Cyren, an Internet security firm, has discovered a new malware that can steal bitcoin and passwords from cryptocurrency wallets on computers. The company wrote on its blog that the malware is primarily targeting banking customers and the campaign is quite huge. The US and Singapore-based users are mainly targeted by this campaign.
The malware is delivered in the form of executable attachment file via emails related to bank transfer. The recipient believes that they have received a deposit and get deceived easily. The cybercriminals are using bots to generate phony emails that appear to be sent by prominent and reliable banks including Emirates NBD and DBS. The file is usually in PDF format with the filename Swift_Copy.Pdf.exe.
According to Cyren researchers, the malware; when executed deletes itself and generates a file called Filename.vbs. This file is created in the startup folder of Windows OS. When the victim restarts the PC or logs into the computer again after signing out the malware script runs and the file is located in this folder: AppData\Local\Temp\subfolder.
The malware is designed to investigate and identify the registry for sensitive information such as passwords and other data related to software installed on the PC. A majority of the focus is on FTP and web browsing software or software that contains credential data. The malware collects data from all the web browsers installed on the computer and looks for crucial information such as usernames/passwords, cookies, cache, and history. It also locates email clients.
This malware is a type of keylogger as it can record almost everything that is typed by the user or victim on the keyboard. In fact, the location of the mouse’s clicks is also logged by the malware. As of now, the cryptocurrencies targeted by the malware include the following: “Bitcoin, Namecoin, Litecoin, Anoncoin, BBQcoin, Bytecoin, Craftcoin, Devcoin, Digitalcoin, Fastcoin, Feathercoin, Florincoin, Freicoin, I0coin, Infinitecoin, Ixcoin, Junkcoin, Litecoin, Luckycoin, Megacoin, Mincoin, Phoenix coin, Primecoin, Quarkcoin, Tagcoin, Terracoin, Worldcoin, Yacoin and Zetacoin.”
To protect yourself from this malware or other malware attacks remember never to download files from an unknown email, never click an unknown link on the Internet and do some social engineering about the scam before trusting the sender.