Threat actors are breaching Coinbase accounts through a phishing campaign, bypassing two-factor authentication (2FA) to steal from users’ crypto balances. They use spoofed emails imitating Coinbase and a variety of underhanded tactics to gain credentials and control over accounts. An advanced structure lets them utilize 2FA relay methods to bypass Coinbase’s multi-factor authentication. The stolen funds are then dispersed through multiple transactions across ‘burner’ accounts in an attempt to hide their trail.
New KoiLoader Abuses Powershell Scripts to Deliver Malicious Payload
Researchers have uncovered a new strain of the advanced KoiLoader malware, believed to be distributed through phishing emails posing as bank statements. The malware employs
