Cybersecurity company Avast has identified a new scam targeting cryptocurrency holders is netting the creators of it at least $50,000.
According to CyberNews, the scam uses cracked or free duplicated software and has taken the money from 37 cryptocurrency wallets, some of which have been emptied.
The publication remarked that the threat actors launched their attack on the unwary from ‘dubious sites that supposedly offer cracked versions of well-known and used software’ such as games, office programs, or programs for downloading multimedia content.
The sites linked to a malware payload which Avast claims could have infected 10,000 machines a day – primarily in Brazil, Indonesia, France and India.
Avast said, “The second interesting technique that we observed in connection with this campaign was the use of proxies to steal credentials and other sensitive data from some crypto marketplaces.
“Attackers were able to set up an IP address to download a malicious proxy auto-configuration script. By setting this in the system, every time the victim accesses any of the listed domains, the traffic is redirected to a proxy server under the attacker’s control.
“This type of attack is quite unusual in the context of the crypto stealing activity. However, it is very easy to hide it from the user, and the attacker can observe the victim’s traffic at given domains for quite a long time without being noticed.”
Copyright © 2022 RegTech Analyst
Copyright © 2018 RegTech Analyst