New Malware That Steals Cryptocurrencies Spreads Across Latin America

Olowo by Olowo - 05:47 AM Oct 05, 2019

Slovak company ESET, antivirus software developer announced, this week that it has discovered a new malware that can steal cryptocurrencies. It is understood that the malware has particularly spread throughout Latin America.

The report shows one of the scammers' purses, which received around 1.2 bitcoins, worth USD 9,812 at the current price. The number of transactions in the wallet is 70.

cryptocurrencies malware

According to the ESET statement, the new virus belongs to the Casbaneiro malware family and its main objective is to track data from cryptocurrency wallets. To do this, it monitors the contents of the clipboard and in case of discovering the information, the attackers replace the data with that of their own crypto active wallet.

At the same time, the company reports that Casbaneiro is similar to the previously identified Amavaldo family of banking Trojans. For now, malware primarily attacks banking institutions and cryptocurrency companies in Brazil and Mexico, although it does not rule out that it extends to other countries in Latin America and the world.

The experts discovered that to deceive the victims the new Trojan uses the same tactics of Amavaldo, which consists of using pop-ups and fake molds. These attacks generally focus on persuading users to take urgent or necessary action, such as installing a software update or verifying credit or bank account information.

New Malware Named Casbaneiro is Very Complex In Actions

Once the victim's device has been invaded, Casbaneiro uses backdoor commands to make screenshots, restrict access to various banking sites and record keystrokes.
Trojans have similar functionality and use social engineering methods. In particular, both malicious programs are trying to convince the victim to enter personal information in a false way, supposedly for urgent verification of bank card data or software updates. In addition, like the Amavaldo Trojan, the initial vector of infection of the user's devices is a malicious email.

ESET statement.

One of the aspects highlighted in the report is that Casbaneiro is able to hide the domain and port of the C&C server in several locations, such as fake DNS records, in electronic documents stored in Google Docs or in fake websites that supposedly belong to legitimate organizations.

In some cases, the C&C server domains have been encrypted and hidden in legitimate sites, especially descriptions in several YouTube videos, especially in cooking and soccer.

ESET experts recommend that the basic security rules be followed when entering personal data to make online payments, as well as a reliable solution to protect the devices.

Cryptocurrency Malware Have Increased By Over 30% In Recent Months

New threats often arise in the world of cryptocurrencies, which are covered by black hat hackers who specialize in creating new methods to steal and profit at the expense of organizations or users.

On September 26, the company Juniper Threat Labs, a cyber threat intelligence portal, revealed the discovery of a spy virus that uses Telegram as a communication channel with its Command and Control Center.

Among other things, the malware is able to automatically replace crypto wallet addresses copied to the clipboard.

In mid-September, a team of cybersecurity researchers discovered a new variety of cryptocurrency mining malware, which not only illegally extracts cryptocurrencies, but provides attackers with universal access to the infected system through a “secret master password "

In fact, a report from McAfee Labs revealed that crypto-jacking is on the rise. According to the study, cryptocurrency mining malware campaigns rose 30% from the fourth quarter of 2018 to the first quarter of 2019.

On the other hand, a BBC report published in August highlighted a cryptojacking monero malware that successfully hacked 850,000 servers, mainly in Latin America.

About The Author

OlowoI am olowoporoku adeniyi, writer, editor and crypto evangelist, with five years experience in the Blockchain industry.