The United Arab Emirates expects its digital dirham central bank digital currency to roll out in the fourth quarter of 2025. 

According to a report in the Khaleej Times, Central Bank of the UAE Governor Khaled Mohamed Balama reportedly said that the blockchain-based currency could improve financial stability and help combat financial crime. According to the report, the retail sector could expect the issuance of a digital dirham in the last quarter of 2025. 

“It [digital dirham] will further enable the development of innovative digital products, services, and new business models while reducing cost and increasing access to international markets,” Balama reportedly said.

The report also stated that the digital dirham and its physical counterpart will be accepted as a payment method in all payment channels. 

The news comes as the digital dirham received a rebrand. The first letter of the dirham will be its international symbol, along with two horizontal lines representing the currency’s stability, inspired by the UAE flag. 

The road to digital dirhams in the UAE

In June 2024, the CBUAE approved a licensing framework for regulating stablecoins. In a meeting with the CBUAE board of directors in Abu Dhabi, UAE officials discussed the government’s financial infrastructure program and approved the framework. The new rules clarified the issuance, licensing and supervision of payment tokens backed by the UAE dirham. 

Following the framework’s approval, stablecoin issuer Tether announced its plans to launch a dirham-backed stablecoin with local partners Phoenix Group and Green Acorn Investments. The collaboration aims to establish a fully-backed digital representation of the UAE dirham currency. 

After the framework approval, other players joined the race to create a dirham-backed stablecoin. On Oct. 18, 2024, a company called AED Stablecoin received in-principle approval for issuing a regulated dirham-pegged stablecoin in the UAE.  

On Nov. 1, The Open Network (TON) announced that Tether’s dirham-pegged stablecoin will be launched on its blockchain network. 

Related: Abu Dhabi’s financial free zone signs MoU with Chainlink for tokenization frameworks

Stablecoins in the UAE

Apart from dirham-backed stablecoins, US dollar and euro stablecoins have also gained traction in the country. 

On Feb. 24, the Dubai Financial Services Authority, the independent regulator for the Dubai International Financial Centre (DIFC), recognized Circle’s USDC and EURC as the first stablecoins under its crypto token regime. 

Meanwhile, a Ripple spokesperson previously told Cointelegraph that the company is working to understand the country’s stablecoin requirements. The spokesperson said they are monitoring the developments closely and that their RLUSD stablecoin is available in the UAE. 

Magazine: The 1 true sign an NFT bull market is back on: Wale, NFT Collector

Opinion by: Jimmy Su, Binance chief security officer

The threat of InfoStealer malware is on the rise, targeting people and organizations across digital finance and far beyond. InfoStealers are a category of malware designed to extract sensitive data from infected devices without the victim’s knowledge. This includes passwords, session cookies, crypto wallet details and other valuable personal information.

According to Kaspersky, these malware campaigns leaked over 2 million bank card details last year. And that number is only growing.

Malware-as-a-service

These tools are widely available via the malware-as-a-service model. Cybercriminals can access advanced malware platforms that offer dashboards, technical support and automatic data exfiltration to command-and-control servers for a subscription fee. Once stolen, data is sold on dark web forums, Telegram channels or private marketplaces.

The damage from an InfoStealer infection can go far beyond a single compromised account. Leaked credentials can lead to identity theft, financial fraud and unauthorized access to other services, especially when credentials are reused across platforms.

Recent: Darkweb actors claim to have over 100K of Gemini, Binance user info

Binance’s internal data echoes this trend. In the past few months, we’ve identified a significant uptick in the number of users whose credentials or session data appear to have been compromised by InfoStealer infections. These infections don’t originate from Binance but affect personal devices where credentials are saved in browsers or auto-filled into websites.

Distribution vectors

InfoStealer malware is often distributed via phishing campaigns, malicious ads, trojan software or fake browser extensions. Once on a device, it scans for stored credentials and transmits them to the attacker.

The common distribution vectors include:

• Phishing emails with malicious attachments or links.

• Fake downloads or software from unofficial app stores.

• Game mods and cracked applications are shared via Discord or Telegram.

• Malicious browser extensions or add-ons.

• Compromised websites that silently install malware (drive-by downloads).

Once active, InfoStealers can extract browser-stored passwords, autofill entries, clipboard data (including crypto wallet addresses) and even session tokens that allow attackers to impersonate users without knowing their login credentials.

What to watch out for 

Some signs that might suggest an InfoStealer infection on your device:

• Unusual notifications or extensions appearing in your browser.

• Unauthorized login alerts or unusual account activity.

• Unexpected changes to security settings or passwords.

• Sudden slowdowns in system performance.

A breakdown of InfoStealer malware

Over the past 90 days, Binance has observed several prominent InfoStealer malware variants targeting Windows and macOS users. RedLine, LummaC2, Vidar and AsyncRAT have been particularly prevalent for Windows users. 

• RedLine Stealer is known for gathering login credentials and crypto-related information from browsers.

• LummaC2 is a rapidly evolving threat with integrated techniques to bypass modern browser protections such as app-bound encryption. It can now steal cookies and crypto wallet details in real-time.

• Vidar Stealer focuses on exfiltrating data from browsers and local applications, with a notable ability to capture crypto wallet credentials.

• AsyncRAT enables attackers to monitor victims remotely by logging keystrokes, capturing screenshots and deploying additional payloads. Recently, cybercriminals have repurposed AsyncRAT for crypto-related attacks, harvesting credentials and system data from compromised Windows machines.

For macOS users, Atomic Stealer has emerged as a significant threat. This stealer can extract infected devices’ credentials, browser data and cryptocurrency wallet information. Distributed via stealer-as-a-service channels, Atomic Stealer exploits native AppleScript for data collection, posing a substantial risk to individual users and organizations using macOS. Other notable variants targeting macOS include Poseidon and Banshee.

At Binance, we respond to these threats by monitoring dark web marketplaces and forums for leaked user data, alerting affected users, initiating password resets, revoking compromised sessions and offering clear guidance on device security and malware removal.

Our infrastructure remains secure, but credential theft from infected personal devices is an external risk we all face. This makes user education and cyber hygiene more critical than ever.

We urge users and the crypto community to be vigilant to prevent these threats by using antivirus and anti-malware tools and running regular scans. Some reputable free tools include Malwarebytes, Bitdefender, Kaspersky, McAfee, Norton, Avast and Windows Defender. For macOS users, consider using the Objective-See suite of anti-malware tools. 

Lite scans typically don’t work well since most malware self-deletes the first-stage files from the initial infection. Always run a full disk scan to ensure thorough protection.

Here are some practical steps you can take to reduce your exposure to this and many other cybersecurity threats:

• Enable two-factor authentication (2FA) using an authenticator app or hardware key.

• Avoid saving passwords in your browser. Consider using a dedicated password manager.

• Download software and apps only from official sources.

• Keep your operating system, browser and all applications up to date.

• Periodically review authorized devices in your Binance account and remove unfamiliar entries.

• Use withdrawal address whitelisting to limit where funds can be sent.

• Avoid using public or unsecured WiFi networks when accessing sensitive accounts.

• Use unique credentials for each account and update them regularly.

• Follow security updates and best practices from Binance and other trusted sources.

• Immediately change passwords, lock accounts and report through official Binance support channels if malware infection is suspected.

The growing prominence of the InfoStealer threat is a reminder of how advanced and widespread cyberattacks have become. While Binance continues to invest heavily in platform security and dark web monitoring, protecting your funds and personal data requires action on both sides.

Stay informed, adopt security habits and maintain clean devices to significantly reduce your exposure to threats like InfoStealer malware.

Opinion by: Jimmy Su, Binance chief security officer.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.