This site uses cookies. Browsing the site, you agree to the use of cookies. If you need more information, please visit the Cookies Policy page
Cryptocurrencies: 5358 / Markets: 30403
Market Cap: $ 345 343 225 381 / 24h Vol: $ 83 666 834 249 / BTC Dominance: 58.1219%

Н News

New Malware Spotted in the Wild That Puts Cryptocurrency Wallets at Risk

The Takeaway:

A new form of malware called Anubis is now out in the world after being circulated for sale on cybercrime dark markets in June, according to Microsoft Security Intelligence. Using forked code from Loki malware, Anubis can steal cryptocurrency wallet IDs, system info, credit card information and other data.

Importantly, this malware is distinct from a family of Android banking malware also called Anubis. It joins a growing list of malwares that look for vulnerable cryptocurrency stashes.

“The malware is downloaded from certain websites. It steals information and sends stolen information to a C2 (command and control) server via an HTTP POST command,” said Tanmay Ganacharya, partner director of security research at Microsoft.

HTTP Post is basically a data request from the internet. It is also used when you’re uploading a file or submitting a completed web form.

See also: Hacker Stole 1,000 Traders’ Personal Data From Crypto Tax Reporting Service

“When successfully executed it attempts to steal information and sends stolen information to a C2 server via HTTP POST command,” he said. “The post command sends back sensitive information that may include username and passwords, such as credentials saved in browsers, credit card information and cryptocurrency wallet IDs.”

Parham Eftekhari, executive director of the Cybersecurity Collaborative, a forum for security professionals, reviewed the images of code tweeted out by Microsoft and said not much information about the Windows Anubis malware has been released.

But the Loki bot (from which the Anubis code was taken) was spread via social engineering emails with attachments with “.iso” extensions. These messages masqueraded as orders and offers from other companies and were sent to publicly available company email addresses, sometimes from a company’s own site.

When it comes to avoiding Anubis, Eftekhari said people should not open any attachments or emails that they are not expecting or that seem unfamiliar.

“They should deploy antimalware applications on their systems and scan and update frequently,” he said. “Finally, when accessing sensitive accounts such as banking applications, they should employ secure or privacy browsers which may prevent malware from recording keystrokes or screenshots.”

Ganacharya said that like many threats, this new malware tries to stay under the radar, so it doesn’t have obvious visual clues. Users can check for the presence of suspicious files and running processes (for example, ASteal.exe, Anubis Stealer.exe) as well as suspicious network traffic.

See also: Binance and Oasis Labs Launch Alliance to Combat Crypto Fraud and Hacks

For its part, Microsoft has updated its Defender Advanced Threat Protection (Microsoft Defender ATP) to detect Anubis malware and will be monitoring it to see if campaigns begin to spread. Microsoft Defender ATP uses AI-powered cloud-delivered protection to defend against new and unknown threats in real time

Other users should be wary of visiting unknown or suspicious websites, or opening suspicious emails, attachments and URLs, Ganacharya said. Additionally, users can turn on unwanted app blocking in Microsoft Edge to get protection against cryptocurrency miners and other software that can affect the performance of devices.

But for security professionals there are telltale signs when analyzing a system. One of these are indicators of compromise, which are indicators a system has been breached. These can include unusual outbound network traffic or unusual activity on an account.

While malware, or software designed to be malicious, isn’t new it’s increasingly being brought to bear on the cryptocurrency community.

“Over the past three years we have been seeing an increased number of malwares that target user computers that, aside from trying to record/steal passwords, are specialized in harvesting the victim’s system for cryptocurrencies,” said Paolo Ardoino, CTO of Bitfinex.

Ardoino said tech-savvy holders of cryptocurrency usually use a hardware wallet and store their seed (the information that generates and recovers a wallet) offline. Less-experienced users, though, due to the fear of losing the seed for their wallet, might keep it stored on their computer. Malware is then able to access the password manager or other online storage site while the user is accessing it, and copy and paste passwords.

See also: Social Engineering: A Plague on Crypto and Twitter, Unlikely to Stop

Another attack that malware can execute, according to Ardoino, is seeing if the computer runs a blockchain node that has an unprotected wallet file. Even if that wallet file has a password, if the malware involves a keystroke recorder (or keylogger) it can capture whatever a user on the computer types.

He said there are many nuances, but as cryptocurrency gets closer to mass adoption, sloppy custodial practices could make people’s cryptocurrency wallets easier to target than banks or even credit cards.

Upticks in bitcoin (BTC) and ether (ETH), like those we’ve seen in recent months, could spark interest in new users who can be particularly susceptible to these kinds of attacks.

The threat of malware has only increased as people have been pushed toward working and living remotely during the coronavirus pandemic, increasing the amount of time they spend online and the number of systems they use.

See also: These Illicit SIM Cards Are Making Hacks Like Twitter’s Easier

According to a recent report from Malwarebytes, a company specializing in combating malware, programs such as AveMaria and NetWiredRC, which allow for breaches like remote desktop access and password theft, have seen huge increases in use during the pandemic. They found AveMaria saw a bump of 1,219% from January to April compared to 2019; NetWiredRC observed a 99% increase in detections from January to June, primarily targeting businesses.

Paul Walsh, CEO of the cybersecurity company MetaCert, said that given the attack vectors identified, traditional models for identifying and protecting against these attacks are misguided.

The vast majority of malware is delivered via email phishing and malicious URLs, which outnumber dangerous attachments (like Anubis) five to one, according to Walsh.

“Most security issues that involve dangerous URLs go undetected and, therefore, [are] not blocked” he said.

See also: YouTube’s Whac-a-Mole Approach to Crypto Scam Ads Remains a Problem

There are thousands of security vendors in the world, but only a small number own their own “threat intelligence systems” – a fancy term for a big database of threats and potential threats. Those companies license that data to other companies. While Walsh’s company Metacert has a threat intelligence system, they might have URLs that Google, for example, won’t. It’s a patchwork solution at best.

And if people are tailoring spear-phishing attacks for a specific company, the damage is usually done quite quickly, before a security database or firm might be aware a tailored website exists.

The lifespan, or the time frame within which a phishing attack has accomplished its goal, is about seven minutes, said Walsh. But security companies may take up to two or three days to identify and vet new phishing attacks, particularly if they are tailored for a company or individual.

Walsh says strong passwords and two-factor authentication are important. Yubikey, essentially a hardware version of two-factor authentication, is one step up, but it’s not supported by all websites.


  • 14.09.20 17:15 Юрий Ник


  • 14.09.20 17:20 Захар Трофимов

    Отличные эфиры у вас

  • 14.09.20 17:21 Попков С.А.

    ​здарова бандиты

  • 14.09.20 17:30 Серега Бумер

    Привет из Москвы

  • 14.09.20 17:35 Анастасия

    Давайте биткоин по 20к

  • 14.09.20 17:40 Лысый Боб

    Подарите книгу)))

  • 14.09.20 17:41 Светлана П


  • 14.09.20 17:48 Николаев


  • 14.09.20 17:53 Щука А

    Слава эфиру

  • 14.09.20 17:58 Захар Трофимов

    Надо изучать Defi , интересно

  • 14.09.20 17:59 Павел Павлов

    15$. профита всем

  • 14.09.20 18:01 Попко Колян

    Давайте биткоин по 20к

  • 14.09.20 18:08 Попков С.А.


  • 14.09.20 18:13 Алексей С.


  • 14.09.20 18:18 Попков С.А.

    Как успехи?

  • 14.09.20 18:24 Попко Колян


  • 14.09.20 18:26 Егор Шетюк


  • 14.09.20 18:26 Захар Трофимов

    15$. Тюмень рулит😁

  • 14.09.20 18:35 Константин В.В

    Биток и эфир держу до лучших времён)

  • 14.09.20 18:38 Попко Колян


  • 14.09.20 18:43 Даниил

    Рига смотрит

  • 14.09.20 18:46 Вадим Никулин

    Всегда смотрю Вас!

  • 14.09.20 18:55 Захар Трофимов

    Минск на проводе

  • 14.09.20 18:56 Щука А

    Спасибо за ваш труд

  • 14.09.20 19:01 Никита


  • 14.09.20 19:06 Вячеслав Левков

    Отложил биток на пенсию

  • 14.09.20 19:13 Попков С.А.

    Отличные эфиры у вас

  • 14.09.20 19:20 Щука А

    Привет из Москвы

  • 14.09.20 19:25 Алексей С.

    Всем РЕСПЕКТ

  • 14.09.20 19:27 Николай

    Вперед криптаны

  • 14.09.20 19:34 КРИПТАН

    Слышно гуд

  • 14.09.20 19:36 Егор Шетюк

    Подарите книгу)))

  • 14.09.20 19:44 Светлана П

    миллионерам привет

  • 14.09.20 19:48 Вячеслав Левков

    Крипта скам=)

  • 14.09.20 19:53 Тоха


  • 14.09.20 19:57 Носов А.А

    Рига смотрит

  • 14.09.20 20:04 Прокоп

    Донаты принемаете?

  • 14.09.20 20:06 Носов А.А


  • 14.09.20 20:12 Юрий Ник

    Тюмень рулит😁

  • 14.09.20 20:18 Даниил

    миллионерам привет

  • 14.09.20 20:18 Нина

    17$. Биток и эфир держу до лучших времён)

  • 14.09.20 20:24 Никита

    18$. Задонатю вам баблишка)

  • 14.09.20 20:25 Вячеслав Левков

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 20:26 Павел Скоровойтов

    Слава эфиру

  • 14.09.20 20:35 Носов А.А

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 20:36 Тоха


  • 14.09.20 20:44 Лена

    Биток и эфир держу до лучших времён)

  • 14.09.20 20:47 Нина


  • 14.09.20 20:53 Попков С.А.

    Все good. Ростем потихоньку и падаем, как всегда

  • 14.09.20 20:58 Санек

    Всем РЕСПЕКТ

  • 14.09.20 21:01 Славка Орехов

    Спасибо за ваш труд

  • 14.09.20 21:10 Ваня А,

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 21:13 Нина


  • 14.09.20 21:20 Никита

    Привет парни!

  • 14.09.20 21:25 Егор Шетюк


  • 14.09.20 21:27 Вячеслав Левков


  • 14.09.20 21:33 Попков С.А.

    Тамбов с вами братва

  • 14.09.20 21:37 Серега Бумер

    Слава эфиру

  • 14.09.20 21:42 Ваня А,

    Подарите книгу)))

  • 14.09.20 21:50 Павел Скоровойтов

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 21:54 Захар Трофимов

    Привет парни!

  • 14.09.20 21:56 Санек

    Отложил биток на пенсию

  • 14.09.20 22:03 Носов А.А

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 22:03 Попков С.А.

    14$. Надо изучать Defi , интересно

  • 14.09.20 22:09 Николай

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 22:14 Вадим Никулин

    Я из РБ слежу за вами давно💰

  • 14.09.20 22:17 Николай

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 22:24 Лена

    ​Я снова с вами)))

  • 14.09.20 22:28 Носов А.А

    Отложил биток на пенсию

  • 14.09.20 22:31 Серега Бумер

    Тюмень рулит😁

  • 14.09.20 22:40 Светлана П

    Сморгонь 👍

  • 14.09.20 22:43 Вадим Никулин

    Отложил биток на пенсию

  • 14.09.20 22:46 Николаев


  • 14.09.20 22:53 Ваня А,

    Люблю ваши трансляции, вы крутые!

  • 14.09.20 22:58 Вячеслав Левков

    Биток вперед!!!

  • 14.09.20 23:05 Носов А.А

    ​Привет всем с Украины!

  • 14.09.20 23:06 Носов А.А

    12$. ​здарова бандиты

  • 14.09.20 23:09 Константин В.В

    Отложил биток на пенсию

  • 14.09.20 23:14 Прокоп

    Екатеринбург на связи

  • 14.09.20 23:18 Николаев


  • 14.09.20 23:25 Тоха

    ​здарова бандиты

  • 14.09.20 23:27 Попков С.А.

    Отличные эфиры у вас

  • 14.09.20 23:33 Лена

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 23:39 Николаев

    Доброе утречко

  • 14.09.20 23:45 Лена

    Как успехи?

  • 14.09.20 23:49 Павел Скоровойтов


  • 14.09.20 23:51 Ваня А,

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 23:57 Попков С.А.

    Хомяки тут

  • 15.09.20 00:01 Лысый Боб

    Привет, пацаны. Слышно, видно хорошо

  • 15.09.20 00:07 Санек

    Слава эфиру

  • 15.09.20 00:12 Щука А

    Екатеринбург на связи

  • 15.09.20 00:14 Нина

    23$. Лайк

  • 15.09.20 00:16 Юрий Ник

    Вперед криптаны

  • 15.09.20 00:25 Лена

    Биток и эфир держу до лучших времён)

  • 15.09.20 00:26 Попков С.А.

    Как успехи?

  • 15.09.20 00:33 Попко Колян

    Я из РБ слежу за вами давно💰

  • 15.09.20 00:40 Даниил

    миллионерам привет

  • 15.09.20 00:50 Константин В.В

    11$. Круто

  • 17.09.20 15:31 Trident

    купил билет на семинар который изначально планировался в субботу.... в пятницу не смогу послушать, гле посмотреть запись?

  • 24.09.20 12:08 Серго1985

    Как бабло зарабатывается??

To join the Chat, you need a free account. Enter Registration