Microsoft invents a new type of malware aimed at stealing cryptocurrencies


You may have heard of “ransomware”, “cryptojackers”, banking Trojans or “information thieves”. Today, Microsoft is introducing the term “cryware” into the cybersecurity lexicon, anticipating that more and more people will soon start using “cryptowallets”, those electronic wallets intended to hold – and make money from – assets denominated in cryptocurrencies.

Microsoft says it coined the term to describe an emerging class of malware spawned by the growing (but volatile) market capitalization of digital assets, or cryptocurrencies, which peaked at nearly $3 trillion in 2021.

“Cryware is a type of information-stealing malware that targets online passwords stored in a browser, but also seeks to retrieve the private keys of internet-connected cryptocurrency hot wallets stored on a device. (as opposed to cold wallets that contain offline cryptocurrencies) “, we explain on the side of the Redmond firm.

More and more coveted wallets

“Cryware are information thieves that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets. As hot wallets, unlike custodial wallets, are stored locally on a device and allow easier access to the cryptographic keys needed to perform transactions, more and more threats are targeting them,” Microsoft teams also observe in a statement. blog post.

It is true that in recent years, malware traditionally capable of stealing browser passwords and other information has been modified to steal information from cryptocurrency wallets, as Azorult did in 2019. Azorult, the clipboard hijackers ClipBanker, Mars Stealer, Redline and Raccoon are among Microsoft’s list of growing cryware threats.

However, Microsoft insists: cryware actually reflects a change in the way attackers use cryptocurrencies in attacks. Ransomware, for example, uses it as a form of payment that the victim transfers manually, while cryptojackers install miners on target devices. Cryware, on the other hand, targets a cryptocurrency wallet to quickly and irreversibly transfer cryptocurrencies to their own wallets.

Malware invented from scratch by Microsoft?

“Unlike credit cards and other financial transactions, there are currently no mechanisms available that could help reverse fraudulent cryptocurrency transactions or protect users from them,” Microsoft management argues to explain the appeal of this new type of malware among cybercriminals. The American giant has also found that ransomware uses cryware to steal cryptocurrency funds from a targeted device.

Microsoft expects more companies to install hardware wallets on corporate networks in the future as they shift some of their assets to cryptocurrencies, although few knowingly have it on their networks today.

For Microsoft teams, cryware can steal wallet information such as private keys or bootstrap phrase from the user’s clipboard, looking for patterns that look like a hot wallet address. . Malware can use core dumping to capture private keys in the clear from a browser process. Then there’s key logging, phishing, and fake e-wallet apps. This type of malware can also steal the storage files of a wallet application.

Whether or not you agree with Microsoft’s creation of this new malware typology, the company’s researchers have some helpful tips for protecting “hot wallets”:

  • Lock e-wallets when not actively in use.
  • Disconnect sites connected to the wallet.
  • Avoid storing private keys in the clear.
  • Be careful when copying and pasting information.
  • Ensure that browser sessions are terminated after each transaction.
  • Consider using wallets that implement multi-factor authentication.
  • Beware of links to wallet sites and apps.
  • Double check e-wallet transactions and approvals.
  • Never share private keys or seed phrases.
  • Use a hardware wallet unless it needs to be actively connected to a device. Hardware wallets store private keys offline.
  • Reveal file extensions of downloaded and saved files. In Windows, enable the “File name extensions” option under “View” in File Explorer, to see the actual file extensions on a device.

Source: ZDNet.com





Source link -97