It seems that the cybercrime industry remains as vibrant as ever because hardly a week goes by without one update or another. In the latest scare for cryptocurrency users, a warning was recently sent out by tech giant Microsoft about a new malware strain that could be a concern. Last month, Microsoft Security Intelligence (MSI) had issued a warning via a tweet to crypto users who use its operating system about a new malware that could be a threat to their digital wallets. The tweet had drawn attention to Anubis, a new malware strain, which Microsoft believes was forked from an older software known as Loki.
As per the tweet by the tech giant, Anubis can steal digital wallet credentials, credit card details, and other valuable financial information of the users. Like some other malware variants, it primarily spreads through fake and phony websites. Once Anubis infects a computer, it goes over the files for any valuable information and then uses an HTTP Post command to send it over to the hackers. Microsoft revealed that they had first come across Anubis back in June. The malware has the same name as a Trojan horse malware that had infected Android devices for months.
According to the company, the new threat can be managed because it appears to have been propagated through targeted and limited campaigns. However, they did say that users should be wary of any suspicious email links or websites they receive. While Microsoft is directing users’ attention towards a new malware strain, researchers gave also discovered that an old threat resurfacing. ESET, a notable cybersecurity firm, revealed last week that they had seen some activity from KryptoCibule. This particular crypto-malware has been around for some time. The report explained that the company had discovered the first iteration of the malware back in December 2018.
Back then, it had worked as a mining utility for Monero, an asset that had been focused on privacy. The users’ system access was quietly harvested by KryptoCibule and it used it for mining the asset and sent it back to the hackers’ wallets. The asset had evolved last February and had incorporated a wallet exfiltration method, which enabled it to harvest entire crypto wallets of the victims from their devices. However, the current version has the capability of launching a multiple-pronged attack on the users. Along with the wallet theft and Monero mining, it has added an Ethereum miner called kawpowminer into its system.
Copy-pasted wallet addresses can also be replaced by the malware, which allows it to directly hijack the digital assets of the users. According to ESET, most of the KryptoCibule victims are based in the Czech Republic and Slovakia and they have been downloading the malware through torrent files on a platform called Uloz. Luckily, the malware hasn’t gotten a lot of downloads. It seems that the malware operators earn more by mining crypto and stealing wallets than through hijacking due to which they haven’t paid much attention to this aspect.