Fintech
ThreatsDay Bulletin: $15B Crypto Crackdown, Sky Spying, Billion-Dollar Scams & Android RATs
Crypto Empire Exposed: $15B Scam Network Busted
U.S. authorities have seized over $15 billion in cryptocurrency from the Prince Group, a sprawling crime syndicate that ran forced-labor scam compounds across Southeast Asia. These operations, often posing as investment schemes, enslaved workers to run romance and crypto scams that defrauded victims worldwide. The DOJ linked the empire to CEO Chen Zhi, now at large. The group’s assets included casinos, luxury hotels, and even a Picasso painting — all allegedly purchased with stolen funds.
WhatsApp Trojan Spreads Banking Theft in Brazil
A new malware strain dubbed Maverick is hijacking WhatsApp accounts in Brazil through malicious messages. According to Kaspersky, the trojan checks system settings to ensure victims are Brazilian before stealing banking credentials, crypto logins, and more. Over 62,000 infections were blocked within 10 days — proof of how fast these digital worms can move through trusted apps.
Satellite Signals Leak Sensitive Data
Researchers have uncovered a startling security gap: unencrypted satellite transmissions from U.S. military, telecom, and corporate networks are leaking private calls, texts, and government communications. Using just a few hundred dollars’ worth of hardware, anyone could eavesdrop on unprotected signals. The study has already pushed some providers, like T-Mobile, to encrypt their traffic.
Legacy Windows Flaw Fuels Credential Theft
Old Windows networking protocols like LLMNR and NBT-NS are being exploited again to steal credentials without exploiting any vulnerabilities. Attackers on the same network can trick systems into handing over authentication data simply by responding to hostname requests. Experts recommend disabling these protocols and enforcing secure authentication like Kerberos.
Unity Site Compromised in Payment Skimmer Attack
Game development firm Unity Technologies confirmed a breach in its SpeedTree site checkout system that stole payment data from hundreds of users. The malicious code was discovered in late August and has since been removed. Affected users are being offered credit monitoring and identity protection.
Smishing Schemes Steal Over $1 Billion from Americans
Fake SMS messages about deliveries and toll payments are fueling a massive fraud campaign run by Chinese cybercriminals. Using SIM farms and Telegram phishing kits, these groups have stolen billions by tricking users into revealing their card details — which are then used for illegal purchases in the U.S. and Asia. Authorities report up to 330,000 fake messages sent in a single day.
Mac Users Hit by Fake Homebrew Installers
Cybercriminals are cloning the official Homebrew site to trick macOS users into installing stealer malware. The fake pages inject malicious clipboard commands during installation, quietly deploying the Odyssey Stealer. It’s another reminder that even trusted open-source tools can be weaponized.
Nation-State Hacks Surge in the U.K.
The U.K. has reported a 130% increase in major cyber incidents, including a decade-long Chinese espionage campaign that breached government networks. Stolen data included confidential policy documents and diplomatic communications — a stark sign of how deeply state actors are embedding themselves in critical systems.
Linux Systems Exposed by Firmware Flaws
More than 200,000 Framework laptops shipped with signed UEFI components that could let attackers install persistent bootkits. The flaw, dubbed BombShell, could bypass Secure Boot and survive OS reinstalls. Firmware patches have since been released to close the hole.
Phishing in Colombia Drops AsyncRAT
A phishing wave in Colombia is delivering the AsyncRAT malware through fake court notifications. Victims receive deceptive emails with SVG attachments that lead to downloads triggering a chain of payloads, giving attackers remote access and control.
Google Tightens Defenses Against Scams
Google has rolled out new protections in Google Messages to block malicious links, improve account recovery via mobile number login, and introduce Key Verifier to ensure chat authenticity. These measures aim to reduce phishing and account hijacks without compromising user convenience.
Fake Shipping Emails Spread Malware Loader
The PhantomVAI Loader is spreading through phishing campaigns disguised as shipment notifications. Once opened, the loader drops multiple malware types including AsyncRAT and XWorm. It’s part of a growing “malware-as-a-service” industry sold openly on underground forums.
Whisper 2FA: The Next-Gen Phishing Kit
The new Whisper 2FA phishing toolkit has already been linked to nearly one million attacks targeting Microsoft accounts. It steals multi-factor authentication tokens in real time, enabling full account compromise even when MFA is active. Experts warn that static defenses are no longer enough — layered security is now essential.
Lapsus$ Teen Hackers Announce Hiatus
The teenage extortion group Scattered Lapsus$ Hunters says it’s “going dark” until 2026 following an FBI takedown of its leak site. Before disappearing, the crew leaked stolen data from major global companies, promising they’d return “with wrath.”
Criminals Abuse Legitimate Remote Tools
Threat actors are increasingly hijacking legitimate remote monitoring and management (RMM) tools such as AnyDesk and ScreenConnect to gain network access. By sending fake login alerts, attackers trick victims into installing the same software IT teams use, turning trusted utilities into stealth control panels.
1,400 Fake Crypto Sites Taken Down
Authorities in Germany and Bulgaria have seized over 1,400 domains tied to fraudulent crypto trading platforms. Victims were lured into fake investments before the sites vanished with their funds. Over 866,000 access attempts were logged even after the shutdown, showing how widespread the scams were.
NVIDIA Fixes Dangerous Linux Driver Bugs
NVIDIA patched two severe vulnerabilities in its Linux drivers that could allow local privilege escalation and full system compromise. The flaws, found by Quarkslab, were reported with working proof-of-concept exploits but have since been mitigated in the latest update.
Android RATs Evolve with Builder Tools
Two new Android remote access trojans, GhostBat and HyperRat, are spreading across India. Both steal sensitive data, capture screens, and allow full device control. They also feature builder tools for custom APK generation and mass phishing, marking a dangerous shift toward “DIY cybercrime.”
Brazil Busts $540M Crypto Laundering Ring
Brazilian authorities dismantled a network accused of laundering nearly $540 million through cryptocurrency. The group allegedly moved over $9 billion in illicit funds from drug trafficking and tax evasion into digital assets to conceal their origins.
Hackers Exploit AWS X-Ray for Covert Control
Security researchers found that Amazon’s AWS X-Ray can be repurposed as a stealth command-and-control system. Attackers can hide malicious instructions inside X-Ray’s trace logs and use AWS APIs to control infected systems without detection — a concerning example of cloud tools being weaponized.
Adobe Experience Manager Vulnerabilities Patched
Adobe fixed seven flaws in its Experience Manager platform that could allow unauthorized data access and feature bypass. There’s no sign of active exploitation, but companies are urged to update immediately.
Google Settles Facial Recognition Privacy Case
Google has settled a lawsuit over the use of an open-source dataset called Diversity in Faces, which allegedly included Illinois residents’ biometric data without consent. The case, filed under the state’s Biometric Information Privacy Act, mirrors similar lawsuits against Amazon and Microsoft.
Illicit Crypto Holdings Exceed $75 Billion
According to Chainalysis, wallets tied to criminal activity now hold more than $75 billion in cryptocurrency. Of that, $40 billion sits in darknet market accounts, further proof that digital assets remain a prime tool for laundering and concealment.
The Line Between Safe and Exposed Is Thinner Than Ever
Cybercrime has evolved from isolated attacks to a global, organized industry. Staying safe isn’t about chasing every alert — it’s about awareness, education, and caution. Every click, connection, or convenience comes with a choice: safety or exposure. Build security into your habits — because online, safety isn’t assumed, it’s earned.
