An Internet security firm named Cyren found a new malware that can steal passwords and bitcoin from cryptocurrency wallets on computers. Cyren wrote on its blog that the malware is basically targeting the banking customers and this campaign is a quite huge one. The Singapore and US-based users are mainly the targets of this campaign.
The malware is delivered in the form of a executable attachment file through emails related to the bank transfers. Usually, the recipient thinks that ha received a deposit and get deceived very easily. The attackers are using bots to generate the phoney emails which appear to be sent from a reliable banks like Emirates DBS and NDB. The file is usually in the PDF format with filename Swift_Copy.Pdf.exe.
According to the Cyrene researchers, this malware, when executed deletes itself and then generates a file named Filename.vbs. This file is created in the startup folder of Windows OS. When victim restarts the PC or logs into computer again after signing out malware script runs and that file is located in this folder: AppData\Local\Temp\subfolder.
The malware is designed to investigate and identify the registry for sensitive information such as passwords and other data related to software installed on the PC. A majority of the focus is on FTP and web browsing software or software that contains credential data. The malware collects data from all the web browsers installed on the computer and looks for crucial information such as usernames/passwords, cookies, cache and history. It also locates email clients.
This malware is a type of keylogger as it can record almost everything that is typed by the user or victim on the keyboard. In fact, the location of the mouse’s clicks is also logged by the malware. As of now, the cryptocurrencies targeted by the malware include the following: “Bitcoin, Litecoin, Namecoin, Anoncoin, Bytecoin, BBQcoin, Craftcoin, Digitalcoin, Devcoin, Feathercoin, Florincoin, Fastcoin, Freicoin, Infinitecoin, I0coin, Ixcoin, Junkcoin, Luckycoin, Litecoin, Mincoin, Megacoin, Primecoin, Phoenixcoin, Quarkcoin, Terracoin, Tagcoin, Worldcoin, Yacoin and Zetacoin.”