Are you sure your cryptocurrencies are currently well protected? A new strain of malware is currently spreading via YouTube. More than 30 different wallets and browser extensions are at risk.
Watch out for PennyWise
Cyble, a cybersecurity company, reported via a June 30 post that it has been tracking the behavior of the PennyWise malware, which has been spreading via YouTube, since May. Company officials report that the threat continues to grow. The announcement also highlights how many entities have been targeted by the hackers:
“In its current iteration, this stealer can target more than 30 cryptocurrency browsers and applications, such as cryptocurrency cold wallets, cryptocurrency extensions, etc.”
The malware is configured to take data from Chrome and Mozilla browsers, including cryptocurrency extension data and detailed login information. It also has the ability to take screenshots and infiltrate sessions of chat apps such as Discord and Telegram.
Do you own any of the following wallets? – be extra careful!
PennyWise is also proving to be a threat to a number of independent wallets, such as Armory, Bytecoin, Jaxx, Exodus, Electrum, Atomic Wallet, Guarda and Coinomi, as well as others that support Zcash (ZEC) and Ether (ETH). According to Cyble, the malware looks for wallet files in a directory and sends a copy to attackers.
The virus is spread mostly in educational videos about cryptocurrency mining. The advertised mining software, as a rule, is supposed to be free. Cyber criminals encourage viewers to visit a link in the description and download the relevant tools. Viewers are also persuaded to disable antivirus software, allowing the door to be fully opened to PennyWise.
Despite the blockades, the software continues to spread
According to Cyble representatives, the attacker had as many as 80 videos on his channel. However, after they were revealed, the account was instantly blocked. However, this does not change the fact that the malware is still spreading. This often happens through very young accounts, which often have less than 24 hours of existence.
An interesting fact is that the software is designed in such a way that it does not cause damage to people from the territories of Russia, Ukraine, Belarus and Kazakhstan. In addition, PennyWise converts the victim’s time zone data, for the purposes of attackers, to Moscow standard time. For the company’s analysts, this information provides a potential signal about the physical source of the threat.
