Researchers Spot New Cryptocurrency Stealing Malware Advertised Under a Subscription Model

Researchers Spot New Cryptocurrency Stealing Malware Advertised Under a Subscription Model
фото показано с : news.bitcoin.com

2021-5-5 11:30

A cryptocurrency-related malware program has been advertised on darknet forums as the “leading way to make money in 2021,” raising alarms among the cybersecurity community. Palo Alto Networks published a report on the malicious app Westeal, detailing the author’s ties with other types of malware that steals major streaming services accounts.

Westeal Claims to Be Immune Against Major Antivirus Software

According to the cybersecurity firm, “Westeal” is an evolution of “Wesupply Crypto Stealer,” another malicious crypto software that has been sold since May 2020. Findings suggest that Wesupply’s evolution has been advertised since mid-February 2021.

The study points out that Westeal was designed to basically steal bitcoin (BTC) and ethereum (ETH) coming in and out of the victim’s wallet through their clipboard.

Moreover, people who acquire the malicious app get access to a web panel to handle all the operations, including a “victim tracker panel.”

A detail that raises concerns from Palo Alto Networks is the fact that Westeal is reportedly immune to major antivirus software.

The malware works with a subscription model, and “Complexcodes,” the anon author of the app, profits by charging 20 euros ($24) monthly, 50 euros ($60) for three months, and 125 euros ($150) yearly.

if (!window.GrowJs) { (function () { var s = document.createElement('script'); s.async = true; s.type = 'text/javascript'; s.src = 'https://bitcoinads.growadvertising.com/adserve/app'; var n = document.getElementsByTagName("script")[0]; n.parentNode.insertBefore(s, n); }()); } var GrowJs = GrowJs || {}; GrowJs.ads = GrowJs.ads || []; GrowJs.ads.push({ node: document.currentScript.parentElement, handler: function (node) { var banner = GrowJs.createBanner(node, 31, [300, 250], null, []); GrowJs.showBanner(banner.index); } });

The Malware Is a ‘Shameless’ Crypto Stealer, Researchers Say

The cybersecurity firm provides more details on the malware:

In order to “steal” cryptocurrency from a victim, Westeal uses regular expressions to look for strings matching the patterns of bitcoin and ethereum wallet identifiers being copied to the clipboard. When it matches these, it replaces the copied wallet ID in the clipboard with one supplied by the malware. The victim then pastes the substituted wallet ID for a transaction, and the funds are sent instead to the substitute wallet.

Still, Palo Alto Networks qualifies Westeal as a “shameless” malware:

Westeal is a shameless piece of commodity malware with a single, illicit function. Its simplicity is matched by a likely simple effectiveness in the theft of cryptocurrency. The low-sophistication actors who purchase and deploy this malware are thieves, no less so than street pickpockets. Their crimes are as real as their victims. The fast and simple monetization chain and anonymity of cryptocurrency theft, together with the low cost and simplicity of operation, will undoubtedly make this type of crimeware attractive and popular to less-skilled thieves.

What are your thoughts on this cryptocurrency malware recently spotted? Let us know in the comments section below.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

The Hustle App (HUSL) на Currencies.ru

$ 0.0001612 (+0.15%)
Объем 24H $120
Изменеия 24h: 2.60 %, 7d: 11.87 %
Cегодня L: $0.0001612 - H: $0.0001612
Капитализация $0 Rank 3368
Доступно / Всего 0 HUSL / 1b HUSL

malware advertised westeal detailing author malicious alto

malware advertised → Результатов: 2


Фото:

It’s 2019 and Google still can’t keep malware out of its Android app store

Google appears to have a problem with stopping malicious apps from sneaking into the Play Store. In what appears to yet another case of malware disguised as a legitimate app, security researchers from Symantec have found a new app that advertised itself as an unofficial version of Telegram messaging app — only to push malicious websites in the background.

2019-7-16 14:40