• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New malware stealing login data, bitcoin from cryptocurrency wallets

February 1st, 2017 Agan Uzunovic Security, Malware 0 comments
New malware stealing login data, bitcoin from cryptocurrency wallets
Share on FacebookShare on Twitter

Cyren, an Internet security firm, has discovered a new malware that can steal bitcoin and passwords from cryptocurrency wallets on computers. The company wrote on its blog that the malware is primarily targeting banking customers and the campaign is quite huge. The US and Singapore-based users are mainly targeted by this campaign.

The malware is delivered in the form of executable attachment file via emails related to bank transfer. The recipient believes that they have received a deposit and get deceived easily. The cybercriminals are using bots to generate phony emails that appear to be sent by prominent and reliable banks including Emirates NBD and DBS. The file is usually in PDF format with the filename Swift_Copy.Pdf.exe.

According to Cyren researchers, the malware; when executed deletes itself and generates a file called Filename.vbs. This file is created in the startup folder of Windows OS. When the victim restarts the PC or logs into the computer again after signing out the malware script runs and the file is located in this folder: AppData\Local\Temp\subfolder.

The malware is designed to investigate and identify the registry for sensitive information such as passwords and other data related to software installed on the PC. A majority of the focus is on FTP and web browsing software or software that contains credential data. The malware collects data from all the web browsers installed on the computer and looks for crucial information such as usernames/passwords, cookies, cache, and history. It also locates email clients.

This malware is a type of keylogger as it can record almost everything that is typed by the user or victim on the keyboard. In fact, the location of the mouse’s clicks is also logged by the malware. As of now, the cryptocurrencies targeted by the malware include the following: “Bitcoin, Namecoin, Litecoin, Anoncoin, BBQcoin, Bytecoin, Craftcoin, Devcoin, Digitalcoin, Fastcoin, Feathercoin, Florincoin, Freicoin, I0coin, Infinitecoin, Ixcoin, Junkcoin, Litecoin, Luckycoin, Megacoin, Mincoin, Phoenix coin, Primecoin, Quarkcoin, Tagcoin, Terracoin, Worldcoin, Yacoin and Zetacoin.”

To protect yourself from this malware or other malware attacks remember never to download files from an unknown email, never click an unknown link on the Internet and do some social engineering about the scam before trusting the sender.

Via: CCNews, Source: Cyren | Image Via PixaBay/MichaelWuensch

  • Tags
  • Bitcoin
  • Cryptocurrency
  • hacking
  • internet
  • Malware
  • Password
  • security
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Conflicting Reports Suggest Phineas Fisher (HackBack) Arrested in Spain
Next article PSP and Xbox Forums Hacked; 2.5 Million User Accounts Stolen
Agan Uzunovic

Agan Uzunovic

Agan Uzunovic is a Bosnian journalist who is working for the country's largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

59
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

93
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

111

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us