KryptoCibule: a triple cryptocurrency threat

ESET researchers have discovered an unknown family of trojan malware that spreads through malicious torrents and uses multiple methods to extract as many cryptocurrencies as possible from its victims, while remaining unnoticed.

ESET has named the threat KryptoCibule and, according to its telemetry, the malware appears to target mainly users in the Czech Republic and Slovakia.

This malware poses a triple threat to cryptocurrencies. It uses victim resources to extract coins, attempts to infiltrate transactions by replacing wallet addresses on the clipboard, extracts cryptocurrency-related files, and develops multiple techniques to go unnoticed. KryptoCibule makes extensive use of the Tor network and the BitTorrent protocol in its communication infrastructure.

ESET has identified several versions of KryptoCibule, allowing us to study its evolution from December 2018 until today. Malware remains active, new features were added during its lifetime and is constantly evolving.

  Canvas Fingerprinting Do you leave unique footprints on the web?

Most of the victims are located in the Czech Republic and Slovakia, and this reflects the user base of the site where the infected torrents are located. Almost all the malicious torrents were available on, a popular file sharing site in both countries. In addition, KryptoCibule specifically checks for the presence of ESET, Avast and AVG security products. ESET is headquartered in Slovakia and the rest is owned by Avast, which is headquartered in the Czech Republic.

More technical details about KryptoCibule, you can read the relevant blogpost “KryptoCibule: The multitasking multicurrency cryptostealer”At WeLiveSecurity.

Registration in via email

Your email for sending each new post

Follow us on Google News at Google news

Leave a reply

Your email address Will not be published.

28 +    = 32

Previous Story

Zin: A Payload Injector for Bugbounties

Next Story

When Windows does not let you delete a folder