Cyber-security firm ESET has published a report today detailing a new strain of Windows malware that the company has named KryptoCibule.
ESET says the malware has been distributed since at least December 2018, but only now surfaced on its radar.
According to the company, KryptoCibule is aimed at cryptocurrency users, with the malware's main three features being to (1) install a cryptocurrency miner on victims' systems, (2) steal cryptocurrency wallet-related files, and (3) replace wallet addresses in the operating system's clipboard to hijack cryptocurrency payments.
These features are the results of extensive development work from the part of the malware's creators, who have slowly added new items to KryptoCibule's code since its first version back in late 2018.
Image: ESET
According to ESET, the malware has slowly evolved into a convoluted multi-component threat, far above what we have seen in most other malware strains.
Currently, the malware is spread via torrent files for pirated software. ESET says that users who download these torrents will install the pirated software they wanted, but they'll also run the malware's installer as well.
This installer sets up a reboot persistence mechanism that relies on scheduled tasks and then installs the core of the KryptoCibule malware (the launcher), the OS clipboard hijacker module, and Tor and torrent clients.
ESET says KryptoCibule uses the Tor client to securely communicate with its command-and-control (C&C) servers, hosted on the dark web, while the torrent client is used to load torrent files that will eventually download other additional modules, such as proxy servers, crypto-mining modules, and HTTP and SFT servers, all useful for one or more tasks in the malware's modus operandi.
Image: ESET
All in all, KryptoCibule is bad news for cryptocurrency users, ..
Support the originator by clicking the read the rest link below.
