BleepingComputer reports that more than 28,000 individuals across the Eurasian region, most of whom were from Russia, had their cryptocurrency assets compromised in a massive cryptostealer malware operation.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives, which then deploy obfuscated scripts, an AutoIT interpreter, and DLL files before tracking and terminating active debugging tools, according to a Dr. Web report. Researchers then noted the delivery of the "Deviceld.dll" payload running SilentCryptoMiner and the "7zxa.dll" payload exchanging copied wallet addresses in the Windows clipboard for attacker-controlled addresses, which was found to have stolen $6,000 worth of cryptocurrency transactions. Obtained system information would then be exfiltrated by threat actors using a Telegram bot. Such a development emphasizes the importance of downloading software only from official websites.
