What is the new scam of the town?
Cryptocurrency boom has been in effect and it has been the talk of town, a lot of businesses and individuals took advantage of the craze where some created their own cryptocurrencies to join in the hype.
Of course cybercriminals also joined in the fray by using cryptocurrencies so that their transactions will remain anonymous and harder to trace especially when asking for payment from customers and/or victims, but that’s for common minded criminals hiding under the dark web.
The New Deal
It’s not really that new, because the attack is about a new strain of ransomware which uses a unique way to spread and infect its victims.
How users are lured and then what happens next.
A team of security researchers discovered the new scam modus where users are tricked into downloading a wallet for a crypto coin called Spritecoin which is written in Javascript.
The method of propagation is by serving malicious advertisement on forums that “Spritecoin” is a new crypto currency.
After an unsuspecting user downloads the wallet and run the .exe format it will prompt the user to enter a wallet password, afterwards it will prompt that the blockchain is being downloaded, unknowingly once the user enters the wallet password the .exe program will start its encrypting procedure in the background thus encrypting computer files. Along the process the credentials stored in Chrome and Firefox are sniffed and stored using an embedded SQLlite engine and forwarded to the attacker’s Dark Web or TOR site using POST methods, with such payload this is potentially more damaging than falling for a phishing attack, and could be the start of a series of spear phishing attacks, because the amount of information that was sniffed from a victim could be sold and reused by cybercriminals for different attack and approach.
Literally you may “Wanna Cry”
Basically a ransomware will demand money for the attacker to decrypt your files on the infected computer and you may want to cry when in any case decryption won’t happen. In this case it won’t even decrypt files after a victim pays up.
The attacker charges 0.3 Monero for the “decryption key” it will even give your instructions on how to purchase it. There is a catch, instead of getting a decryption key, the victim will acquire another malware identifies as “W32/Generic!tr”. The add-on malware can activate web cameras, parse keys and harvest certificates, which turns the victim more vulnerable and compromised than before.
So, you might want to cry after experiencing such ordeal and at the same time wasting money just to be more compromised than ever.
What makes the malware spread and attract victims is the charm of the cryptocurrency boom as the fast roadway to easy money. But people do not know the risks, which is why this became one of the channels and delivery mechanisms to spread ransomware.
