Crypto news

20.06.2026
07:20

Cyber threats of the week: USB worm targets crypto wallets, Apple closes dangerous vulnerability in Beats Studio Buds

security_new1

Over the past week, several significant events in cybersecurity have directly impacted the interests of digital asset holders. Let's break down the key threats that require immediate attention.

Evolution of CryptoClippers: Fake Reputation and Self-Propagating Worms

Attackers are actively adopting new social engineering methods to deploy malware that steals cryptocurrency. Particularly alarming is a campaign where hackers created an entire "reputation economy" on GitHub, YouTube, and other platforms. Using a network of fake accounts and AI-generated content, they promote fraudulent trading tools, disguising a Rust-based clipper underneath. This malware monitors the clipboard and instantly replaces copied wallet addresses with the attackers' details.

Even more dangerous is a new USB worm discovered by experts. It spreads through hidden Windows shortcuts on flash drives. Once in the system, the virus hides the user's original documents and replaces them with malicious shortcuts. Each time the victim tries to open a file, code activates that scans the clipboard for BIP39 seed phrases and addresses of Bitcoin, Ethereum, Tron, and Monero wallets. The worm uses the Tor network to communicate with its command server, making detection extremely difficult.

South Korea Strikes Back at Cryptocurrency Money Laundering

South Korean law enforcement conducted a large-scale operation, detaining 23 suspects involved in laundering money for a Cambodian phishing syndicate. The investigation found that since February 2024, the criminal group moved approximately 11.1 million USDT through a network of 11,300 different accounts on domestic and foreign exchanges. The total amount of stolen funds is estimated at $17 million. The group's organizer remains at large, and an international arrest warrant has been issued.

New Android Trojan Rokarolla and Vulnerability in Beats Studio Buds

Zimperium researchers discovered a powerful Android trojan, Rokarolla, capable of fully taking control of a device. It spreads through fake websites, masquerading as installers for popular apps. Once it gains access to "Accessibility Services," the trojan disables Google Play Protect, intercepts PIN codes, SMS messages, and replaces wallet addresses in the clipboard. Its ability to block incoming calls from bank anti-fraud systems poses a particular danger.

Additionally, Apple released an emergency firmware update for Beats Studio Buds, fixing a critical vulnerability, CVE-2025-20701. The flaw allowed hackers within Bluetooth range to connect to the headphones without authentication and activate the built-in microphone for eavesdropping. The vulnerability also enabled data interception and device memory manipulation.

My comment: We are witnessing a qualitative leap in cybercriminal tactics. The use of "reputation networks" and self-propagating worms is a worrying trend. Cryptocurrency owners need to rethink their habits: do not blindly trust ratings on GitHub, use hardware wallets to store large sums, and regularly check for suspicious background activity on their computers.