Pioneer of antivirus protection, ESET, has discovered a new malware called KryptoCibule, aimed at stealing cryptocurrencies.
ESET reported on its website today, that scientists have discovered an undocumented trojan malware family that is spreading through malicious torrents. Once the device is infected, it tries to steal as many cryptocurrencies as possible by several tricks.
Most confirmed cases were from the Czech and Slovak Republic, specifically on the uloz.to website, where the torrents are located.
The malware, as written, employs some legitimate software. Some, such as Tor and the Transmission torrent client, are bundled with the installer; others are downloaded at runtime, including Apache httpd and the Buru SFTP server,
said Matthieu Faou, ESET researcher who uncovered the new malware family.
Malware KryptoCibule was tracked until 2018 and is constantly evolving.
How does he steal cryptocurrencies?
KryptoCibule has three components that leverage infected hosts in order to obtain cryptocurrencies: cryptomining, clipboard hijacking and file exfiltration,
Presumably the malware operators were able to earn more money by stealing wallets and mining cryptocurrencies than what we found in the wallets used by the clipboard hijacking component. Alone, the revenue generated by that component does not seem enough to justify the development effort observed,
Matthieu Faou adds.
Read also: Watch out for the new Cryptojacking and DDoS Hybrid Malware “Lucifer”
Follow our social media and get news on time
