In the past, Blockonomi has reported on the significance of malware in the cryptocurrency space, and unfortunately, the threat still exists. A new form of malware is now targeting cryptocurrency transactions, but the process is a little strange to say the least.
The software is artificial intelligence (AI) driven, and once downloaded to your computer, it will sit there until the hackers behind it are able to find your login and password information. However, action is not taken right away. Instead, the malware waits until the unknowing victim visits a Wikipedia page. At the top, they’re likely to see the advertisement that one often sees when meandering through the Wikipedia website that explains how one can make a small donation to keep the venture going.
Upon clicking on this, they’re taken to a page that explains how Wikipedia has started accepting cryptocurrency donations. Both a bitcoin and Ethereum address are prominently displayed on the screen. Too bad these addresses don’t belong to Wikipedia…
The malware works by replacing these addresses with those of the hacker(s). Thus, the victim isn’t donating to Wikipedia, but rather to those responsible for installing malware onto their computer.
The Threat Exists on Larger Levels
To make matters worse, the issue doesn’t only occur with Wikipedia. An anonymous security professional explains:
“It’s not just Wikipedia that will start sprouting scam crypto address. The malware is designed to replace addresses where it can on a range of sites.”
For example, the malware has shown an ability to change and alter Google searches. The hackers can doctor ads that appear at the top of a visited page. Google tends to charge quite a bit of money for this feature, but the hackers have managed to somehow work their way around this to entice unsuspecting people.
Things Are Getting Rough Out There
It’s a scary thought to say the least, and it offers more insight into how spammers and those with malicious intent are making their money – specifically regarding just how elaborate some of the methods are. Something like this likely requires complicated code, though to be fair, it’s not the first time crypto-based malware has made itself present.
Previously, most malware damaging the cryptocurrency industry has come in the form of crypto-jacking schemes in which “nasty software” is downloaded to a person’s computer and secretly mines cryptocurrency without their knowledge or permission. Most often, the cryptocurrency being extracted is Monero, a popular asset commonly associated with anonymity. In addition, the process runs up a very high energy bill for the victim.
Among the most recent strains of new malware include Smoke Loader, which cybersecurity firm Check Point recently moved into the top ten list of most dangerous and deadly forms of malware today. What makes Smoke Loader so rotten is the fact that it serves as a catalyst for other forms of malware, i.e. Trojans, TrickBot and Panda Baker. Smoke Loader allegedly downloads these items to your computer, giving you a whole new swell of problems.
The Issue Intensifies
Check Point’s threat intelligence and research group manager Maya Horowitz explained:
“[Smoke Loader’s] sudden surge in prevalence reinforces the growing trend towards damaging, multi-purpose malware in the Global Threat Index, with the top ten divided equally between crypto miners and malware hat uses multiple methods to distribute numerous threats.”
Other major forms of malware discussed include Coinhive, which remains one of the most prominently used forms of malware today. Coinhive mines Monero and has been installed on some of the biggest platforms in existence, including Google apps.
On a lighter note, there’s some good news in the sense that various analysts believe hackers and malware installers may soon lose interest in getting their fingers on crypto funds given their falling values.