Home>Blog>The Hacker News Headlines>Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets
The Hacker News Headlines

Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets

Microsoft is warning of an emerging threat targeting
internet-connected cryptocurrency wallets, signaling a departure in
the use of digital coins in cyberattacks.

The tech giant dubbed the new threat “cryware,” with the attacks
resulting in the irreversible theft of virtual currencies by means
of fraudulent transfers to an adversary-controlled wallet.

“Cryware are information stealers that collect and exfiltrate
data directly from non-custodial cryptocurrency wallets, also known
as hot wallets[1],” Berman Enconado and
Laurie Kirk of the Microsoft 365 Defender Research Team said[2]
in a new report.

“Because hot wallets, unlike custodial wallets, are stored
locally on a device and provide easier access to cryptographic keys
needed to perform transactions, more and more threats are targeting
them.”

Attacks of this kind are not theoretical. Earlier this year,
Kaspersky disclosed[3]
a financially-motivated campaign staged by the North Korea-based
Lazarus Group, which involved targeting crypto companies with
malware designed to drain funds out of hot wallets.

Cryware encompasses the following threats –

  • Cryptojackers that surreptitiously consume a
    target’s device resources to mine cryptocurrency
  • Ransomware campaigns that make use of
    cryptocurrency as a ransom payment to avoid detection
  • Information stealers (e.g., Mars Stealer[4], RedLine Stealer[5], Arkei[6], and Raccoon[7]) that are being
    increasingly upgraded to siphon hot wallet data alongside other
    valuable information stored in the system, and
  • ClipBankers (aka clippers[8]) that steal
    cryptocurrency during transactions by monitoring the clipboard and
    replacing the original wallet address with the attacker’s
    address

CyberSecurity

Such information-stealing attacks aim to extract hot wallet data
such as private keys, seed phrases, and wallet addresses, thereby
allowing the threat actor to initiate rogue transactions and move
funds to another wallet.

Alternatively, cybercriminals have also been observed to
leverage techniques like memory dumping to display the private keys
in plaintext, keylogging to capture keystrokes entered by a victim,
or designing lookalike wallet websites to trick users into entering
their private keys.

To mitigate such threats, Microsoft is recommending users and
organizations to lock hot wallets when not trading, disconnect
sites connected to a wallet, avoid storing private keys in
plaintext, and verify the value of the wallet address when copying
and pasting the information.

“Cryware signifies a shift in the use of cryptocurrencies in
attacks: no longer as a means to an end but the end itself,” the
researchers said.

References

  1. ^
    hot
    wallets     (www.investopedia.com)
  2. ^
    said
    (www.microsoft.com)
  3. ^
    disclosed
    (thehackernews.com)
  4. ^
    Mars
    Stealer     (thehackernews.com)
  5. ^
    RedLine
    Stealer     (thehackernews.com)
  6. ^
    Arkei
    (blogs.blackberry.com)
  7. ^
    Raccoon
    (thehackernews.com)
  8. ^
    clippers
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.