paint-brush
5 Crypto-Stealing Malware Threats: How to Stay Safe and Awareby@obyte
992 reads
992 reads

5 Crypto-Stealing Malware Threats: How to Stay Safe and Aware

by ObyteAugust 18th, 2023
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

The rise of digital assets has led to the emergence of crypto-stealing malware targeting users' devices to exploit vulnerabilities and steal their cryptocurrency. Ransomware encrypts files and demands cryptocurrency ransom; malicious browser extensions secretly collect sensitive information; clippers divert funds by replacing wallet addresses; cryptojacking hijacks devices for mining; remote access Trojans (RATs) grant unauthorized access. To protect against these threats, users should use reputable security software, download from trusted sources, enable 2FA, stay updated, and use offline wallets. Avoid public Wi-Fi, be wary of phishing and extensions, and stay informed to ensure a secure crypto experience.

People Mentioned

Mention Thumbnail
featured image - 5 Crypto-Stealing Malware Threats: How to Stay Safe and Aware
Obyte HackerNoon profile picture


The rise of digital assets has not only attracted legitimate investors but also cybercriminals seeking to exploit vulnerabilities in the ecosystem. Crypto-stealing malware has emerged as a significant threat, capable of infiltrating users' devices and siphoning off their hard-earned digital wealth.


This malicious software comes in various forms, each with its distinct capabilities and methods of attack. As the crypto landscape continues to grow, staying informed about potential risks is vital to protect oneself from falling victim to these insidious attacks.


In this overview, we will highlight five of the most concerning crypto-stealing malware types that users should be aware of to safeguard their funds and personal information. In the end, we’ll share some useful tips to protect yourself from them.


Ransomware

From “ransom” + “malware”, the name describes this threat very well. It’s a type of malicious software that encrypts a victim's files or locks them out of their computer, making them inaccessible. The attackers then demand a ransom, usually in cryptocurrency, in exchange for providing the decryption key or unlocking the compromised system. It's a cyber-extortion technique that aims to coerce victims into paying to regain access to their data or device.


Imagine receiving an email with an enticing link, and upon clicking it, your computer screen freezes, and a pop-up message appears, stating that all your files are encrypted and inaccessible. The message demands you pay a specific amount within a set time frame to receive the decryption key. This scenario illustrates how ransomware can hold your personal or business data hostage until you meet the attacker's financial demands.



Jigsaw ransomware note by Bleeping Computer

According to Chainalysis, “[this] is the only form of cryptocurrency-based crime on pace to grow in 2023, with attackers having extorted $175.8 million more than they did at the same time in 2022.” Ransomware is being especially targeted at businesses worldwide, for which every ransom could raise millions by itself —if the victim decides to pay.


Common distribution methods (or ways how you could catch it) are phishing (impersonation), malicious ads, and pirated software. In the case of businesses, the attacks are mostly targeted and thoroughly planned.


Malicious browser extensions

Browser extensions are software add-ons or plugins that users can install in their web browsers to enhance functionality or improve their online experience. However, some extensions are created with malicious intent, seeking to exploit users' browsing activities for nefarious purposes.


For instance, imagine you install a seemingly helpful cryptocurrency price-checking extension in your browser. Unbeknownst to you, this extension is malicious, and once installed, it gains access to your browsing history, allowing it to monitor your crypto transactions. When you log in to your crypto exchange or wallet, the extension covertly collects your sensitive information, including login credentials and private keys, and sends it to the attacker —who is now able to empty your wallet.



Rilide campaigns identified by Trustwave



We have a case in the wild right now, indeed. Security researchershave discovered a new malicious browser extension called Rilide, targeting Chromium-based browsers like Google Chrome, Brave, Opera, and Microsoft Edge. The malware monitors browser activity, takes screenshots, and steals cryptocurrency through injected scripts on web pages. It mimics benign Google Drive extensions to evade detection.


The malware was distributed through two separate campaigns, using Google Ads and Aurora Stealer or the Ekipa remote access trojan (RAT) to load the extension. Rilide bypasses two-factor authentication (2FA) by deceiving victims with forged dialogs to enter their temporary codes, enabling the automatic processing of cryptocurrency withdrawal requests. It’s probably time to check your browser extensions in more detail.


Clippers

This is a type of malicious software designed to target cryptocurrency transactions and steal digital assets. It operates by replacing the recipient's wallet address with that of the attacker when the user copies and pastes the destination address during a transaction. As a result, the funds meant to be sent to the legitimate recipient are diverted to the hacker's wallet. All of this without noticeable symptoms, until it’s too late.


Imagine you are about to make a cryptocurrency payment to a friend for a recent purchase. As you copy and paste your friend's wallet address into the payment field, unbeknownst to you, clipper malware is secretly active on your device. The malware detects the copied address because it’s capable of identifying that particular string of characters. It replaces it with the attacker's address, and you unknowingly send your funds to the hacker instead of your friend.


Malicious campaign of MortalKombat and Laplas identified by Talos
Several “brands” of clippers are in the wild now, hunting victims online. One of them is ajoint campaign between the Laplas Clipper and the MortalKombat ransomware. The infection starts when a victim falls for a fake email from CoinPayments or another crypto company, clicks on their malicious links, and downloads one of the two surprises: the clipper or the ransomware. Most victims are from the USA, but it’s also affecting the UK, Turkey, and the Philippines.



Cryptojacking

This one doesn’t steal funds directly but uses your devices without your knowledge and profits from it —without giving you anything and likely causing some issues in the process. A cryptojacking software secretly takes control of a victim's computer or device, using its processing power to mine cryptocurrencies without the user's permission. The malware exploits the victim's resources to perform the complex calculations required for cryptocurrency mining, benefiting the attackers at the victim's expense.


For example, while browsing the Internet or after a download, you may notice that your computer becomes sluggish, and the fan starts working more than usual. This unexpected slowdown occurs because cryptojacking malware has infected your system when you visited a compromised website. So, you could experience reduced performance and increased electricity consumption, while the attackers illicitly benefit from the cryptocurrency mining using your computer's processing power.



Cryptojacking volume by SonicWall


It's worse in the case of mobile devices, which can suffer overheating and damage to hardware components. Sadly, as discovered bySonicWall, “332 million of cryptojacking attacks were recorded in the first half of 2023 globally —a record-breaking 399% increase over the last year.”


Average victims can be reached through pirated apps and infected websites, but attackers are also targeting cloud services and servers to secretly mine Monero (XMR) and Dero (DERO). Most hits have been identified in North America and Europe, especially in the United States, Canada, Denmark, Germany, and France.


Remote Access Trojan (RATs)

The old story about the Trojan horse has been replicated by cybercriminals today. A Remote Access Trojan (RAT) is a type of disguised malware that allows hackers to gain unauthorized access and control over a victim's computer or device from a remote location. Once installed, the RAT enables hackers to perform various malicious activities, such as stealing sensitive information, monitoring user behavior, and executing commands without the victim's knowledge.


For instance, you could download a seemingly innocent software update for your cryptocurrency wallet. However, the update contains a hidden RAT. Once installed, the RAT grants remote access to the attacker, who can now monitor your crypto transactions and access your wallet's private keys. With this unauthorized access, the hacker can quietly transfer your digital assets to their own wallet, effectively stealing your funds. It really emphasizes the importance of downloading software only from trusted sources to protect against RATs and other cyber threats.



Some icons used by Chameleon. Image by Cyble
Lately, a new variation of this type of malware has been named “Chameleon” by the cybersecurity firm Cyble. It poses as popular crypto app on Android devices, including crypto exchanges. Once installed by clueless victims, the Chameleon can read every keystroke (keylogger), show a fake screen (overlay attack), and steal important data like SMS texts, passwords, and cookies. Of course, they can steal cryptocurrencies this way.



How to protect yourself against crypto-stealing malware

Cybercriminals won’t disappear any time soon, therefore, it’s on us to protect our funds. This, of course, includes all the Obyte users, also vulnerable to crypto-malware attacks. It’s not that hard, and you can apply some simple tips to do it.


  • Use Reputable Security Software:Install and regularly update reputable antivirus and anti-malware software on all your devices. These tools can detect and remove crypto-stealing malware before it causes harm.
  • Download from Trusted Sources:Only download cryptocurrency wallets, apps, and extensions from official websites or trusted app stores. Avoid clicking on suspicious links or downloading software from unknown sources.
  • Keep Software Updated:Regularly update your operating system, web browsers, and all applications to patch vulnerabilities that attackers might exploit.
  • Enable Passwords and Two-Factor Authentication (2FA): Enable 2FA whenever possible, especially for cryptocurrency exchange accounts and wallets. 2FA adds an extra layer of protection against unauthorized access. You can do this in Obyte by creating your own multi-signature account to be opened from several devices. It’s also important to set up secure passwords whenever possible. The Obyte wallet offers this feature too.



  • Use offline wallets / text coins for crypto storage: Offline wallets, also known as cold wallets, enhance crypto security by storing digital assets offline, isolating them from online threats like hacks. In Obyte, the user-friendly textcoinscan be used as cold wallets, since they’re just twelve secret words completely outside the Internet.
  • Avoid Phishing Attempts:Be cautious of phishing emails and websites that mimic legitimate platforms. Double-check URLs and email sender addresses before providing sensitive information or clicking on links.
  • Use QR Codes and Check the Addresses:the success of clippers lies in the lack of attention by users. Try using QR codes instead of copy-and-paste functions, and always double-check every crypto address before sending funds. Or you can avoid using crypto addresses to send and receive funds in Obyte. If you attest a customized username, an email, or a GitHub username, you could use them instead of an address. Textcoins are also designed to be sent without complex addresses.
  • Be Wary of Browser Extensions:Be cautious when installing browser extensions, especially those related to cryptocurrency. Stick to reputable extensions from known developers.
  • Monitor Device Activity:Regularly review your device's running processes and active extensions and apps to spot any suspicious activity.
  • Secure Wi-Fi Connections:Avoid using public Wi-Fi networks for cryptocurrency transactions or accessing sensitive information. Use a virtual private network (VPN) for added security.
  • Educate Yourself: Stay informed about the latest cybersecurity threats and best practices. Awareness is the first line of defense against crypto-stealing malware.


By following these preventive measures and maintaining a proactive approach to security, you can significantly reduce the risk of falling victim to crypto-stealing malware and protect your valuable digital assets. Remember that staying vigilant and cautious is key to maintaining a safe and secure crypto experience.



Featured Vector Image by Freepik