Fun

Research: New Malware Employs Tor and Bittorrent To Steal Bitcoin and Ether

News Feed - 2020-09-04 06:09:39

Research: New Malware Employs Tor and Bittorrent To Steal Bitcoin and Ether


A new trojan called Krypto Cibule uses infested computers’ power to mine cryptocurrency, steal crypto wallet files, and redirect incoming digital assets to a hacker address. The malware rides on the Tor network and the Bittorrent protocol to perform attacks, according to an extensive report by cybersecurity company, ESET.


“Krypto Cibule is spread through malicious torrents for ZIP files whose contents masquerade as installers for cracked or pirated software and games,” researchers Matthieu Faou and Alexandre Cote Cyr, detailed in their report published September 2.


The malware is mostly active in the Czech Republic and Slovakia where it has been responsible for hundreds of attacks. Most victims downloaded the malware from files hosted on a torrent site popular in the two countries called uloz.to.


The mining operations of the malware, which ESET researchers trace back to 2018, are written into XMRig, an open-source program that mines monero using the CPU, and kawpowminer, another open-source program that mines ethereum (ETH) using the GPU, with both programs set up to connect to a hacker-controlled mining server over the Tor proxy.


Researchers have attributed the little attention previously given to the trojan to the discretion of its operations. To keep the owner of the computer unsuspecting, the malware recalls the GPU miner when the battery is under 30% and stops operations altogether when the battery is under 10%.


The clipboard-hijacking operation masquerades as SystemArchitectureTranslation.exe. It monitors changes to the clipboard in order to replace wallet addresses with addresses of controlled by the malware operator in order to misdirect funds. The researchers noted:At the time of this writing, the wallets used by the clipboard hijacking component had received a little over $1,800 in bitcoin (BTC) and ethereum.


Exfiltration works by walking through the filesystem of each available drive to look for filenames that contain certain terms. ESET researchers linked the trojan to terms mostly referring to cryptocurrencies, wallets, or miners, as well as more generic ones like crypto, seed, and password. Files that could provide data such as private keys are also targeted.


According to the research team, the use of legitimate open-source tools as well as a wide range of anti-detection methods is likely to have kept the malware under the radar this far. Krypto Cibule is still being actively developed, with new features having been added in its two-year-old life.


As news.Bitcoin.com reported recently, hackers have already been plundering bitcoin through the large-scale use of malicious relays on the Tor network. Tor is a privacy-oriented network popular with bitcoin investors throughout the world.


What do you think about the new malware exploiting Tor and Bit Torrent? Let us know in the comments section below.Criminals Target Privacy Coins: How To Avoid Downloading Fake Wallet AppsSECURITY | 5 hours agoEthereum Classic Suffers 51% Attack Again: Delisting Risk AmplifiedSECURITY | 5 days agoTags in this storyAlexandre Cote Cyr, bitcoin theft, BitTorrent, cybersecurity, Czech Republic, ESET, Krypto Cibule malware, Malicious Attacks, Malware, Matthieu Faou, Slovakia, Tor Network


Image Credits: Shutterstock, Pixabay, Wiki CommonsPurchase Bitcoin without visiting a cryptocurrency exchange. Buy BTC and BCH here.Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.Read disclaimerShow comments

News Feed

Ana Paula Pereira3 hours agoInsurance, agriculture, and real estate: how asset tokenization is reshaping the status quoDuring a panel moderated by Cointelegraph editor-in-chief Kristina Lucrezia Cornèr at Swiss Web3 Fes
Genesis Trading Sees ‘Strong Signs’ of Institutional Crypto Investment Growth Accelerating Next Year
Genesis Trading Sees "Strong Signs" of Institutional Crypto Investment Growth Accelerating Next Year Genesis Trading’s head of market insights says that the institutional in
13,000 BTC Moved in 20 Months — 2010 Mystery Miner Transfers Another String of 20 Decade-Old Block Rewards
13,000 BTC Moved in 20 Months — 2010 Mystery Miner Transfers Another String of 20 Decade-Old Block Rewards Two days ago on November 10, a mystery whale transferred 20 block rewar
David Attlee44 minutes agoBill to exempt foreigners from crypto taxes passes preliminary reading in IsraelThe bill would also level up crypto bonuses with employee stock options by reducing the current 50% tax to 25%.400
Ana Paula Pereira3 hours agoBlast’s marketing approach “cheapens the work of a serious team” — ParadigmParadigm, one of Blast’s seed investors, criticized the protocol’s decision to launch a bridge before its
Venezuela Bets on De-Dollarization After Foreign Currency and Crypto Tax Is Applied
Venezuela Bets on De-Dollarization After Foreign Currency and Crypto Tax Is Applied The government of Venezuela is now focusing its action on trying to establish the bolivar as the
Bitcoin, Ethereum Technical Analysis: BTC, ETH Hit Multi-Week Low, as Sell-off Worsens
Bitcoin, Ethereum Technical Analysis: BTC, ETH Hit Multi-Week Low, as Sell-off Worsens Bitcoin moved below $22,000 on Friday’s session, as sentiment in cryptocurrency market
WWE Inks Long-Term Deal With Fanatics to Push Official Merchandise, Trading Cards, and NFTs
WWE Inks Long-Term Deal With Fanatics to Push Official Merchandise, Trading Cards, and NFTs The media and entertainment company World Wrestling Entertainment, Inc., otherwise known
Economists Expect the Fed to Reveal Another 25bps Rate Hike Before Pausing for the Rest of 2023
Economists Expect the Fed to Reveal Another 25bps Rate Hike Before Pausing for the Rest of 2023 After the March rate hike by the Federal Reserve, economists believe that the recent
Up to 99% of Mt. Gox’s $8.2B Bitcoin could be sold — Analyst
Zoltan Vardai13 hours agoUp to 99% of Mt. Gox’s $8.2B Bitcoin could be sold — AnalystNearly all of Mt. Gox’s former creditors might be looking to sell their Bitcoin, which has increased by over 8,500% in value in t
'Crypto King' Aiden Pleterski faces fraud, money laundering charges
Derek Andersen2 hours ago"Crypto King" Aiden Pleterski faces fraud, money laundering chargesPleterski and an associate were arrested months after multiple investor complaints and months of police investigation.406 Total
David Attlee14 hours agoHong Kong to use AI against superbugs and antibiotic overprescriptionThe COVID-19 pandemic significantly increased broad-spectrum antibiotic prescriptions, leading to antibiotic resistance develop