Riding on the back of the cryptocurrency hype, a malware is disguising itself as a fake cryptocurrency wallet. And it’s not just any type of malware, we are talking about a ransomware type of attack. Once it infects a target, it secretly encrypts the user’s files. (source Fortinet)
According to Investopedia there are 6 main cryptocurrencies: Litecoin (LTC), Ethereum (ETH), Zcash (ZEC), Dash, Ripple (XRP), Monero (XMR). The site coinmarketcap is a good tool to find how many currency exist at a any given time; the current count is up to 1494.
The rush for cryptocurrency can be compared to California’s 1848 gold rush. Wanting to be a part of the Crypto-Rush, most people jump in the “waves” without doing any proper research And this is exactly the behavior on which certain entities rely in order to deliver malware to their targets. Mark Beaumont wrote an article for the Guardian in which he explained his journey into the cryptocurrency world.
The attackers behind this campaign, lure in their victims by prompting them with a convincing Initial Coin Offering message. In order to get that cryptocurrency, the user has to download a wallet app package. Once installed, the app will ask the user to set up a password in order to get access to SpriteCoin’s blockchain.
Unfortunately, for the user, the app will start encrypting all files on the infected computer; the files will be assigned at .encrypt suffix. The ransom message will appear and ask for 0.3 monero in order to decrypt all the files.
What is even more sinister is the fact that during the decryption of the files, right after the user has paid the ransom, more malware is being downloaded to that computer. This malware can perform web camera activation, key parsing, and certificate harvesting.
According to Fortinet “While have not yet fully analyzed this malicious payload, we can verify that it does have the capability to activate web cameras and parse certificates and keys that will likely leave the victim more compromised than before.”
These people are using social engineering in order to fool people into clicking and installing their malicious software. Most of the time they are exploiting the innate curiosity that is present in all of us. This article by David Bisson explains in detail how social engineering is used by certain parties in order to achieve their nefarious plans.
As always, do not assume that you are safe when being online. If something seems to good to be true, than most of the time it’s a scam.