- Malware targets near 30 crypto wallets and browsers to steal money.
- Cybercriminals unusually push the users to download the software.
According to Cyble Research Labs, a crypto-stealing malware, named PennyWise, has been spreading throughout YouTube. The malware generally targets browser extensions and cryptocurrency wallets such as Zcash and Ethereum, to steal information and funds from those wallets. Cyble, a cyber intelligence company that recognized crypto-malware in May and denoted it as an emerging massive threat.
Cyble team stated:
In its current iteration, this stealer can target over 30 browsers and cryptocurrency applications such as cold crypto wallets, crypto-browser extensions, etc.
Along with Zcash and Ethereum, cold wallets such as Electrum, Atomic Wallet, Guarda, Coinomi, Armory, Bytecoin, Jaxx, Exodus, etc are also targeted by the malware.
Cybercriminals Rolling On YouTube
PennyWise advertises itself as a free Bitcoin mining software, uploading mining tutorial videos on YouTube. According to Cyble, there were a total number of 80 videos on their YouTube channel, having a high risk of widespread alarm over the users. They upload videos that advise viewers to turn off their antivirus software and say it is completely safe.
In addition to that, the malware adds a link in its description and encourages its users to download the software for free. The malware can capture user sessions from communicative applications like Telegram, by taking screenshots of such programs. It focuses on files that are less than 20kb including JSON, DOC, TXT, RTF, and DOCX. Also, it targets the information on the Chromium and Mozilla browsers.
The crypto-stealer malware is a well-structured data stealer, but it is still unknown. It collects data from someone’s operating system including username, system language, and timezone, which converts into Russian Standard Time. They fully stop all their entire operations, if their victim is from some specified nations such as Russia, Kazakhstan, Ukraine, and Belarus.