ESET

Russia, US in Top 3 for Crypto-Related Threats, Cybersecurity Report Unveils

04/10/2021 by Idelto Editor

Russia, US in Top 3 by Crypto-Related Threats, Cybersecurity Report Unveils

Threats related to cryptocurrency have followed prices, decreasing significantly after the market slump in May, suggests a recent report released by a leading internet security firm. Detections fell by almost a quarter but Russia remains the most affected country, with the U.S. ranking in the top three as well.

ESET: 1 in 10 Crypto-Focused Threats Detected in Russia

Software threats in the crypto space, mining malware in particular, are quite dependent on developments in the cryptocurrency market, cybersecurity company ESET has concluded in its Threat Report T2 2021. However, the drop in cybercriminal activity surrounding cryptocurrencies “does not mean that all was quiet,” note the authors of the study, covering the second third of the year, and add:

Cryptocurrency investments scams, in which con artists lure their unsuspecting victims to fake investment websites or impersonate government authorities and even celebrities, are more popular than ever.

Victims lost at least $80 million to this type of scam in only a few months since October 2020, the U.S. Federal Trade Commission announced in May. Meanwhile, a single crypto Ponzi scheme in Russia, Finiko, received more than half of the $800 million in crypto funds sent from Eastern Europe to scam addresses, blockchain forensics firm Chainalysis revealed in a preview of its latest Geography of Cryptocurrency report.

Nevertheless, ESET’s detections of all crypto-related threats in T2, 2021 have fallen by 23.6%. At the same time, certain countries remain deeply affected by the phenomenon. Most notably, the Russian Federation is still topping the chart, accounting for 10% of all cases. Russia is followed by Peru, with 6.8%, while the United States places third with 5.3%, the report details.

“In the past few months, we could see that while cryptominer detection rates fluctuated along with cryptocurrency prices, cryptostealer detections did not seem affected by the same factors,” said Jiří Kropáč, head of Threat Detection Labs at the Slovakia-based ESET. Cryptominers, like prices, are influenced by government regulations and major investments in specific coins, he explained.

Cryptostealers, however, are not so dependent on the volatile market, Kropáč further added. “There’s no reason for cybercriminals to abandon them if a coin drops in value, since they represent a reliable tool, bringing in profit as well as blackmail opportunities,” the ESET executive elaborated.

The European cybersecurity company also said it continued to monitor cryptojacking domains during the period covered in the report. “By the very nature of this activity – running cryptomining software in the background of compromised websites – the most visited cryptojacking domains continue to be portals with adult content, free streaming websites, torrent sites, and forums,” ESET pointed out.

Do you agree with ESET that crypto-related threats in cyberspace are influenced by cryptocurrency prices? Let us know what you think in the comments section below.

Crypto Cyberthreats Spike This Year With Russia Hit the Hardest, Report Reveals

14/06/2021 by Idelto Editor

Cyberthreats related to cryptocurrencies have increased with rising demand for the digital assets, a study has concluded. Russia, Thailand and Peru are the most affected countries by malicious attacks designed to exploit the heightened interest in decentralized money, the authors point out.

Booming Crypto Markets Bring Out Cybercriminals

Despite the ongoing Covid pandemic still leading the headlines around the world, the topic has lost some prominence in the cyberthreat landscape since the beginning of this year. At the same time, threats related to cryptocurrencies have increased alongside rising crypto prices over the past few months, shows a recent report by ESET.

Mainstream acceptance, including by celebrities and executives like famous American rapper Snoop Dogg and Tesla CEO Elon Musk, has also contributed to the growing appeal of crypto assets. “Booming cryptocurrencies bring out cybercriminals,” the company emphasized in the study, released earlier this month and quoted by RT on Monday.

Crypto-related threats started to grow in the second half of 2020 and continued to increase in the first four months of 2021. This particular malware category expanded by 18.6%, with two spikes related to cryptocurrency miners in February and April. Noting that major cryptocurrencies like bitcoin (BTC) and ethereum (ETH) have reached their all-time highs during the period, researchers commented:

The upward trend comes as no surprise, since recent months have seen cryptocurrencies dramatically increase in value, becoming much more tempting for cybercriminals.

The Russian Federation is the country that has suffered the most from cyber threats related to cryptocurrencies this year, accounting for 8.9% of all attacks. G7 leaders recently called on the government in Moscow to identify those who abuse cryptocurrency in ransomware attacks, as Bitcoin.com News reported. Russia is followed closely by Thailand, with 5.6% of the detections, and Peru comes in third with 5.3%.

Miners Drive Growth in Crypto-related Cyberthreats

Cryptocurrency mining software has been the driving force behind the growth of cryptocurrency threats, ESET said. According to the cybersecurity firm, this type of malware, including cryptojacking attacks, increased this year by 22% compared to the last four months of 2020.

Meanwhile, the share of crypto stealers dropped by 28%. Malicious software in this category often targets the biggest, most established cryptocurrencies such as bitcoin (BTC) and ethereum (ETH), the mining of which is not as profitable anymore. ESET has registered a significant increase in attacks involving ETH. Cybercriminals spreading mining software usually target smaller coins that have only recently become popular.

According to Igor Kabina, ESET Senior Detection Engineer, crypto-related criminality in the cyber space remains closely tied to ransomware as well. The increasing value of cryptocurrency, which the expert says is the go-to means of payment in such attacks, motivates perpetrators to create more ransomware. “This is because the relative anonymity offered by the cryptocurrency trading market enables threat actors to increase their profits without taking unnecessary risks,” the cybersecurity expert elaborated.

Have you been targeted in cyberattacks related to cryptocurrencies? Let us know in the comments section below.

Research: New Malware Employs Tor and Bittorrent To Steal Bitcoin and Ether

04/09/2020 by Idelto Editor

A new trojan called Krypto Cibule uses infested computers’ power to mine cryptocurrency, steal crypto wallet files, and redirect incoming digital assets to a hacker address. The malware rides on the Tor network and the Bittorrent protocol to perform attacks, according to an extensive report by cybersecurity company, ESET.

“Krypto Cibule is spread through malicious torrents for ZIP files whose contents masquerade as installers for cracked or pirated software and games,” researchers Matthieu Faou and Alexandre Cote Cyr, detailed in their report published September 2.

The malware is mostly active in the Czech Republic and Slovakia where it has been responsible for hundreds of attacks. Most victims downloaded the malware from files hosted on a torrent site popular in the two countries called uloz.to.

The mining operations of the malware, which ESET researchers trace back to 2018, are written into XMRig, an open-source program that mines monero using the CPU, and kawpowminer, another open-source program that mines ethereum (ETH) using the GPU, with both programs set up to connect to a hacker-controlled mining server over the Tor proxy.

Researchers have attributed the little attention previously given to the trojan to the discretion of its operations. To keep the owner of the computer unsuspecting, the malware recalls the GPU miner when the battery is under 30% and stops operations altogether when the battery is under 10%.

The clipboard-hijacking operation masquerades as SystemArchitectureTranslation.exe. It monitors changes to the clipboard in order to replace wallet addresses with addresses of controlled by the malware operator in order to misdirect funds. The researchers noted:

At the time of this writing, the wallets used by the clipboard hijacking component had received a little over $1,800 in bitcoin (BTC) and ethereum.

Exfiltration works by walking through the filesystem of each available drive to look for filenames that contain certain terms. ESET researchers linked the trojan to terms mostly referring to cryptocurrencies, wallets, or miners, as well as more generic ones like crypto, seed, and password. Files that could provide data such as private keys are also targeted.

According to the research team, the use of legitimate open-source tools as well as a wide range of anti-detection methods is likely to have kept the malware under the radar this far. Krypto Cibule is still being actively developed, with new features having been added in its two-year-old life.

As news.Bitcoin.com reported recently, hackers have already been plundering bitcoin through the large-scale use of malicious relays on the Tor network. Tor is a privacy-oriented network popular with bitcoin investors throughout the world.

What do you think about the new malware exploiting Tor and Bit Torrent? Let us know in the comments section below.

The post Research: New Malware Employs Tor and Bittorrent To Steal Bitcoin and Ether appeared first on Bitcoin News.