became a huge asset in technical writing. 

I’ve always said that if I could magically be paid to go to school forever, I would. Technical writing (and its cousins, like my current position) is as close as I can get! After I joined Talos, I found that people here are incredibly kind and very patient. Like Jon Munshaw, the person who held this role before me, my favorite question to Talos researchers is “Can you explain this to me like I’m your grandmother?” Not only does it help me grasp the concepts they're sharing, but it also helps me find the clearest way to communicate them. 

Talosians are brilliant people, and I’m only human, so it’s easy to feel like you don't belong when you don’t have a STEM background. In a recent moment of doubt, I remembered that Joe had published a newsletter introduction about imposter syndrome two days after I started at Talos. One line stuck out to me: “You are where you are because others saw value in your work.” 

As I took in the sentence, I realized that it was entirely true. If there's one thing that I’ve learned over the past few months, it’s that everyone you meet has something to teach and everyone has something to learn. Our collective knowledge and experience are gifts we share with one another. I hope that the content I edit and produce will bring value to you. 

So what kind of content will I bring to this newsletter? You can expect intros that aren't just informative, but also relatable and engaging. They may even remind you of your beginnings in cybersecurity. I'll make complex topics feel accessible, highlight the human side of cybersecurity, and share insights that help the community grow stronger. 

At the end of the day, our work isn't just about threats, but about the humans working tirelessly to defend against them.

**The one big thing **

Talos has identified threats disguised as legitimate AI solution installers, including ransomware like CyberLock and Lucky\_Gh0$t, and a destructive malware called Numero. These threats highlight how malicious actors are leveraging the rise of AI to distribute harmful software. 

**Why do I care? **

Cybercriminals are targeting the trust and excitement around AI tools to deliver malware, which could affect anyone looking to adopt AI for personal or business use, putting their systems and data at risk. Understanding these threats helps you stay vigilant and avoid falling victim to such deceptive tactics. 

**So now what? **

Snort SIDs and ClamAV detections are available at the bottom of the blog post. Otherwise, always verify the source of any AI tools or software before downloading, use trusted cybersecurity solutions to protect your systems, and stay informed about emerging threats by keeping up with updates from reliable sources like Cisco Talos.

**Top security headlines of the week **

**MathWorks, Creator of MATLAB, Confirms Ransomware Attack**   
The attack dirsupted MathWorks' systems and online applications, but it remains unclear which ransomware group targeted the software company and whether they stole any data. (DarkReading) 

**Deepfakes, Scams, and the Age of Paranoia**   
This hit home, both as a jobseeker within the past year and a young(er) person who’s worried about her parents’ security. I may be able to parse AI portraits with six fingers and hair phasing through their clothes, but have you ever seen a convincing deepfake? Phew. (Wired) 

**Companies Warned of Commvault Vulnerability Exploitation**   
CISA says that the ongoing exploitation of a Commvault vulnerability that was targeted as a zero-day is likely part of a broader campaign against software-as-a-service (SaaS) solutions. (SecurityWeek) 

**US student agrees to plead guilty to hack affecting tens of millions of students**  
A Massachusetts student has agreed to plead guilty to federal charges relating to hacking and extorting one of the largest U.S. education tech companies. PI included names, addresses, phone numbers, Social Security numbers, medical information, and school grades. (TechCrunch)

**Can’t get enough Talos? **

**UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware**  
Talos has found intrusions in enterprise networks of local governing bodies in the United States (U.S.), beginning January 2025 when initial exploitation first took place. **Read the blog here.**

**The day I found an APT group in the most unlikely place**   
In this Dark Reading Confidential episode, Talosian Vitor Ventura shares stories about the tricks he used to track down APTs, and the surprises discovered along the way. **Listen to the podcast here.**

**Upcoming events where you can find Talos **

*   Cisco Live U.S. (June 8 – 12) San Diego, CA 
*   NIRMA (July 28 – 30) St. Augustine, FL 
*   Black Hat USA (Aug. 2 - 7) Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**   
MD5: 2915b3f8b703eb744fc54c81f4a9c67f   
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507    
Typical Filename: VID001.exe   
Claimed Product: N/A   
Detection Name: Win.Worm.Coinminer::1201 

**SHA 256: 59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa**   
MD5: df11b3105df8d7c70e7b501e210e3cc3   
VirusTotal: https://www.virustotal.com/gui/file/59f1e69b68de4839c65b6e6d39ac7a272e2611ec1ed1bf73a4f455e2ca20eeaa   
Typical Filename: DOC001.exe   
Claimed Product: N/A   
Detection Name: Win.Worm.Coinminer::1201 

**SHA256:3294df8e416f72225ab1ccf0ed0390134604bc747d60c36fbb8270f96732e341**   
MD5: b6bc3353a164b35f5b815fc1c429eaab   
VirusTotal: https://www.virustotal.com/gui/file/3294df8e416f72225ab1ccf0ed0390134604bc747d60c36fbb8270f96732e341   
Typical Filename: b6bc3353a164b35f5b815fc1c429eaab.msi   
Claimed Product: n/a    
Detection Name: Simple\_Custom\_Detection 

**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91**     
MD5: 7bdbd180c081fa63ca94f9c22c457376    
VirusTotal: https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91   
Typical Filename: c0dwjdi6a.dll    
Claimed Product: N/A     
Detection Name: Trojan.GenericKD.33515991

Tag

#sap