A new strain of cryptocurrency malware is spreading via YouTube, tricking users into downloading software designed to steal data from 30 crypto wallets and browser extensions.
cyber intelligence company Cyble, in a June 30 blog post, said it had been tracking malware known as “PennyWise” -probably named after the monster in Stephen King’s horror novel “It”- Since he was identified by first once in may.
“Our investigation indicates the thief is an emerging threat,” Cyble wrote. in a blog post on June 30.
“In its current iteration, this stealer can target over 30 cryptocurrency browsers and applications, such as offline cryptocurrency wallets, cryptocurrency browser extensions, etc.”
The data stolen from the victim’s system comes in the form of information from Chromium and Mozilla browsers, including cryptocurrency extension data and login data.. It can also take screenshots and steal sessions from chat apps like Discord and Telegram.
The malware also targets offline wallets like Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda, and Coinomi, as well as wallets that support Zcash and Ethereum, by searching for wallet files in the directory and sending a copy from files to attackersaccording to Cyble.
The cybersecurity company noted that malware is spreading on educational YouTube mining videos pretending to be free Bitcoin mining software.
Cybercriminals, or “Threat Actors”, upload the videos directing viewers to visit the link in the description and download the free software, while also encouraging them to disable their antivirus software, allowing the malware to spread. run successfully.
Cyble said that the attacker had up to 80 videos on his YouTube channel as of June 30, however the identified channel has since been removed.
A search by Cointelegraph found that malware-like links continue to exist on other, smaller YouTube channels; there are videos promising free NFT mining, cracks for paid software, free Spotify premium, game cheats and mods.
Many of these accounts have been created in the last 24 hours.
Curiously, the malware is designed to stop itself if it discovers that the victim is based in Russia, Ukraine, Belarus and Kazakhstan. Cyble also discovered that the malware converts data from the victim’s stolen time zone to Russian Standard Time (RST) when the data is sent back to the attackers.
In February, malware called Mars Stealer was identified that was targeting cryptocurrency wallets that work as Chromium browser extensions.such as MetaMask, Binance Chain Wallet, or Coinbase Wallet.
Chainalysis warned in January that even Malware is being used by “low-skilled cybercriminals” to steal funds from crypto wallets, with cryptojacking accounting for 73% of the total value received by malware-related addresses between 2017 and 2021.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.