A recent wave of malware infections has affected over 28,000 users, primarily targeting their devices to mine and steal cryptocurrency. Despite the operation’s scale, the hackers secured only about $6,000 worth of digital assets, according to cybersecurity firm Doctor Web.
On October 8, Doctor Web reported that the malware, posing as legitimate software, infiltrated devices by masquerading as office tools, game cheats, and online trading bots. The malware spread across several countries, including Russia, Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.
The cybercriminals used advanced techniques to avoid detection, such as password-protected archives to bypass antivirus scans and disguising malicious files as system components. The malware also executed harmful scripts using legitimate software, making it hard for users to identify the threat. Once installed, the malware utilized the infected device’s computing power to mine cryptocurrency. It also had a “Clipper” function to monitor and alter crypto wallet addresses copied to the device’s clipboard, allowing attackers to redirect funds to their accounts.
Doctor Web highlighted that many users were infected by downloading pirated software from fake GitHub pages and malicious links in YouTube video descriptions, emphasizing the need to obtain software from official sources. While the malware infected tens of thousands of devices, it only managed to steal around $6,000 through altered wallet addresses. The gains from mining activities remain unclear.
In September, Binance, a leading cryptocurrency exchange, warned about increased activity from similar clipboard-changing malware that caused significant user losses. More recently, cybersecurity scammers have been using automated email replies to deploy stealthy crypto-mining malware, following another threat identified in August. The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information like MetaMask passwords, IP addresses, and cold wallet private keys.
A fraudulent crypto wallet app on Google Play has stolen $70,000 from users in a sophisticated scam targeting mobile users. The malicious app, named WalletConnect, imitated the reputable protocol but was actually a scheme to drain crypto wallets. It managed to deceive over 10,000 users into downloading it, per Check Point Research (CPR), the cybersecurity firm that uncovered the scam. The scammers exploited the typical challenges faced by web3 users and marketed the fraudulent app as a solution, taking advantage of the absence of an official WalletConnect app on the Play Store.
#Cybersecurity #MalwareAlert #CryptoSafety #DigitalSecurity
