Computer security experts at ESET have discovered a new virus called KryptoCibule, which targets Windows users and poses three threats at once.
According to ESET’s report , after infecting the system, the virus installs a component for mining cryptocurrencies. In addition, it directly steals files from cryptocurrency wallets, and also replaces wallet addresses in the clipboard with the addresses of attackers. Thus, the user of the infected system can not only easily lose their cryptocurrencies, but also facilitate the mining of coins by intruders.
The first version of the virus appeared back in December 2018. Then he was an ordinary Monero cryptocurrency miner who secretly mined coins on users’ computers. Later, he began to steal files of cryptocurrency wallets, and in the latest version, the virus began to distribute an application for mining ETH called kawpowminer.
According to ESET, a significant portion of infections occur when downloading torrent files from a site called Uloz. This site is targeted at users from the Czech Republic and Slovakia, respectively, and the infected computers are mainly located in these countries. The experts noted that despite the venerable age for the virus, KryptoCibule did not attract much attention:
“Presumably, the operators of this malware receive significantly more money from the theft of wallets and the extraction of cryptocurrencies than from spoofing wallet addresses in the clipboard. This component does not generate enough money to justify the group’s activities, ”the researchers note.
As a reminder, Microsoft recently recorded several virus campaigns using the new Anubis malware to steal confidential information and crypto assets.