PennyWise cryptocurrency theft malware spreads via YouTube

PennyWise cryptocurrency theft malware spreads via YouTube

Are you sure your cryptocurrencies are currently well protected? A new strain of malware is currently spreading via YouTube. More than 30 different wallets and browser extensions are at risk.

Watch out for PennyWise

Cyble, a cybersecurity company, reported via a June 30 post that it has been tracking the behavior of the PennyWise malware, which has been spreading via YouTube, since May. Company officials report that the threat continues to grow. The announcement also highlights how many entities have been targeted by the hackers:

“In its current iteration, this stealer can target more than 30 cryptocurrency browsers and applications, such as cryptocurrency cold wallets, cryptocurrency extensions, etc.”

The malware is configured to take data from Chrome and Mozilla browsers, including cryptocurrency extension data and detailed login information. It also has the ability to take screenshots and infiltrate sessions of chat apps such as Discord and Telegram.

Do you own any of the following wallets? – be extra careful!

PennyWise is also proving to be a threat to a number of independent wallets, such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda and Coinomi, as well as others that support Zcash (ZEC) and Ether (ETH). According to Cyble, the malware looks for wallet files in a directory and sends a copy to attackers.

The virus is spread mostly in educational videos about cryptocurrency mining. The advertised mining software, as a rule, is supposed to be free. Cyber criminals encourage viewers to visit a link in the description and download the relevant tools. Viewers are also persuaded to disable antivirus software, allowing the door to be fully opened to PennyWise.

Despite the blockades, the software continues to spread

According to Cyble representatives, the attacker had as many as 80 videos on his channel. However, after they were revealed, the account was instantly blocked. However, this does not change the fact that the malware is still spreading. This often happens through very young accounts, which often have less than 24 hours of existence. 

An interesting fact is that the software is designed in such a way that it does not cause damage to people from the territories of Russia, Ukraine, Belarus and Kazakhstan. In addition, PennyWise converts the victim’s time zone data, for the purposes of attackers, to Moscow standard time. For the company’s analysts, this information provides a potential signal about the physical source of the threat.

Disclaimer: Blockbulletin does not take accountability of investments based on the information of the website. We highly advice readers to make extensive research prior to any invest

Share this article

More news

All articles loaded
No more articles to load

Learn

It seems we can't find what you're looking for.

Analyses

It seems we can't find what you're looking for.

Latest news

Ripple’s five biggest successes in 2022

The past year has been an extremely difficult one for the cryptocurrency market. Nevertheless, a number of projects experienced a number of triumphs during it.…
All articles loaded
No more articles to load