Another week has gone by, and again we’re stuck reporting on a malware issue.
Since crypto first exploded onto the financial scene a few years ago, it seems malware and cybertheft have become primary branches of the equation. Where there’s crypto, there are – and likely always will be – those behind closed doors in darkened rooms looking to steal it.
Let’s See the Latest Threat
The latest soldier in the ongoing war against crypto is known as the Razy Trojan. The software is typically distributed via websites, advertising banners and free file hosting services that disguise themselves as legitimate software. The malware can be installed onto Google Chrome extensions, as well as Mozilla, Firefox and Yandex Browsers, disabling automatic updates and bypassing the “integrity checks” that are often required for such files to move forward.
From there, Razy will steal cryptocurrency funds by searching through websites for digital wallet addresses. Granted it’s able to find them, it replaces these addresses with those controlled by the hackers operating the malware.
This Is Some Sneaky Software…
Razy is also known to impersonate QR codes that point to crypto wallets. It can alter or change digital currency exchanges’ webpages and display messages that suggest new features are available for users. It can also mix up or change search results on Google and related search engines to potentially trick people into examining infected sites.
The Razy Trojan is very similar with another form of malware discovered six months ago in July 2018. This was when website security firm Fortinet came across malware that ultimately modified victims’ clipboards to replace bitcoin addresses with ones owned by the malware’s instigators. Security researchers later uncovered a form of malware known as Dark Gate, which could flat-out steal crypto funds from unsuspecting users’ wallets.
Professional cybersecurity experts claim that if a company or individual wants to defend themselves against Razy, they’ll need to incorporate artificial intelligence (AI) into their malware defense strategies, i.e. the use of AI in detectors and cyber detection to shift or stop AI-powered attacks altogether.
This Is Nothing New
Cryptocurrency malware appears to be getting far more complicated and complex. Recently, Blockonomi reported on a new form of malicious software that targeted Wikipedia’s donation page. It was alleged that a hacker would steal a person’s private information and enter their computer without their knowledge or permission. From there, they would simply wait until that person visited Wikipedia.
Once this had happened and the request for donations appeared at the top, the malware the hacker had installed would take effect and ultimately replace the website’s crypto addresses with those of the hacker. Thus, if the person visiting offered any money to the online encyclopedia, the funds would instead be delivered straight to the hacker.
We’ve also reported on Smoke Loader, a new form of malware that cybersecurity firm Check Point dubbed as one of the top ten most dangerous forms of software around today. Smoke Loader doesn’t necessary steal anything itself, but rather serves as more of a link to other malware. The software downloads things like Trojans, TrickBot and Panda Baker to a person’s computer, giving them new problems and opening the doors to further hacks and desktop destruction.
A Peaceful Future?
As scary as this all sounds, however, it can be said that maybe, just maybe hackers are running out of ways to garner funds illegally with ease. The Wikipedia malware, for example, is quite elaborate. What if the infected individual never visits Wikipedia, or what if they do and never donate crypto? This is a very specific way of hunting down crypto funds, and it would appear there are several loopholes in the mix.
Scenarios like these suggest that defense against such attacks are improving every day, and perhaps a day will come when we’re all looking at crypto hacks as something that happened strictly in the past.