With the growth of cryptocurrency, the threat of theft of funds from crypto wallets has grown. Microsoft has warned of a rise in Cryware malware attacks that steal information and funds from a hot crypto wallet. Cryware steals the private key, seed phrase, and wallet address, which the attacker uses to further fraudulent transactions.
“Cryware is an information thief that collects and extracts data from a hot crypto wallet. More and more attacks are targeting the hot wallet because it is stored locally on the device and provides easy access to the private key,” Microsoft said in a statement.
Unlike credit cards and other financial transactions, a fraudulent transaction cannot be reversed and the stolen cryptocurrency cannot be returned. The growing popularity of cryptocurrency attracts cybercriminals who use various means to attack crypto wallets. There are several ways to attack a cryptocurrency:
- Cryptojacker. The attacker installs malware on the victim’s device and uses computer resources to mine cryptocurrency invisibly.
- Ransomware. The attacker takes the victim’s personal information and wants a ransom in exchange for it. The cybercriminal favors cryptocurrencies for payment because of the transaction’s anonymity and low risk of detection.
- Password thief and information thief. An attacker can now remove the victim’s hot wallet data in addition to their login credentials, system information, and keystrokes.
- ClipBanker is a Trojan horse. The malware scans the victim’s clipboard and copies banking or other sensitive information. The ClipBanker Trojan now grabs data from cryptocurrency wallets, thanks to the development of cryptocurrencies.
Microsoft described methods used by scammers to steal hot wallet data, including memory resets, private key theft, phishing sites and fake apps, as well as keylogging and social engineering. Microsoft has recommended that users and organizations take several protective measures:
- block unused hot wallets;
- untie the wallet from the connected sites;
- end the browser session after each transaction;
- use multi-factor authentication;
- double check each transaction;
- use a hardware wallet to store private keys offline
Cryptocurrency ATM malware sold on hacker forums
Currently, there are not so many cryptocurrency ATMs, but hackers are already looking for ways to “profit” at their expense. Due to the rapid growth in the popularity of cryptocurrencies, specialized cryptocurrency ATMs began to appear.
These ATMs look like ordinary ATMs, but they work a little differently. The main difference between a cryptocurrency ATM is that it connects not to the user’s bank account, but to a cryptocurrency exchange, where you can buy or sell “digital” money.
The purchased cryptocurrency is then sent to the user’s cryptocurrency wallet. That is, a cryptocurrency ATM is not an ATM in the usual sense, but rather a terminal for accessing cryptocurrency exchanges.
Regular ATMs are a favorite target of hackers, but there is little information about attacks on their few cryptocurrency “brothers”. However, attackers have already set their sights on cryptocurrency ATMs.
According to the experts , malware is sold on black market forums to attack cryptocurrency ATMs. In addition to the program itself, the buyer will also receive an EMV and NFC-enabled card. According to the product description, the malware exploits a vulnerability in the service that allows you to illegally obtain bitcoins in the amount of up to 6,750 euros, dollars or pounds sterling. The cost of the malware was $25,000.
So no matter what make sure you are careful, whether online or offline
