Crypto holders using windows machines are at a huge risk of being prey to hackers. Hackers are gaining access to the machines through illegal movie downloads by users. The malware commands a chain of activities to inject code into Firefox, Yandex Search and Google browsers, eventually swapping Bitcoin or Ethereum addresses. Lawrence Abrams on having discovered the malware to be a deeper rabbit hole than imagined, warned,
“What appeared to be an ad-injector into the main Google search page turned out to be only the tip of the iceberg”.
Torrents Search leads to longer hours of entertainment
It certainly is not the kind of entertainment a movie fan is looking for. The Girl in the Spider’s Web. He was directed to a .LNK shortcut instead of a video file, the icon of which caught his attention. On performing a virus scan, results indicated a sample of CozyBear, malware used by an advanced threat actor. In a blog post, InfoArmor, a security firm, said,
“The bad actors have analysed trends on video, audio, software and other digital content downloads from around the globe and created seeds on famous torrent trackers using weaponised torrents packaged with malicious code. In some cases, they were specifically looking for compromised accounts of other users on these online communities that were extracted from botnet logs in order to use them for new seeds on behalf of the affected victims without their knowledge, thus increasing the reputation of the uploaded files.”
The malware injects hacker-promoted search results on Google search as the top search. It also injects a fake donation banner on Wikipedia stating that it now accepts cryptocurrency donations and provides two addresses. Swapping of cryptocurrency wallet address owned by the attacker occurs when users apply the copy+paste function on Windows machines. Bleeping Computer warned that the users remain unaware as they do not see any signs of the trick. They commented,
“Because the wallets are a large string of random characters, most users will likely not notice the difference between what they expected to copy and the pasted result.”
Sites Prone To Malware
The malware has surged despite the bear crypto market, recorded at almost 500% in comparison with the previous year. According to a report cryptocurrency mining malware is responsible for the fall is supply of altcoin Monero (XMR).