The malware family uses multiple tactics to steal as much cryptocurrency as possible while flying under the radar.
A newly discovered strain of malware dubbed "KryptoCibule" uses multiple techniques to evade detection while maximizing cryptocurrency theft from victims.
ESET researchers who discovered the threat say it has been active since 2018 and updated with new components over time. KryptoCibule is "a triple threat": It uses a victim's resources to mine virtual coins, tries to hijack transactions by replacing the wallet address in the clipboard, and exfiltrates cryptocurrency-related files, all while employing techniques to evade detection.
KryptoCibule is distributed via malicious torrents for ZIP files containing content that is disguised as installers for pirated games and software. When users install, they'll get the software they were expecting as well as the malware. Attackers rely on the BitTorrent protocol to spread to new victims and download additional tools and updates to KryptoCibule once it's installed.
The latest versions of the malware employ XMRig, an open source program designed to mine Monero using the device's CPU, and kawpowminer, another open source program that mines Ethereum using the GPU. Researchers note the latter is only used if a dedicated GPU is found on the host, and that both programs are set up to connect to an attacker-controlled mining server over the Tor proxy.
Data indicates the malware primarily targets victims in the Czech Republic and Slovakia. It specifically looks for endpoint security tools from ESET, which is based in Slovakia, as well as Avast and AVG, both owned by Czech Republic-based Avast.
Read the full report for more details and evasion techniques
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024