A new method for stealing cryptocurrencies involves using a downloadable movie file as bait, and it is also being utilized to mine cryptocurrency and manipulate Google results. In addition, the virus also attempts to steal cryptocurrency through Wikipedia donations according to security researcher ‘@0xffff08000’ (Jan 10).
One of the reasons that institutional money is still hesitant about the cryptocurrency markets is the fact that they feel the sector is widely unregulated. For example, there are those that have been hacked for cryptocurrency that have little to any recourse, and in many cases, hackers are very hard for law enforcement to track down.
There are also many hackers who develop malware specifically to mine cryptocurrency and now it appears as though there is a new “cryptocurrency jacking” threat that disguises itself as movie files.
In many of these instances, what happens is simple; hackers infiltrate a computer by tricking a user to click on a link. After they have access to the computer, they can then use the computer power to mine for different cryptocurrencies.
This is not a small issue by any means, and it is continually growing. MacAfee Labs – one of the most well-known cybersecurity companies in the world – recently released a report that highlighted the ways that hackers often spread “cryptojacking” tactics through various social media platforms such as Slack and Discord. The report also pointed out that throughout 2018 crypto mining malware grew by an astonishing 4,000%.
A New Threat
The tactic was discovered by a security researcher whose name is unknown but is the person who runs a Twitter account named @0xffff0800, which is entirely dedicated to technology and cybersecurity. This user pointed out that he had found malware in a movie entitled “The Spider’s Web”, which ironically has a plot that revolves around hacking:
So once I downloaded and thought it looked weird due to the icon of the download AVI.. I through it in a Hex Editor, and oh.. There is some kind of powershell.. WTF? Put it through Virustotal.. and what do you know! CozyBear putting droppers in Hacker Movies Now?! pic.twitter.com/o0yU7HWCtX
— 0xffff0800 (@0xffff0800) January 11, 2019
The malware launches a Powershell command, which then inserts malicious code into the Firefox browser. The attack is designed to infect movie torrent files and is also meant to infect Windows computers in particular. The point of the attack is to phish for any Bitcoin or Ethereum addresses that the user might have. It’s an advanced virus as it then actually aims to replace these victims addresses with the hacker’s wallet.
In addition, there is actually a donation scam involving Wikipedia that cryptocurrency cybercriminals are now utilizing. This same virus injects code that actually adds a fake donation banner to their Wikipedia. Whilst Wikipedia does accept donations, these cryptocurrency addresses are part of the fake banner, and are actually malicious wallets.
As of press time (Jan 14), it’s not as if the cryptocurrency hackers have been extremely successful, as they have only managed to scoop several hundred dollars’ worth of donations. However, it does show that cryptocurrency cybercriminals are getting more creative, and coming up with novel means to fool users into either giving up their cryptocurrency willingly or by being tricked through movie files.