A major malware attack has targeted over 28,000 people in countries like Russia, Turkey, and Ukraine, stealing cryptocurrency. This cyberattack spreads through fake software downloads and misleading YouTube videos, making it a growing concern.
Cybersecurity firm Dr. Web discovered that the malware is disguised as real software, often hosted on fake GitHub repositories. People unknowingly download these infected files, which are usually hidden inside password-protected archives.
Cybercriminals use different methods to deceive users, such as offering pirated office software like local Microsoft Excel, game cheats, and automated trading bots. Russia experienced the most infections, but other countries like Belarus, Uzbekistan, Kazakhstan, Kyrgyzstan, and Turkey have also been hit.
Read more: Gen Z Experienced Highest Financial Losses Due to Scam, Coinbase Share The Tips to Spot Criminals
How The Malware Works
The malware infection starts when someone opens a self-extracting archive, which bypasses antivirus scans due to its password protection. Once the file is opened, various scripts are unpacked, allowing the malware to activate.
This malware is smart enough to detect if it’s running in a testing environment or if security tools are present, shutting down to avoid detection. Once it’s active, the malware modifies the Windows Registry, making sure it can start again whenever the system is used. It also hijacks legitimate system services like browser updates to maintain its presence.
The malware also disables the Windows Recovery Service and restricts access to its files, making it very hard to remove. After that, it connects to the attackers’ servers using a network tool called Ncat.
Read more: Telegram’s New Feature “Gifts”, Soon Can Be Converted to NFT
Financial Damage
This malware has two primary functions once it infects a computer. The first is mining cryptocurrency using the victim’s resources, which slows down the system and increases electricity usage. The second function involves replacing copied cryptocurrency wallet addresses with the attacker’s address, allowing them to steal funds during transactions. Dr. Web reported that around $6,000 in cryptocurrency transactions have already been stolen through this method, though the full extent of the damage is still unknown.
Beware of The Attacks
To protect yourself from such attacks, it’s essential to download software only from trusted official websites. Avoid clicking on random links in YouTube videos or promoted search results. Just because something appears on a popular platform doesn’t mean it’s safe.
Please stay cautious while using the internet!
Leave a Reply