New Crypto Malware Found Impersonating Apps

A new crypto malware called Anatova has been discovered and according to researchers, has grave potential. One of the most important facts to note about this new malware is that it often tricks users into downloading them.

According to McAfee, the malware is hidden in application files and infect user systems once downloaded. The files in question often bear the logos of various popular games and applications which leads users to unknowingly download them.

Once they are downloaded, it begins downloading the user’s files after asking for admin rights and once this is done, a ransom use demanded from the users. The ransom in question is demanded in form of DASH, a Cryptocurrency.

The United States has had the highest number of attacks with at least 100 recorded so far. Belgium, Germany, and France have also reported Anatova attacks.

“Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added,” McAfee’s lead scientist Christiaan Beek said.

One peculiar detail about the attacks is that the ransom is demanded in for of DASH. The reason that DASH was the currency of choice is because of its untraceable nature. Currencies such as DASH and Monero are common choices when requesting for ransom because there is little chance of the perpetrators getting caught unlike with other currencies.

“The main reason Anatova is using DASH is that it has implemented a number of privacy enhancing protocols that make tracing transactions difficult,” Christiaan added.

Before the discovery of Anatova, there was Ryuk which was considered one of the worst crypto malware in existence, stealing over $3.7 million in space of 5 months.

However, analysts believe that Anatova is even worse than Ryuk.

“Anatova has, in our opinion, a more advanced design than Ryuk,” said Christiaan. “Specifically, in the way it tries to make analysis difficult and the way the actors try to avoid the creation of a decryption-tool, but also in the way it is designed to encrypt fast – only files below 1MB are encrypted.”

The source code for Anatova was likely purchased in the underground software market, making it very difficult to unravel and understand. Furthermore, the designers behind Anatova made sure that the data stolen cannot be recovered unless the ransom is paid and standard decryption tools cannot work.

233 +