Malware, Threat Intelligence, Phishing

Massive crypto-stealing malware operation hits Eurasia

Share
Cryptocurrency with blurred city abstract lights background

BleepingComputer reports that more than 28,000 individuals across the Eurasian region, most of whom were from Russia, had their cryptocurrency assets compromised in a massive cryptostealer malware operation.

Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives, which then deploy obfuscated scripts, an AutoIT interpreter, and DLL files before tracking and terminating active debugging tools, according to a Dr. Web report. Researchers then noted the delivery of the "Deviceld.dll" payload running SilentCryptoMiner and the "7zxa.dll" payload exchanging copied wallet addresses in the Windows clipboard for attacker-controlled addresses, which was found to have stolen $6,000 worth of cryptocurrency transactions. Obtained system information would then be exfiltrated by threat actors using a Telegram bot. Such a development emphasizes the importance of downloading software only from official websites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.