• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

MoneroPay Malware Pretends to Be a Cryptocurrency Wallet

January 25th, 2018 David Balaban Cyber Crime, Hacking News, Malware 0 comments
MoneroPay Malware Pretends to Be a Cryptocurrency Wallet
Share on FacebookShare on Twitter

A brand new ransomware malware that is called MoneroPay has been found. Its developer is taking advantage of the cryptocurrency gold rush. MoneroPay impersonates a cryptocurrency wallet to store SpriteCoin. There is no real SpriteCoin for now, it’s a fake.

Gullible crypto-enthusiast rushed to install what looked like a wallet, but once on the machine, it started encrypting all their files.

MoneroPay ransomware appeared first around January 6, 2018. It was listed on the world’s biggest cryptocurrency discussion forum called BitcoinTalk.

The forum thread created in the Altcoin discussion section included a link to a one-page website that briefly explained the essence of SpriteCoin and offered to download its wallet.

Crooks posted their fake offer in a popular place where developers often announce their new cryptocurrencies. It looks like plenty of people started to download the fake wallet. Cryptocurrencies are so hot now. People rush to make as much money as possible through mining these new coins before the difficulty increases. It is important to start mining early.

When installing new wallets, many of active miners disable their antiviruses. A lot of wallets used to trigger quite a few false alerts from AV. It’s OK in this quickly growing industry to trigger antivirus alerts. MoneroPay authors are banking on this fact. Their ransomware got installed quietly. Users were unaware of it until it was late.

Fake Blockchain setup

As with most wallets, if you install it, you need to sync it with the blockchain. Ransomware author used this feature in order to start silently encrypting the files while pretending to be connecting to the blockchain and synchronizing. It’s a perfect cover for any ransomware as both synchronization and file encryption require a lot of processor and memory activity.

Once the so-called blockchain synchronization is over, MoneroPlay locks the screen and shows a ransom note. At this moment, victims realize they have been pawned. MoneroPlay asks for 120 USD ransom to be paid with Monero. It’s a moderate amount of other ransomware strains usually require 1,000 USD or more. Besides file encryption, MoneroPlay steals passwords from web browsers.

Cryptocurrencies are attracting criminals more and more. Wallets get infected, online exchanges get breached, and phishing sites are all over the place.

Crypto-enthusiasts should have a working backup of all files to be restored in case of MoneroPlay or any other desktop or mobile ransomware. All new wallets should be scanned for malware using VirusTotal or similar services. Your antivirus software should include behavioral detection, not just signatures. Don’t click on strange links and be cautious opening email attachments.

Previous coverage on MoneroPay ransomware scam is available here.

  • Tags
  • Fake Cryptocurrency Wallet
  • MoneroPay
  • Ransomware
Facebook Twitter LinkedIn Pinterest
Previous article Hacker Used Malware To Hike Prices for Gas Station Customers
Next article Security flaw in Moto G5 Plus allows anyone to bypass lockscreen
David Balaban

David Balaban

David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.

Related Posts
Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

Man jailed after attempting to buy 3-year-old girl on dark web

Man jailed after attempting to buy 3-year-old girl on dark web

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

40
Why you should never use free a VPN
Drones

Why you should never use free a VPN

27
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

224

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us