A recent study warns of a new, sophisticated scam in which attackers are targeting the crypto assets of victims.
“Racoon Stealer” Steals Coins, Installs Crypto Miner
Hacks, Ponzis, exit scams, rug pulls, pump&dumps – the list of possible crypto scams is long and fierce. Now, the security company Sophos warns in a new study of another threat: a malware that disguises itself as a pirated copy and captures cryptocurrencies-for example, via the popular instant messenger Telegram! And that’s not all: the so-called” Racoon Stealer ” can even install crypto-miners on the affected computer and thus mine cryptocurrencies such as Bitcoin on the home computer unnoticed.
Sean Gallagher, Senior Threat Researcher at Sophos, on Crypto Theft Software:
“The cybercrime campaign we observed shows that the Raccoon stealer steals both passwords and cookies as well as autofill texts from websites-including credit card details and other personal information that can be stored by a browser.“
Trash Panda as a Service: Raccoon Stealer steals cookies, cryptocoins, and more
Cookie and credential stealing malware-as-a-service delivered by dropper-as-a-service now packs a ” clipper” to steal crypto-transactions, and can drop other malware…
– SophosLabs (@SophosLabs) August 3, 2021
For crypto investors, it will be particularly tricky, because: By updating the so-called clipper malware (which changes data in the clipboard or the recipient address for a cryptocurrency transaction), the Raccoon stealer can now also target crypto wallets. Gallagher explains:
“The update can infect systems with additional malware or retrieve and load files. These are a lot of options that cybercriminals can easily turn into money.“
Telegram affected for the first time
Usually the raccoon stealer spreads through spam emails. However, Sophos reports a series of attacks in which the malware is distributed disguised as cracked software installers. The Raccoon stealer is combined with additional attack tools-such as malicious browser extensions, YouTube click fraud bots or a certain ransomware that mainly targets private users.
For the first time, the cyber criminals use According to Sophos, also the chat service Telegram to launch corresponding attacks. Previously, Discord chat software was increasingly used as a malware distribution platform: according to Sophos, the number of URLs hosting malware on Discord’s Content management Network (CDN) has increased by 140% in the last two months compared to the same period last year.
The security researchers therefore advise private users urgently, avoid downloading and installing unlicensed software, no matter the source. The Federal Criminal Police Office also warns in its”Cybercrime 2020″ report that crypto miners and malwares installed on foreign systems are among the most frequently encountered threats. In addition, the range of functionalities of this malware is “extremely large”.
Crypto security experts therefore recommend that cryptocurrencies such as Bitcoin, Ethereum, Solana or Dogecoin (available from eToro or Libertex) be transferred to a computer that is not connected to the Internet and stored there after the purchase or trade.
You can download the Cybercrime report of the Federal Criminal Police Office here.