Cryptocurrency, Fraud and Scams

Cybercrime Alert: Crypto Malware For Sale

The fearless author of a new cryptocurrency malware assures its customers the best way to make money in 2021.

A new cryptocurrency malware dubbed WeSteal is available on the cybercrime underground. Contrary to other commodity cryptocurrency cybercriminals; its creator doesn’t disguise its intention and promises “the leading way to make money in 2021.

WeSteal is a Python-based trojan malware. It utilizes standard coding to hunt for ewallet address strings that victims have copied to their clipboard.

As claimed by Palo Alto Networks, the creator of WeSteal, which goes online as “ComplexCodes”. WeSteal started advertising the cryptocurrency malware on underground forums in mid-February 2021. Experts indicated that ComplexCodes had been selling a “WeSupply Crypto Stealer” from May 2020. WeSteal is likely merely a progression of the WeSupply Crypto Stealer design.

The experts believes that the coder is an Italian vixer. Once coded the “Zodiac Crypto Stealer” and “Spartan Crypter” in order to hide the trojan to dodge anti-malware detection,

“When pursuing cases against malware authors, prosecutors typically need to demonstrate the author’s intent for the malware. Many authors will hide behind meaningless Terms of Service statements that end users must not use the malware for illegitimate purposes. They will often describe potential “legitimate” uses for their malware – only to further describe anti-malware evasion properties, silent installation and operation or features such as cryptocurrency mining, password theft or disabling webcam lights.” claimed by the post published by Palo Alto Networks.

“There is no such pretense by ComplexCodes with WeSteal. There is the name of the malware itself. Then there is the website, “WeSupply,” owned by a co-conspirator, proudly stating “WeSupply – You profit”


Can anti-malware detect this cryptocurrency trojan?

An advertisement for WeSteal claims that it has a zero-rate detection; it includes a “Victim tracker panel” that allows operators to track “Infections.”

The malware creator also claims that the malicious code uses zero-day exploits. It can steal Bitcoin (BTC), Ethereum (ETH) coming in and out of a victim’s wallet through the clipboard. It also has the ability to steal Litecoin, Bitcoin Cash, and Monero cryptocurrencies was also added.

Experts did not find the RAT feature in their analysis even WeSteal mentioned it implemented a “RAT Panel,”

The author of WeSteal also offers C2s as a service (C2aaS). Experts observed the use of two domains, one of which also hosts the website used to sell the malware.

WeSteal Source Code

WeSteal is distributed as a Python-based Trojan (“”). Its author used the open-source PyArmor source code obfuscator.

“The fast and simple monetization chain and anonymity of cryptocurrency theft, together with the low cost and simplicity of operation, will undoubtedly make this type of crimeware attractive and popular to less-skilled thieves. WeControl is similarly both designed and marketed as a tool for illicit activity, lacking in propriety no less than the earlier WeSteal.” concludes the report.

“The ease of detection and blocking of the C2 as a service works against the Italian malware author ComplexCodes. It’s surprising that customers trust their “victims” to the potential control of the malware author, who no doubt could in turn usurp them, stealing the victim “bots” or replacing customers’ wallets with one of ComplexCodes’ own at any time. It’s also surprising that the malware author would risk criminal prosecution for what must surely be a small amount of profit, given the apparently small customer base. Organizations with effective spam filtering, proper system administration and up-to-date Windows hosts have a much lower risk of infection.”

📣 Cryptonetwork.News is now on Telegram. Click here to join our channel and stay updated with the latest Cryptocurrency, Blockchain, and Cryptomining headlines

Leave a Comment

Leave a Reply