- Crypto wallets have become the latest victim to Anubis, a new malware that first became available for sale in dark web markets in June.
- First, it steals data and then sends the stolen information to a C2 (command and control) server through an HTTP POST command.
- In this regard, it is important to note that this malware is not the same as the eponymous version from a family of Android banking malware.
Cryptocurrency is tricky territory as imposters could be lurking where you expect them the least.
According to Microsoft Security Intelligence, the Anubis malware is now giving sleepless nights to crypto users after being circulated for sale In June, on obscure cybercrime markets. Use of forked Loki malware code as a medium, Anubis is stealing cryptocurrency wallets, data information, transaction details, and other sensitive information. In this regard, it is important to note that this malware is not the same as the eponymous version from a family of Android banking malware.
First, it steals data and then sends the stolen information to a C2 (command and control) server through an HTTP POST command.
Parham Eftekhari, executive director of the Cybersecurity Collaborative, reviewed the code photos tweeted by Microsoft and said that not much information was disclosed.
However, it was quite clear that the Loki Bot was spread through social engineering emails with attachments consisting of “.iso” extensions. The messages were masked as orders and offered from other companies and sent to publicly available mail ids of companies, sometimes even from a company’s site.
How can crypto users be safe?
Deploying antimalware applications on one’s system with regular updation could be the key weapon against such attacks. Eftekhari also suggests employing secure browsers, which may prevent the malware from tracing keystrokes or screenshots when accessing sensitive accounts such as banking apps.
The good news is that Microsoft has updated its AI-powered, cloud-delivered protection mechanism-Defender Advanced Threat Protection (Microsoft Defender ATP)-to spot Anubis. Additionally, users can turn on unwanted app blocking in Microsoft Edge to stay safe from cryptocurrency miners and similar threats to their devices.
Malware and cryptocurrency
In recent times, there has been a rise in the number of malware specializing in harvesting the victim’s system for cryptocurrencies, observes Paolo Ardoino, CTO of Bitfinex. Though, in anticipation of losing their wallet seed, not-so-tech-savvy crypto users might still store it offline on their computer. The malware then accesses the password manager or other online storage site while the user is accessing it, and steals the passwords.
Another attack that malware can execute, according to Ardoino, is detecting if the computer runs a Blockchain node consisting of an unprotected wallet file.
Recently, US travel giant CWT has paid a $4.5 million ransom to hackers who leveraged a strain of ‘Ragnar Locker’ to render terabytes of files inaccessible and deactivate thousands of corporate computers offline. Another notorious ransomware was CryptoLocker, which scammed numerous crypto users between 2013 and 2014 by demanding huge amounts of Bitcoin.
With more people working from home and using digital modes of financial transactions in pandemic times, Malwarebytes points that demand for programs such as AveMaria and NetWiredRC, which allow for breaches like remote desktop access and password theft, have surged during COVID 19.