ESET researchers have discovered an unknown family of trojan malware that spreads through malicious torrents and uses multiple methods to extract as many cryptocurrencies as possible from its victims, while remaining unnoticed.
ESET named the threat KryptoCibule and, according to its telemetry, the malware software appears to be mainly targeting users in the Czech Republic and Slovakia.
Το συγκεκριμένο κακόβουλο λογισμικό αποτελεί τριπλή απειλή για τα κρυπτονομίσματα. Χρησιμοποιεί τους πόρους του θύματος για να εξορύξει νομίσματα, επιχειρεί να παρεισφρήσει σε συναλλαγές αντικαθιστώντας διευθύνσεις wallet στο clipboard, εξάγει archives related to cryptocurrencies, while developing multiple techniques to remain undetected. KryptoCibule makes extensive use of the Tor network and the BitTorrent protocol in its communication infrastructure.
ESET has detected several versions of KryptoCibule, allowing us to study its evolution from December 2018 to the present. Malware remains active, new features added during duration of its life and is under constant development.
Most of the victims are located in the Czech Republic and Slovakia, and this reflects the user base of the site where the infected torrents are located. Almost all of the malicious torrents were available on uloz.to, a popular file-sharing site in the two countries. Additionally, KryptoCibule checks specifically for presence productof ESET, Avast and AVG security. ESET is based in Slovakia, while the rest are owned by Avast, which is based in the Czech Republic.
More technical details about KryptoCibule, you can read the relevant blogpost “KryptoCibule: The multitasking multicurrency cryptostealer”At WeLiveSecurity.