Malware Infects Over 28,000 Users, Nets Only $6,000 in Crypto

Bitcoin Scam cyberattack
The malware's reach extended across several countries, including Russia, Belarus, Uzbekistan, and more.
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
For over a decade, Cryptonews has covered the cryptocurrency industry, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

A recent wave of malware infections has impacted over 28,000 users, primarily targeting their devices to mine and steal crypto.

However, despite the scale of the operation, the hackers managed to secure only around $6,000 worth of digital assets, according to cybersecurity firm Doctor Web.

On October 8, Doctor Web revealed that the malware, which posed as legitimate software, infiltrated users’ devices by disguising itself as office tools, game cheats, and online trading bots.

Malware Targets Users Across Different Countries

The malware’s reach extended across several countries, including Russia, Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.

The cybercriminals employed sophisticated techniques to evade detection.

They used password-protected archives to bypass antivirus scans and disguised malicious files as system components.

The malware also relied on legitimate software to execute harmful scripts, making it more difficult for users to identify the threat.

Once installed, the malware utilized the infected device’s computing power to mine cryptocurrency.

Additionally, it featured a “Clipper” function, which monitored and altered crypto wallet addresses copied to the device’s clipboard.

This allowed the attackers to replace the user’s intended wallet address with one they controlled, diverting funds to their own accounts.

The cybersecurity firm noted that many users fell victim to the malware by downloading pirated software from fraudulent GitHub pages and malicious links found in YouTube video descriptions.

Doctor Web emphasized the importance of obtaining software from official sources to prevent such infections.

While the malware managed to infect tens of thousands of devices, the financial gains were surprisingly modest, with only around $6,000 stolen through altered wallet addresses.

The earnings from the crypto-mining activities remain unclear.

This incident follows a warning in September from Binance, a major cryptocurrency exchange, about increased activity from similar clipboard-changing malware, which led to notable losses for users.

More recently, it was revealed that cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

Fake Wallet App Steals $70K in Crypto

As reported, a fraudulent crypto wallet app on Google Play has stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.

The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.

The deceptive app managed to deceive over 10,000 users into downloading it, according to Check Point Research (CPR), the cybersecurity firm that uncovered the scam.

The scammers behind the app were well aware of the typical challenges faced by web3 users, such as compatibility issues and the lack of widespread support for WalletConnect across different wallets.

They cleverly marketed the fraudulent app as a solution to these problems, taking advantage of the absence of an official WalletConnect app on the Play Store.

More Articles

News
IcomTech Promoter Sentenced To Decade In Federal Prison
Julia Smith
Julia Smith
2024-12-04 22:11:25
DeFi News
Sol Strategies Sets the Stage for Growth with New Validator Acquisition
Hassan Shittu
Hassan Shittu
2024-12-04 19:20:27
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors