The release of Cryptocurrency Stealing Malware on Torrent

Last Modified:12 May 2020 14:36:12
The release of Cryptocurrency Stealing Malware on Torrent

In the recent years, with the advance of information and communications technology, we have seen a surge in the development of all kinds of sabotage and espionage malware. Many of these released malwares are made to steal important information so that financial goals can be achieved through them. These kinds of malwares infect the users’ computers, without letting them know and by deceiving them; and through creating a communication channel with the attacker, they give the attacker the stolen information. The emergence of cryptocurrencies and their financial value in recent years have attracted the attention of cyber attackers, in a way that we have seen the release of many kinds of espionage malwares to steal cryptocurrencies.

A malware has lately been released among torrent video files to steal cryptocurrencies which works on Windows systems. This malware uses a shortcut file with. LNK extension to execute commands in Windows Power Shell to inject code into Firefox browser, and then through monitoring its user’s viewed tabs, changes the Bitcoin and Ethereum wallet addresses of these tabs with the attacker’s wallet address.

From the other tasks of this malware is injecting Javascript code into user’s well-known viewed websites to deceive him/her and steal his/her cryptocurrencies. For instance, when the user is viewing Wikipedia, he/she receives a message to donate using cryptocurrencies, which for example shows you two wallet addresses for Bitcoin and Ethereum, while in fact this message is not from Wikipedia and the donated money goes to the wallet of the attacker.

Adding fake ads to Google and Yandex search results to entice the user is another measure to steal cryptocurrencies that this malware has taken. Among other measures of this malware is inactivating Windows default anti-virus, i.e., Windows Defender, to circumvent its security mechanisms. This malware has been observed in Pirate Bay torrent network as a video file named “Girl in Spider’s Nest” with more than 2375 seeders. This shows once again that files released in torrent are not reliable and that torrent network can be used as a source to release malwares. By the time this news was released, totally $600 of cryptocurrencies was deposited in three wallets.

Security experts repeatedly advise that to avoid such incidents, adhere to the following:

- Do not download from unreliable sources.

- Do not run suspicious files on your system.

- Always keep your operating system and applied software updated.

- Use security software such as anti-virus and always keep it updated.