According to a blog published by Cybelis a new crypto malware steal data from users’ wallets and browser extensions. The researchers call the malware ‘PennyWise’. The name probably comes from the clown monster in Stephen King’s novel, ‘IT’. Many suspect that this crypto malware originates from Russia.
Cybel is a global cyber intelligence startup. The company is headquartered in Alpharetta, Georgia. According to Cyble’s researchers, the attackers distributed the PennyWise malware as free Bitcoin mining software. Using the attackers YouTube, where they upload a video on how to get “free” crypto mining software. They then ask unsuspecting users to download the free software in the description. Once downloaded, the malware does the rest.
The downloaded malware file is not only compressed, but also password protected. The attackers also shared a “VirusTotal” link of a clean file to appear legitimate. The VirusTotal link is in no way related to the downloadable file.
So far, the attackers have created more than 80 YouTube videos. This is in an effort for mass effect.
The malware steals data from browser extensions such as Mozilla and Chromium. It also steals crypto wallets and credentials. Cold wallets such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda and Coinomi are also prone to attacks. It also looks for wallets that support Ethereum and Zcash. The malware looks for wallet files in the folder and sends a copy to the attackers.
Is this crypto malware from Russia?
The interesting point is that the crypto malware will stop if it is determined that the user is located in Russia, Ukraine, Belarus or Kazakhstan. In addition, the malware converts victims’ time zones to Russian Standard Time (RST). This leads to speculation as to whether the attackers are of Russian descent.
so far, North Korea has been the best crypto thief. But with sanctions hitting them hard, Russia also seems fit for theft. Countries hit by sanctions rarely have other means of raising money. If not the state, it could also be private hackers. In Russia, however, there is little that the state does not know. It would be impossible for small hackers to commit major crypto heists without the state’s knowledge.