Malware
9,784 views
6 Discussing
Hot
Latest
#malware
Crypto Malware: What Is It and How to Identify Them?
In this rapidly evolving cryptocurrency landscape, crypto-malware emerged as cryptocurrencies grew in popularity and value. It is malicious software that exploits a computer’s processing power to mine cryptocurrencies without the user’s permission. This type of malware became prominent as cryptocurrencies gained value, with the first known cryptojacking.
However, in this article, we’ll get to know more about crypto-malware, how it happens, how to safeguard against crypto-malware, and many more things. So, read till the end for a complete understanding of crypto-malware.
What is Crypto Malware?
Crypto malware is a type of malicious software specifically designed to exploit the processing power of computers or devices to mine cryptocurrencies without the user’s permission. This is done through a process called cryptojacking, where the malware secretly uses the device’s resources to mine digital currencies like Monero, which are chosen for their strong privacy features that make them hard to track.
This unauthorized mining can lead to increased CPU usage, slower device performance, overheating, and higher electricity bills. Crypto malware often spreads through infected email attachments, malicious links, compromised websites, and software vulnerabilities.
How did they happen in the crypto landscape?
Crypto malware emerged in the crypto landscape as cryptocurrencies gained popularity and value. The first known cryptojacking script was released by Coinhive in 2017, allowing website owners to embed mining code on their sites to use visitors’ computing power for mining. This marked the beginning of a surge in crypto malware attacks.
Cybercriminals quickly adopted these techniques, finding cryptojacking more attractive than other forms of cyber attacks like ransomware. This is because cryptojacking is less likely to attract law enforcement attention, is relatively low-risk, and is highly profitable.
#Megadrop #BinanceLaunchpool
Crypto Malware: What Is It and How to Identify Them?
In this rapidly evolving cryptocurrency landscape, crypto-malware emerged as cryptocurrencies grew in popularity and value. It is malicious software that exploits a computer’s processing power to mine cryptocurrencies without the user’s permission. This type of malware became prominent as cryptocurrencies gained value, with the first known cryptojacking.
However, in this article, we’ll get to know more about crypto-malware, how it happens, how to safeguard against crypto-malware, and many more things. So, read till the end for a complete understanding of crypto-malware.
What is Crypto Malware?
Crypto malware is a type of malicious software specifically designed to exploit the processing power of computers or devices to mine cryptocurrencies without the user’s permission. This is done through a process called cryptojacking, where the malware secretly uses the device’s resources to mine digital currencies like Monero, which are chosen for their strong privacy features that make them hard to track.
This unauthorized mining can lead to increased CPU usage, slower device performance, overheating, and higher electricity bills. Crypto malware often spreads through infected email attachments, malicious links, compromised websites, and software vulnerabilities.
How did they happen in the crypto landscape?
Crypto malware emerged in the crypto landscape as cryptocurrencies gained popularity and value. The first known cryptojacking script was released by Coinhive in 2017, allowing website owners to embed mining code on their sites to use visitors’ computing power for mining. This marked the beginning of a surge in crypto malware attacks.
Cybercriminals quickly adopted these techniques, finding cryptojacking more attractive than other forms of cyber attacks like ransomware. This is because cryptojacking is less likely to attract law enforcement attention, is relatively low-risk, and is highly profitable.
#Megadrop #BinanceLaunchpool
A new Android #malware named #SpyAgent uses optical character recognition (OCR) technology to steal #cryptocurrency wallet recovery phrases from screenshots stored on the mobile device.
#staysafe
#staysafe
🔐 Cyber News (May 15, 2024):
1️⃣ Rain: Cryptocurrency exchange Rain, headquartered in Bahrain, has fallen victim to an exploit. In a hacking incident, perpetrators managed to siphon off assets totaling $14.8 million from the company's accounts. 💰
2️⃣ MistTrack: Tether took action by freezing 12 addresses containing millions in USDT. The combined assets held in these frozen wallets amounted to approximately $5.2 million. 💼
3️⃣ CoinDesk: A court in the Netherlands rendered a verdict on May 14, finding cryptocurrency mixer Tornado Cash developer Alexey Pertsev guilty of money laundering. Pertsev was charged with orchestrating no fewer than 36 illicit transactions, totaling $1.2 billion, through the crypto mixer between July 9, 2019, and August 10, 2022. The court sentenced him to 64 months of imprisonment. ⚖️
4️⃣ Kaspersky: North Korean hackers known as Kimsuky have deployed a new #malware strain named Durian to target cryptocurrency firms. Durian not only exfiltrates files from compromised systems but also installs the AppleSeed backdoor and the LazyLoad proxy tool. 🛡️
5️⃣ Equalizer: On May 14, a cybercriminal initiated a breach on the decentralized exchange (DEX) Equalizer, pilfering funds from traders. The perpetrator made off with 2353 EQUAL tokens (~$20,000) and several other digital assets. 💸
👍 Any queries? Feel free to ask in the comments below!
1️⃣ Rain: Cryptocurrency exchange Rain, headquartered in Bahrain, has fallen victim to an exploit. In a hacking incident, perpetrators managed to siphon off assets totaling $14.8 million from the company's accounts. 💰
2️⃣ MistTrack: Tether took action by freezing 12 addresses containing millions in USDT. The combined assets held in these frozen wallets amounted to approximately $5.2 million. 💼
3️⃣ CoinDesk: A court in the Netherlands rendered a verdict on May 14, finding cryptocurrency mixer Tornado Cash developer Alexey Pertsev guilty of money laundering. Pertsev was charged with orchestrating no fewer than 36 illicit transactions, totaling $1.2 billion, through the crypto mixer between July 9, 2019, and August 10, 2022. The court sentenced him to 64 months of imprisonment. ⚖️
4️⃣ Kaspersky: North Korean hackers known as Kimsuky have deployed a new #malware strain named Durian to target cryptocurrency firms. Durian not only exfiltrates files from compromised systems but also installs the AppleSeed backdoor and the LazyLoad proxy tool. 🛡️
5️⃣ Equalizer: On May 14, a cybercriminal initiated a breach on the decentralized exchange (DEX) Equalizer, pilfering funds from traders. The perpetrator made off with 2353 EQUAL tokens (~$20,000) and several other digital assets. 💸
👍 Any queries? Feel free to ask in the comments below!
A recent investigation has revealed a large-scale #infostealer #malware operation linked to a cybercriminal group called "#MarkoPolo ," which has conducted over thirty campaigns targeting various demographics and systems. The operation utilizes multiple distribution methods, such as malvertising, spearphishing, and brand impersonation, focusing on sectors like online gaming, cryptocurrency, and software.
According to Recorded Future's Insikt Group, the Marko Polo campaign has likely compromised tens of thousands of devices globally, resulting in potential financial losses amounting to millions. The malware includes notable payloads like AMOS, Stealc, and Rhadamanthys, with reports indicating significant risks to consumer privacy and business continuity.
**Key Tactics Used by Marko Polo:**
1. #Spearphishing : Targeting high-value individuals such as cryptocurrency influencers and software developers through direct messages on social media, often luring them with fake job offers or project collaborations.
2. Brand Impersonation: Utilizing both real and fictitious brands to create credible but malicious sites that entice victims to download malware. Brands like Fortnite and Zoom have been impersonated, alongside made-up names like Vortax and NightVerse.
Target Platforms:
- Windows: The group employs #HijackLoader to deliver info-stealing malware like Stealc and Rhadamanthys, which can collect sensitive information and even redirect cryptocurrency transactions.
- macOS: The AMOS stealer is utilized, capable of retrieving data from web browsers and Apple Keychain, including WiFi credentials and saved logins.
Infection Methods: Malware is distributed through malicious websites, executable files in torrent downloads, and fake virtual applications.
To protect against such threats, users are advised to avoid links from unknown sources and only download software from official sites. Regularly scanning files with up-to-date antivirus software is also recommended to prevent infections.
According to Recorded Future's Insikt Group, the Marko Polo campaign has likely compromised tens of thousands of devices globally, resulting in potential financial losses amounting to millions. The malware includes notable payloads like AMOS, Stealc, and Rhadamanthys, with reports indicating significant risks to consumer privacy and business continuity.
**Key Tactics Used by Marko Polo:**
1. #Spearphishing : Targeting high-value individuals such as cryptocurrency influencers and software developers through direct messages on social media, often luring them with fake job offers or project collaborations.
2. Brand Impersonation: Utilizing both real and fictitious brands to create credible but malicious sites that entice victims to download malware. Brands like Fortnite and Zoom have been impersonated, alongside made-up names like Vortax and NightVerse.
Target Platforms:
- Windows: The group employs #HijackLoader to deliver info-stealing malware like Stealc and Rhadamanthys, which can collect sensitive information and even redirect cryptocurrency transactions.
- macOS: The AMOS stealer is utilized, capable of retrieving data from web browsers and Apple Keychain, including WiFi credentials and saved logins.
Infection Methods: Malware is distributed through malicious websites, executable files in torrent downloads, and fake virtual applications.
To protect against such threats, users are advised to avoid links from unknown sources and only download software from official sites. Regularly scanning files with up-to-date antivirus software is also recommended to prevent infections.
Crypto-Stealing Malware Found in Mobile App Store SDKs, Warns Kaspersky⚠️⚠️ALERT🚨
#malware
#HighAlert
Kaspersky Labs has identified a sophisticated malware campaign targeting cryptocurrency users through malicious software development kits embedded in mobile apps available on Google Play and the Apple App Store. Named "SparkCat," this malware utilizes optical character recognition to scan users' photos for cryptocurrency wallet recovery phrases, which hackers then use to access and deplete affected wallets.
In a comprehensive report dated February 4, 2025, Kaspersky researchers Sergey Puzan and Dmitry Kalinin detailed how the SparkCat malware infiltrates devices and searches images for recovery phrases through multilingual keyword detection. Once these phrases are obtained, attackers gain unfettered access to victims' crypto wallets. The hackers thus achieve full control over the funds, as highlighted by the researchers.
Moreover, the malware is designed to steal additional sensitive information, such as passwords and private messages captured in screenshots. Specifically on Android devices, SparkCat masquerades as a Java-based analytics module called Spark. The malware receives operational updates from an encrypted configuration file on GitLab and uses Google's ML Kit OCR to extract text from images on infected devices. Detection of a recovery phrase results in the malware sending the information back to attackers, allowing them to import the victim's crypto wallet onto their devices.
Kaspersky estimates that since its emergence in March 2023, SparkCat has been downloaded around 242,000 times, predominantly impacting users in Europe and Asia.
In a separate but related report from mid-2024, Kaspersky has been monitoring another Android malware campaign involving deceptive APKs like Tria Stealer, which intercepts SMS messages and call logs, and steals Gmail data.
The presence of this malware spans numerous apps, some seemingly legitimate like food delivery services, and others designed to attract unwary users, such as AI-enabled messaging apps. Common features among these infected apps include the use of the Rust programming language, cross-platform capabilities, and sophisticated obfuscation methods to evade detection.
The origins of SparkCat remain unclear. The researchers have not ascribed the malware to any known hacking group but have noted Chinese-language comments and error messages within the code, suggesting fluency in Chinese by the developer. While it shares similarities with a campaign uncovered by ESET in March 2023, its precise source remains unidentified.
Kaspersky strongly advises users against storing sensitive information like crypto wallet recovery phrases in their photo galleries. Instead, they recommend employing password managers and regularly scanning for and eliminating suspicious applications.
The findings were originally reported on 99Bitcoins in the article titled "Malicious SDKs on Google Play and App Store Steal Crypto Seed Phrases: Kaspersky."
$BTC
#HighAlert
Kaspersky Labs has identified a sophisticated malware campaign targeting cryptocurrency users through malicious software development kits embedded in mobile apps available on Google Play and the Apple App Store. Named "SparkCat," this malware utilizes optical character recognition to scan users' photos for cryptocurrency wallet recovery phrases, which hackers then use to access and deplete affected wallets.
In a comprehensive report dated February 4, 2025, Kaspersky researchers Sergey Puzan and Dmitry Kalinin detailed how the SparkCat malware infiltrates devices and searches images for recovery phrases through multilingual keyword detection. Once these phrases are obtained, attackers gain unfettered access to victims' crypto wallets. The hackers thus achieve full control over the funds, as highlighted by the researchers.
Moreover, the malware is designed to steal additional sensitive information, such as passwords and private messages captured in screenshots. Specifically on Android devices, SparkCat masquerades as a Java-based analytics module called Spark. The malware receives operational updates from an encrypted configuration file on GitLab and uses Google's ML Kit OCR to extract text from images on infected devices. Detection of a recovery phrase results in the malware sending the information back to attackers, allowing them to import the victim's crypto wallet onto their devices.
Kaspersky estimates that since its emergence in March 2023, SparkCat has been downloaded around 242,000 times, predominantly impacting users in Europe and Asia.
In a separate but related report from mid-2024, Kaspersky has been monitoring another Android malware campaign involving deceptive APKs like Tria Stealer, which intercepts SMS messages and call logs, and steals Gmail data.
The presence of this malware spans numerous apps, some seemingly legitimate like food delivery services, and others designed to attract unwary users, such as AI-enabled messaging apps. Common features among these infected apps include the use of the Rust programming language, cross-platform capabilities, and sophisticated obfuscation methods to evade detection.
The origins of SparkCat remain unclear. The researchers have not ascribed the malware to any known hacking group but have noted Chinese-language comments and error messages within the code, suggesting fluency in Chinese by the developer. While it shares similarities with a campaign uncovered by ESET in March 2023, its precise source remains unidentified.
Kaspersky strongly advises users against storing sensitive information like crypto wallet recovery phrases in their photo galleries. Instead, they recommend employing password managers and regularly scanning for and eliminating suspicious applications.
The findings were originally reported on 99Bitcoins in the article titled "Malicious SDKs on Google Play and App Store Steal Crypto Seed Phrases: Kaspersky."
$BTC
Malware awareness !!
#alert #malware
Malware, short for malicious software, refers to any software that is designed to harm or exploit a system or its user.
Here are some common types of malware:
1. Viruses: Replicate and spread to other files or systems.
2. Worms: Self-replicating malware that spreads without user interaction.
3. Trojans: Disguise themselves as legitimate software to gain access.
4. Spyware: Secretly monitor and collect user data.
5. Adware: Display unwanted advertisements.
6. Ransomware: Demand payment in exchange for restoring access to data.
7. Rootkits: Hide malware or unauthorized access from the user.
8. Keyloggers: Record keystrokes to steal sensitive information.
9. Botnets: Networks of infected devices controlled remotely.
10. Exploits: Take advantage of software vulnerabilities to gain access.
To protect yourself from malware:
1. Use antivirus software.
2. Keep software up-to-date.
3. Avoid suspicious downloads.
4. Use strong passwords.
5. Enable firewall protection.
6. Use secure networks.
7. Regularly back up data.
8. Use a reputable VPN.
9. Be cautious with email attachments.
10. Use a secure search engine.
Remember, prevention and vigilance are key to protecting yourself from malware.
Malware, short for malicious software, refers to any software that is designed to harm or exploit a system or its user.
Here are some common types of malware:
1. Viruses: Replicate and spread to other files or systems.
2. Worms: Self-replicating malware that spreads without user interaction.
3. Trojans: Disguise themselves as legitimate software to gain access.
4. Spyware: Secretly monitor and collect user data.
5. Adware: Display unwanted advertisements.
6. Ransomware: Demand payment in exchange for restoring access to data.
7. Rootkits: Hide malware or unauthorized access from the user.
8. Keyloggers: Record keystrokes to steal sensitive information.
9. Botnets: Networks of infected devices controlled remotely.
10. Exploits: Take advantage of software vulnerabilities to gain access.
To protect yourself from malware:
1. Use antivirus software.
2. Keep software up-to-date.
3. Avoid suspicious downloads.
4. Use strong passwords.
5. Enable firewall protection.
6. Use secure networks.
7. Regularly back up data.
8. Use a reputable VPN.
9. Be cautious with email attachments.
10. Use a secure search engine.
Remember, prevention and vigilance are key to protecting yourself from malware.
El impacto de un malware casero falso en el ecosistema de criptomonedas
La reciente revelación de Scam Sniffer sobre un malware "Homebrew" falso, distribuido mediante anuncios en Google, ha encendido alarmas en el mundo de las criptomonedas. Este ataque, diseñado para robar datos de billeteras y activos digitales, no solo pone en peligro a los inversores individuales, sino que también socava la confianza general en las plataformas de publicidad y en la seguridad del ecosistema cripto. Los ciberdelincuentes están explotando herramientas comunes, como Google Ads, para dirigirse a usuarios desprevenidos, demostrando cómo incluso los canales más confiables pueden ser utilizados para fines maliciosos.
Para los inversores, las implicaciones son severas. Además de las pérdidas financieras directas, este tipo de ataques refuerza el temor de que las criptomonedas sean inherentemente inseguras, disuadiendo a nuevos participantes. A nivel global, esta desconfianza puede ralentizar la adopción generalizada de las criptomonedas como activos digitales y sistemas de pago alternativos. Al mismo tiempo, la economía digital sufre, ya que las empresas cripto enfrentan una presión adicional para implementar medidas de seguridad más estrictas, lo que podría aumentar los costos operativos y frenar la innovación.
En términos económicos, ataques de esta naturaleza pueden desestabilizar el mercado de criptomonedas, creando volatilidad y afectando negativamente a la confianza de los inversores institucionales. A medida que el fraude cibernético aumenta, se refuerza la necesidad de regulaciones más estrictas y de una colaboración global para proteger a los usuarios. Este incidente es un recordatorio crítico de que la educación y la precaución deben ser prioridades tanto para los inversores como para las plataformas tecnológicas.
#malware #CryptoSurge2025 #AnalisisTecnico #Criptomonedas"
Para los inversores, las implicaciones son severas. Además de las pérdidas financieras directas, este tipo de ataques refuerza el temor de que las criptomonedas sean inherentemente inseguras, disuadiendo a nuevos participantes. A nivel global, esta desconfianza puede ralentizar la adopción generalizada de las criptomonedas como activos digitales y sistemas de pago alternativos. Al mismo tiempo, la economía digital sufre, ya que las empresas cripto enfrentan una presión adicional para implementar medidas de seguridad más estrictas, lo que podría aumentar los costos operativos y frenar la innovación.
En términos económicos, ataques de esta naturaleza pueden desestabilizar el mercado de criptomonedas, creando volatilidad y afectando negativamente a la confianza de los inversores institucionales. A medida que el fraude cibernético aumenta, se refuerza la necesidad de regulaciones más estrictas y de una colaboración global para proteger a los usuarios. Este incidente es un recordatorio crítico de que la educación y la precaución deben ser prioridades tanto para los inversores como para las plataformas tecnológicas.
#malware #CryptoSurge2025 #AnalisisTecnico #Criptomonedas"
⚡Beware Scammers⚡
🚨 Un nuevo #malware acecha a la comunidad #cripto
🐴 La firma ThreatFabric ha detectado #Cocrodrilus un troyano bancario-financiero que pone en riesgo a la comunidad cripto menos experta y cautelosa.
🗝️ Este malware se infiltra en dispositivos móviles y roba frases semilla y credenciales de acceso a monederos y billeteras.
🇪🇸🇹🇷 Su foco principal son usuarios de España y Turquía, y su funcionamiento avanzado le permite actuar sin ser detectado, incluso en versiones recientes de #Android como la 13.
✍🏻 Las autoridades y profesionales de la ciberseguridad recomiendan extremar precauciones con #apps sospechosas.
🔎💎
🚨 Un nuevo #malware acecha a la comunidad #cripto
🐴 La firma ThreatFabric ha detectado #Cocrodrilus un troyano bancario-financiero que pone en riesgo a la comunidad cripto menos experta y cautelosa.
🗝️ Este malware se infiltra en dispositivos móviles y roba frases semilla y credenciales de acceso a monederos y billeteras.
🇪🇸🇹🇷 Su foco principal son usuarios de España y Turquía, y su funcionamiento avanzado le permite actuar sin ser detectado, incluso en versiones recientes de #Android como la 13.
✍🏻 Las autoridades y profesionales de la ciberseguridad recomiendan extremar precauciones con #apps sospechosas.
🔎💎
💎 #CoinRank Daily Insights & Analysis
🔐 SparkCat Malware Attack: A sneaky exploit that targets users’ recovery phrases by using OCR to steal wallet access. 📱💥 Attackers exploit the habit of saving recovery phrases in screenshots, making them easy targets.
Best Practices to Stay Safe:
1. Check and delete suspicious apps from Google Play or App Store, especially recent downloads. 🚫
2. Avoid saving recovery phrases in screenshots. Write them down and store securely. 🔑
3. Regularly check wallet security and move assets to a new wallet if you suspect your device is infected. 🔄
This incident reminds us that convenience can sometimes create vulnerabilities in Web3 security. Stay vigilant! 🔍
#CryptoSecurity #Malware #SparkCat #StaySafe
🔐 SparkCat Malware Attack: A sneaky exploit that targets users’ recovery phrases by using OCR to steal wallet access. 📱💥 Attackers exploit the habit of saving recovery phrases in screenshots, making them easy targets.
Best Practices to Stay Safe:
1. Check and delete suspicious apps from Google Play or App Store, especially recent downloads. 🚫
2. Avoid saving recovery phrases in screenshots. Write them down and store securely. 🔑
3. Regularly check wallet security and move assets to a new wallet if you suspect your device is infected. 🔄
This incident reminds us that convenience can sometimes create vulnerabilities in Web3 security. Stay vigilant! 🔍
#CryptoSecurity #Malware #SparkCat #StaySafe
Login to explore more contents