Security News > 2021 > April > Fake Microsoft DirectX 12 site pushes crypto-stealing malware
Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords.
First discovered by security researcher Oliver Hough, when the fake DirectX 12 installers are launched, they will quietly download malware from a remote site and execute it.
This malware is an information-stealing malware that attempts to harvest a victim's cookies, files, information about the system, installed programs, and even a screenshot of the current desktop.
Threat actors are increasingly creating fake websites, and in many cases far more convincing websites, to distribute malware.
In the past, BleepingComputer has reported on malware distributors creating fake sites promoting ProtonVPN, Windows system cleaners, and BleachBit that push password-stealing Trojans on unsuspecting visitors.
As DirectX is a Microsoft feature, it makes sense that you should only install it from Microsoft and that downloading it from anywhere else can likely lead you to trouble.
News URL
Related news
- New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining (source)
- Microsoft: Exchange Online mistakenly tags emails as malware (source)
- Microsoft mistake blows up admins' inboxes with fake malware alerts (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Global infostealer malware operation targets crypto users, gamers (source)
- Crypto-stealing malware campaign infects 28,000 people (source)