Security News > 2020 > September > Triple-Threat Cryptocurrency RAT Mines, Steals and Harvests

Triple-Threat Cryptocurrency RAT Mines, Steals and Harvests
2020-09-02 20:11

A previously undocumented malware family called KryptoCibule is mounting a three-pronged cryptocurrency-related attack, while also deploying remote-access trojan functionality to establish backdoors to its victims.

Looking at timestamps in the various versions of KryptoCibule that ESET has identified, the malware dates from December 2018, researchers said.

If a change is made, the malware will mimic the format of the legitimate cryptocurrency wallet addresses on the clipboard and supplant them with wallet addresses controlled by the malware operator.

"The malware first gets global settings via HTTP from %C&C%/settingsv5. Among other things, this response contains a magnet URI for the latest version of the malware," ESET researchers wrote.

"The KryptoCibule malware has been in the wild since late 2018 and is still active, but it doesn't seem to have attracted much attention until now," according to researchers.


News URL

https://threatpost.com/triple-threat-cryptocurrency-rat-mines-steals-harvests/158906/