A new type of crypto-malware identified on Alphabet Inc-owned GOOG GOOGL Google's YouTube has been found to infect users' devices and steal from 30 different types of cryptocurrency wallets and browsers.
What Happened: According to a recent report from cyber intelligence firm Cyble Research Labs, the newly developed cryptocurrency stealer named “PennyWise” uses multithreading to steal user data.
The threat actors (TA) reportedly spread the PennyWise stealer as a link to download free Bitcoin BTC/USD mining software.
“When a user visits the link, the TA instructs them to download the malware hosted on the file hosting service. The malware file is zipped and password protected. To appear legitimate, the TA has shared a VirusTotal link of a clean file that is not related to the file available for download,” explained the Cyble researchers.
The malware targets a host of cold crypto wallets, including Ethereum ETH/USD and Zcash ZEC/USD wallets. One feature that stands out in the malware’s design is that it will stop in its tracks if it identifies that the victim is based in Russia, Ukraine, Belarus, or Kazakhstan.
“This could indicate that the TA is trying to avoid scrutiny by Law Enforcement Agencies in these particular countries,” stated the researchers.
So far, reports that there are over 80 videos on the threat actor’s YouTube channel that appear to have been created for the purpose of mass infection.
Last month, cybercriminals targeted followers of Elon Musk with deepfake videos impersonating the Tesla Inc TSLA CEO. Users were encouraged to connect their crypto wallets to an illicit website and deposit Bitcoin.
Photo via JLStock on Shutterstock
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Visit Benzinga's Crypto Homepage - 1,000,000+ depend on Benzinga Crypto every month