SpriteCoin cryptocurrency ransomware spy on user, steal saved passwords

Another day, another ransomware scam but this time scammers are tricking users by introducing them to a cryptocurrency called “SpriteCoin” that does not exist in reality.

The IT security researchers at Fortinet have discovered a new ransomware scam in which hackers claim to introduce a new ‘profitable’ cryptocurrency SpriteCoin and ask a targeted victim to download its wallet file and create their desired password.

In reality, the wallet setup is a malware that infects Windows-based computers and locks its files on the system and does not download blockchain. Then it asks for a monetary ransom in order to decrypt the locked files, which usually is in Bitcoin but in this scam, cybercriminals ask ransom payment to be paid in Monero, an open-source cryptocurrency created in April 2014.

Fake SpriteCoin cryptocurrency ransomware also spies on users
Fake wallet signup (Credit: Fortinet)

Currently, 1 Monero is around $322 while the ransomware scam asks victims to pay 0.3 Monero which is almost $100. According to Fortinet’s blog post, during the payment phase, the victim’s Chrome and Firefox credential store are targeted and sent to a remote website that can be accessed through Tor browser but at the time of writing this article, the domain was offline. This means not only do hackers get their hands on user data and money, but also on the stored login credentials.

It is, however, unclear why the ransomware scam asks for only $100 to $120 as ransom. It could be that hackers are testing the success rate of their scam and might come back to target bigger fishes with a larger amount of ransom in the name of SpriteCoin.

“Malware authors have done their homework to ensure higher success rates. They understand that most people don’t back up their systems regularly, but if someone should perform a shadow volume or similar backup, they have logic built into the malware to defeat it. Instead, a simple offline back up of important files will save a lot of time and frustration,” said Fortinet team.

A screenshot shared by Fortinet researchers shows the ransomware note displayed on victim’s screen and how it instructs and threatens users to pay a ransom or forgot their data.

Fake SpriteCoin cryptocurrency ransomware also spies on users
Ransomware note asking victims to pay in Monero (Credit: Fortinet)

However, there is another catch, once the victim pays the ransom, rather than receiving the decryption key for their data, crooks behind this scam infect the device with another malware capable of harvesting certificates, image parsing and secretly activating device’s webcam to spy on the victim.

It is advised that users keep an offline backup of their data at all times and be smart like the IT team at California’s Sacramento Regional Transit System who had their computers infected with a ransomware and were asked to pay $7000 as ransom by the attackers. The company, however, dismissed the threats and restored the files afterward as it kept a complete backup of its data.

Just last week, Hancock Health hospital in Greenfield Indiana suffered a ransomware attack in which its entire server was hijacked by hackers and since the hospital’s IT team did not keep any backup it was forced to pay $7000 to get the decryption keys.

If you are a cryptocurrency investor or new to this business, be vigilant, look out for cyber attacks and choose a secure wallet. Here is a review list of 5 safest Bitcoin wallets.

Image credit: DepositPhotos/Chesky_w

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.