Cybervillains Are ‘Harvesting’ Crypto in Low-cost Hacking Campaigns
Security experts are warning cryptocurrency holders to be aware of cyber thieves who are using a wide range of often low-cost software to “harvest” Bitcoin and altcoins from wallets all over the world.
Per a report from cybersecurity specialist ESET, a piece of malware named Casbaneiro (aka Metamorpho) is claiming victims in areas with large Portuguese- or Spanish-speaking populations, including Brazil, Mexico, Peru, Argentina, the United States, Portugal and Spain.
ESET says that Casbaneiro is “a typical Latin American banking trojan that targets banks and cryptocurrency services” using social engineering tactics and fake pop-up windows that trick victims into entering their passwords and login details.
The security company says four different strains of Casbaneiro have already been detected, and have been in circulation since last year, although all four share very similar code.
The malware is being distributed through emails with bogus links and attachments. Once the code finds its way onto computers, it is able to collect information antivirus software, OS version information and more.
The company claims,
“[Casbaneiro] can take screenshots and send them to its server, simulate mouse and keyboard actions and capture keystrokes, download and install updates to itself, restrict access to various websites, and download and execute other executables.”
And the company states that the Casbaneiro “malware family is closely connected to” Amavaldo, another trojan that mainly targets Latin American online banking and cryptocurrency customers.
Meanwhile, another cybersecurity company named Prevailion states that it has detected an “ongoing cyber-crime campaign” named MasterMana Botnet that is targetting cryptocurrency wallets. The company says the campaign, was first detected in December last year and was still active as late as 24 September 2019.
Most alarmingly, Prevailion claims that the cost to “deploy and maintain the campaign was virtually nonexistent,” as it made use of a Virtual Private Server (available for as little as USD 60), and Trojan software Azorult, which it says is available “on Russian forums at prices ranging up to USD 100.”
Previous versions made use of Revenge Rat software. That trojan is available online for free on certain websites, bringing the campaign operation price down to just USD 60.
The company described the malware as “older, but still highly effective.”
The MasterMana Botnet campaign involves hackers sending enormous quantities of phishing emails to unsuspecting users, featuring attachments riddled with malicious code.
The malware provides hackers with backdoor access to email accounts, messenger applications such as Telegram, web cookies, browser history and – most worryingly, perhaps – cryptocurrency wallets.
The security company said the code also provided “functionality that could allow an actor to deploy additional payloads, such as cryptominers and ransomware.”