Cybersecurity
experts at ESET published an in-depth study about a new malware named
“KryptoCibule.” This exploit specifically targets Windows users with
three methods of attack, including by installing a crypto mining app,
directly stealing crypto wallet files, and replacing copy/pasted wallet
addresses as a means to hijack individual transactions.


According to the cybersecurity firm, KryptoCibule’s developers rely on the Tor network and BitTorrent protocol to coordinate the attacks.


The
malware’s original incarnation first appeared in December 2018. At that
time, it was merely a Monero mining utility that quietly harvested
user’s system resources to generate the currency. By February 2019,
KryptoCibule had evolved to include ways to exfiltrate crypto wallet
files from victim machines. Since then, the malware has added a third
dimension to its attack base with the inclusion of kawpowminer — an
application that mines Ethereum (ETH).


ESET
telemetry revealed that victims have been actively downloading infected
torrent files which contain KryptoCibule via a file-sharing site named
Uloz. Most appear to be located in the Czech Republic and Slovakia.


The researchers noted that, despite its age, the malware “doesn’t seem to have attracted much attention until now”:



“Presumably
the malware operators were able to earn more money by stealing wallets
and mining cryptocurrencies than what we found in the wallets used by
the clipboard hijacking component. The revenue generated by that
component alone does not seem enough to justify the development effort
observed.”


Cybersecurity firm Symantec noted
in August that Blockchain assets began surging in price following the
March crash, claiming that this triggered a new wave of cryptojacking
attacks.


source link : https://cointelegraph.com/news/researchers-are-calling-this-new-malware-a-triple-threat-for-crypto-users