Although the cryptocurrency mania that drove the Bitcoin price to $ 20,000 has been able to subside, the threat posed by the most experienced cybercriminals has not disappeared.
Indeed, the information security company Kaspersky Labs has explained in detail how some of the most popular Internet malware has evolved to better target users and cryptocurrency services.
Kaspersky's researchers have identified five threats for cryptocurrency users, while hackers are eager to exploit those who are still learning to navigate the new digital asset economy.
This neighborhood has seen the notorious Trojan horse Rakhni morph to more effectively steal cryptocurrency. When Rakhni was found in 2013, he focused solely on device encryption and data retention.
Kaspersky Labs notes that new versions of Rakhni have been discovered in the last three months. The new ones start by checking if Bitcoin related files are stored on the target computer. If he finds a match, he will encrypt the device and ask for a ransom.
If there are none, Rakhni installs malicious software that steals computing power to generate cryptocurrency before attempting to spread to the rest of the computers on the network.
Last week, Hard Fork reported that Switzerland has ranked two Trojans that have evolved in the same way among the most common malware infesting the Internet.
2. Social engineering and phishing
Cyber criminals have also focused on social engineering to exploit new cryptocurrencers. Traditional techniques like phishing and fraudulent websites are always on the rise.
In the first half of 2018, Kaspersky recorded 100,000 attempts to redirect unsuspecting people to fake pages that mimic the authorization pages of popular cryptocurrency exchanges such as Binance, Kraken and Bittrex.
The quarterly analysis also reveals that the attackers also urge their victims to disclose sensitive information by prompting them to a formal identification process after registering with fake cryptocurrency services.
"Fraudsters are also trying to use crypto-currency speculation to deceive people who do not have a wallet: they incite them to fake crypto-wallet sites, promising registration bonuses, including bonuses. crypto-currencies, "warns Kaspersky. "In some cases, they collect personal data and redirect the victim to a legitimate site. In other cases, they open a real wallet to the victim, which is compromised from the start. "
3. Mining botnets of cryptocurrency
"Zombie networks" refers to computers in the network that are infected with malware and can be controlled remotely. Usually, botnets are focused on spreading malware through spam or performing paralyzing distributed denial of service attacks.
In the last three months, this has changed. Kaspersky argues that cybercriminals are beginning to view bot networks primarily as cryptocurrency tools.
The researchers found that the number of zombie networks spreading cryptocurrency malware had increased this year. The number of malware downloaded via special virus loaders called "droppers" has also increased. Droppers are usually distributed by machines controlled by a botnet.
"[This reflects] the fact that the attacks take place on several levels and become more and more complex, "explains Kaspersky. "[But i]More and more, zombie networks are rented according to customer needs. It is therefore often difficult to identify the "specialization" of the zombie network.
Overall, this change has led Kaspersky Labs to register more than 2.7 million instances of people who have come into contact with cryptocurrency malware since 2017.
Bitcoin's "sextorsion" e-mail was one of the most common scams this quarter.
The perpetrators of the scam tried to gain credibility by using stolen passwords to create the illusion that the victim's computer had been compromised, and the attacker had recorded a video informing them of pornography.
"The rogue includes a legitimate password in the message, in order to convince the victim that it has actually been compromised," Kaspersky explains. "It seems that the passwords used are real, although in some cases at least they are very old. The passwords were probably obtained on a clandestine market and originate from an earlier data breach. "
5. Malware on Mac OS
Despite the many threats analyzed by Kaspersky Labs during the year, the state-sponsored hacking team Lazarus is the main driver of attacks against companies and financial operators in the cryptocurrency sector.
Hard Fork previously announced that Lazarus had successfully infiltrated popular cryptocurrency exchanges, financial technology companies and even banks, prompting employees to download a Trojanized crypto-encrypted trading application (and false).
Kaspersky Labs warns that the success of its groups will lead to the creation of new malicious software specifically for Linux operating systems, knowing that it is the first instance of Lazarus using Malware specially designed for Mac OS.
"It seems that, in the pursuit of advanced users, software developers of supply chains and some high-profile targets, the players in the threat are forced to develop tools to fight against Mac OS malware" , noted Kaspersky researchers. "The fact that the Lazarus group has expanded its list of targeted operating systems should be a wake-up call for users of non-Windows platforms."
Lazarus is not a joke. A few months ago, the group turned out to be the most powerful cryptocurrency cracker in the world, having earned $ 571 million in cryptocurrency badly acquired since last year.
Posted on November 12, 2018 – 14:47 UTC