DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.
This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
August 11, 2020
The August batch of Patch Tuesday updates includes 120 updates for the Microsoft suite, with 17 fixes rated as Critical, and the remaining 103 ranked as Important. CVE-2020-1380 is a critical Internet Explorer (IE) vulnerability that can be abused for remote code execution (RCE), while CVE-2020-1464 is a Windows 10 security gap that can be ...
- Avaddon ransomware launches data leak site to extort victims
August 10, 2020
Avaddon ransomware is the latest cybercrime operation to launch a data leak site that will be used to publish the stolen data of victims who do not pay a ransom demand. Since the Maze operators began publicly leaking files stolen in ransomware attacks, other operations soon followed suit and began creating data leak sites to publish ...
- Upgraded Agent Tesla malware steals passwords from browsers, VPNs
August 10, 2020
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based infostealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is ...
- A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks
August 10, 2020
Since January 2020, a mysterious threat actor has been adding servers to the Tor network in order to perform SSL stripping attacks on users accessing cryptocurrency-related sites through the Tor Browser. The group has been so prodigious and persistent in their attacks, that by May 2020, they ran a quarter of all Tor exit relays — ...
- TeamViewer Flaw in Windows App Allows Password-Cracking
August 10, 2020
Popular remote-support software TeamViewer has patched a high-severity flaw in its desktop app for Windows. If exploited, the flaw could allow remote, unauthenticated attackers to execute code on users’ systems or crack their TeamViewer passwords. TeamViewer is a proprietary software application used by businesses for remote-control functionalities, desktop sharing, online meetings, web conferencing and file transfer ...
- Google Chrome Browser Bug Exposes Billions of Users to Data Theft
August 10, 2020
A vulnerability in Google’s Chromium-based browsers would allow attackers to bypass the Content Security Policy (CSP) on websites, in order to steal data and execute rogue code. The bug (CVE-2020-6519) is found in Chrome, Opera and Edge, on Windows, Mac and Android – potentially affecting billions of web users, according to PerimeterX cybersecurity researcher Gal Weizman. ...