September 3, 2020
Security researchers have unearthed a new strain of malware dubbed as KryptoCibule, and it targets fanatics of cryptocurrency explicitly.
Kryptocibule represents a triple threat for crypto holders, according to a report from Cyber-security firm ESET.
First of all, the malicious software (malware) installs a miner for a process known as cryptojacking. This method harnesses the victim’s computing power to mine, cryptocurrencies on the hacker’s behalf. Then it steals any files related to cryptocurrency wallets, erasing the victim spotless of any stored crypto funds. Adding to this, the malware replaces the victim’s wallet’s addresses and then redirects it to hijack incoming payments.
The threat of KryptoCibule is its multifaceted attack vectors. Even though a prey doesn’t hold any cryptocurrency, this platform can gain from the cryptojacking element.
In 2018, the first instance of KryptoCibule apparently where it was little more than a simple Monero-based cryptojacker. Ever since then, the malware has progressed, modernizing to assimilate the functionality as mentioned earlier and an Ethereum-based crypto miner, and the ability to auto-update via BitTorrent.
As per ESET, KryptoCibule is typically blowout through torrent files. Assuming they’ve scored a free version of some ill-gotten software, are unsuspectingly installing the malware in doing this, they are exposing themselves, their computer, and any potential cryptocurrencies.
The wide range of the malware-infected torrents seemingly originated from uloz.to, a torrent site popular in the Czech Republic and Slovakia. With this, delivery seems to be limited to the two countries—for now, at least. However, there is no guarantee that it’ll continue that way.