Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users

2023-02-11 11:11

Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.

The attackers "Use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar Zahravi and Peter Girnus said in a report this week.

Enigma is said to be an altered version of Stealerium, an open source C#-based malware that acts as a stealer, clipper, and keylogger.

The findings come as Uptycs released details of an attack campaign that leverages the Stealerium malware to siphon personal data, including credentials for cryptocurrency wallets such as Armory, Atomic Wallet, Coinomi, Electrum, Exodus, Guarda, Jaxx Liberty, and Zcash, among others.

Joining Enigma Stealer and Stealerium in targeting cryptocurrency wallets is yet another malware dubbed Vector Stealer that also comes with capabilities to steal.

"The use of legitimate services on crypto drainer phishing pages may increase the likelihood that the phishing page will pass an otherwise savvy user's 'scam litmus test.' Once crypto wallets have been compromised, no safeguards exist to prevent the illicit transfer of assets to attackers' wallets."

News URL

https://thehackernews.com/2023/02/enigma-vector-and-tgtoxic-new-threats.html

#cryptocurrency #enigma #threat