New Breed of Cryptocurrency Attacks Taking a Toll on Users

Cryptocurrency related crimes are yet again on the rise. A recent report from Symantec suggests that the second quarter of 2020 saw an increase in the cryptocurrency-related attacks.

Latest developments

Several new malware has been discovered using dangerous-yet-innovative tricks to target cryptocurrencies.
  • A previously undocumented trojan named KryptoCibule has been identified targeting multiple cryptocurrencies via transaction hijacking (replacing wallet addresses), stealing cryptocurrency-related files, as well as deploying other techniques to avoid detection.
  • A new P2P botnet, dubbed FritzFrog, attempted to brute-force SSH servers belonging to the government, education, financial, medical, and telecom players worldwide, with an aim to mine for cryptocurrency via the XMRig miner.
  • More than two weeks ago, yet another new cryptomining botnet called TeamTNT was found stealing AWS credentials from infected servers.
  • The XCSSET Mac Malware was found infecting Xcode developer projects, which could modify almost all content in the victim’s browser including cryptocurrency addresses.
  • A new info-stealer malware, Anubis, was found using a modified version of Loki malware source code to steal system info, credentials, credit card details, as well as cryptocurrency wallets.

Old malware learning new tricks

Besides all the new threats, a slew of malware operators have been busy upgrading their existing crypto-stealing malware as well.
  • The latest variant the Lemon_Duck cryptomining malware has been updated to target Linux devices as well as servers running Redis and Hadoop instances on them. Meanwhile, the new variant could also exploit the SMBGhost bug in Windows systems.
  • Lucifer, the cryptomining DDoS malware that targets vulnerable Windows systems and turns them into Monero cryptomining bots, has been updated to target Linux systems as well.

Threat actors grabbing share

Researchers reported that the Lazarus group is now using a tailored version of the Mimikatz tool to harvest credentials of financial services such as cryptocurrency wallets or online bank accounts while running several campaigns targeting the cryptocurrency vertical.

The bottom line

The increasing number of cryptocurrencies scams and attack campaigns suggest that it is presently one of the most heavily targeted sectors. Also, it has become a major illicit revenue source for cybercrime groups globally as it provides a channel to escape the scrutiny from law enforcement authorities.