Hackers are using YouTube to spread a new type of crypto-malware. This malware duped users into downloading software that steals data from cryptocurrency wallets and crypto browser extensions.
PennyWise crypto malware spread on YouTube
Cyble published a blog post on June 30 addressing this new malware known as PennyWise. The blog post noted that the malware was an “emerging threat.” A threat actor using this malware can gain access to more than 30 cryptocurrency applications, including crypto wallets and browser extensions.
The hackers can use this malware to access a wide range of system data, including login information and crypto extension data. The malware can also capture screenshots and infiltrate chat platforms like Telegram and Discord.
This malware can infiltrate many cold wallets, including Atomic Wallet, Armory, Bytecoin, Coinomi, Electrum, Exodus, Guarda, and Jaxx. Wallets used for Ethereum and Zcash are also vulnerable to this malware.
Your capital is at risk.
Cyble added that the hackers are using YouTube to deploy this malware. The hackers are posting videos to educate viewers about free software used for Bitcoin mining. They attach a link on the description urging the users to follow it and access the software. Users are even urged to uninstall antivirus software to allow the malware to be deployed.
While the channel has since been removed from YouTube, it is estimated that the attackers had quite a reach, given that they had posted around 80 videos on the channel. Moreover, the malware is still being circulated by other channels purporting to offer free NFT mining and other free software services.
The report further showed that the malware automatically disabled itself once it detected that the victim was located in Belarus, Kazakhstan, Russia, and Ukraine. The blog post also said that the malware changed the timezone data to depict Russian Standard Time (RST) after the data was sent back to the attacker.
Malware in the crypto space
This is not the first time malware targeting the crypto space has been detected. Earlier this year, malware known as Mars Stealer was detected after targeting cryptocurrency wallets that rely on the Chromium browser extensions, including Binance Chain Wallet, Coinbase, and MetaMask.
In January, Chainalysis warned that malware was even being spread by cybercriminals with no expert skills. Between 2017 and 2021, cryptojacking accounted for 73% of the value received from malware addresses.
Lucky Block – Our Recommended Crypto of 2022
- New Crypto Games Platform
- Featured in Forbes, Nasdaq.com, Yahoo Finance
- LBLOCK Token Up 1000%+ From Presale
- Listed on Pancakeswap, LBank
- Free Tickets to Jackpot Prize Draws for Holders
- Passive Income Rewards – Play to Earn Utility
- 10,000 NFTs Minted in 2022 – Now on NFTLaunchpad.com
- $1 Million NFT Jackpot in May 2022
- Worldwide Decentralized Competitions