A New Malware Campaign Targeting Cryptocurrency Wallets Uncovered by Kaspersky
Overview
A recent malware campaign targeting cryptocurrency wallets has been uncovered by security researchers at Kaspersky. The attacks, first detected in September 2022, involve malware that replaces part of the clipboard contents with cryptocurrency wallet addresses.
Details of the Attack
According to Kaspersky’s advisory, the simplicity of the attack belies its dangerous potential. The malware operates silently, making it difficult for users to detect. Unlike other types of malware that may exhibit visible network activity or increase CPU or RAM usage, clipboard injectors can remain dormant for extended periods until they execute a malicious operation.
The malware campaign observed by Kaspersky was found to be distributing trojanized Tor Browser installers, likely in response to the ban of the Tor Project’s website in Russia in 2021. The malware payload identified in the campaign is a passive clipboard-injector that monitors clipboard data for cryptocurrency wallet addresses and replaces them with addresses from a predefined list.
Geographical Impact
While the malware primarily targeted systems in Russia and Eastern Europe, instances were also observed in the US, Germany, and China, among other countries.
Defense and Mitigation
To mitigate the impact of this threat, Kaspersky recommends downloading software only from reputable and trusted sources. Victims of the malware campaign likely fell prey to downloading Tor Browser from third-party sites, as the official Tor Project installers were digitally signed and free of malware.
In a related incident, malicious Tor Browser installers were also distributed through a YouTube video explaining the Darknet.
Conclusion
The discovery of this malware campaign underscores the importance of exercising caution when downloading software and staying vigilant against evolving cyber threats. By following best practices for cybersecurity and being mindful of the potential risks, users can better protect themselves from malicious attacks.