Cryptocurrencies are more popular than ever, and as a result, they are becoming a bigger target for hackers. Nowadays, one of the most common types of malware is known as Info-Stealers. Their only purpose is to steal as much personal information from their victims as possible, from basic system information to locally stored usernames and passwords.
The Group-IB (cybersecurity) company has identified 34 Russian-speaking groups distributing info-stealing malware. These gangs operate under the stealer-as-a-service model, meaning that they sell access to the malware as a subscription service.
Most info-stealers have a similar method of stealing user information, with only slight changes in encryption algorithms and networking. These programs can be bought on hacking-related sites such as HackForums for around $50 to over a couple hundred dollars.
In this blog post, we will discuss the different types of malware and tools used to steal cryptocurrencies and how you can protect yourself from them.
Info-stealing malware increased in 2022
According to the Group-IB Digital Risk Protection team, telegram groups and bots designed to distribute info stealers first appeared in early 2021. However, a substantial increase was observed in the first seven months of this year, with more than 890,000 devices infected across 111 countries — almost twice the number of infected devices in 2021.
So far this year, cybercriminals have stolen over 50 million passwords, 2 billion cookie files, details of 103,150 debit/credit cards, and 113,204 cryptocurrency wallets.
“Just the stolen logs and compromised card details are worth around $5.8 million on the underground market,” Group-IB estimates.
Tools & malware hackers use to steal your info
Hackers use a wide range of tools and techniques to steal cryptocurrency and other personal information. The most common are:
Raccoon Stealer
Raccoon Stealer is a high-risk trojan application that can steal personal information without you knowing. Furthermore, cybercriminals offer this trojan’s services within hacker forums which can lead to even more issues if installed on your computer.
The Raccoon Stealer records personal and system information such as Internet Protocol (IP) addresses and geo-location. The data from the machine can be used in a number of ways without the user’s knowledge.
If cyber criminals gain access to your accounts, they could transfer money from a crypto wallet, PayPal, bank accounts, etc., resulting in losing any savings stored there. They might also misuse hijacked accounts (e.g., Facebook, email) to try and borrow money.
For $75/$200 per month, Raccoon Stealer developers offer a subscription that has the potential to generate high revenue. Additionally, Raccoon Stealer can be used as a malware injection tool.
Note: Raccoon Stealer developers intend to make money by selling the data they collect rather than misusing it themselves.
RedLine Stealer
RedLine Stealer is a type of malware that’s often distributed as cracked games, applications, and services. Once it infects your device, it can steal sensitive information from popular web browsers, cryptocurrency wallets, and even apps like FileZilla, Discord, Steam Telegram, and VPN clients.
RedLine Stealer, also known by its other name RedLine, is a harmful program that can go for $150 to $200 on hacker forums, depending on the version. It can not only be used to take information without permission but can also infect operating systems with different types of malware.
Kpot Stealers
As more and more people use their desktop computers for various purposes, from web surfing to playing games, they become increasingly vulnerable to data theft by malware such as KPOT Stealer.
Recently, malware quietly stealing people’s data (such as passwords and login credentials) through email campaigns has been increasingly targeting desktop operating systems that run many types of applications. Some examples of these applications are web browsers, instant messengers, email, VPNs, RDPs, FTPs, cryptocurrency wallets, and gaming software.
Also, the newer version is commercially available as “KPOT v2.0” on various underground hacking forums for around $100 USD.
When KPot starts, it will load required API calls using API hashing. However, instead of using a standard hashing algorithm like CRC-32, it uses an innovative algorithm called MurmurHash for more efficient importing and exporting.
Vidar Stealer
Vidar is a cybercriminal’s dream tool because it allows them to steal IP addresses, browsing history (including from Tor browsers), cryptocurrency wallets, saved passwords, messages from messenger software, and so on.
Not only that, but criminals can also take screenshots using Vidar. To top it all off, Vidar has internal options which allow cyber criminals to select the type of information they want to steal.
Vidar’s method of operation is as follows: it records all stolen data within a text file, compresses that said file into an archive (ZIP), and sends the ZIP to a Command and Control server.
Vidar, also known as Vidar Stealer, is a trojan used by cyber criminals to steal various personal information from users. Vidar is mainly distributed through the Fallout exploit kit; however, there might be other ways. The program’s base price starts at $700 and can go up to $2000 (at the time of writing).
Be aware of crypto-ransomware
Crypto-ransomware aims to encrypt your important data, such as documents, pictures, and videos. This spreads panic because users can see their files but cannot access them.
Developers of crypto-ransomware frequently add a timer to their ransom note, guaranteeing that if users don’t pay by the deadline, all files will be irretrievably deleted.
However, since few people understand the necessity for cloud backups or storing copies of data externally, crypto-ransomware can profoundly affect victims. Thus, motivated by fear and desperation, many individuals choose to simply pay the hackers’ fees.
Safeguarding against the attacks
Group-IB recommends that users be weary of downloading software from unknown sources to avoid future attacks. They suggest using isolated virtual machines or different browsers for installation and saving passwords. Additionally, it is important to clear cookies stored in your browser frequently.
There is a number of other steps you can take in proactive ransomware protection:
- Do not open email attachments or click on links or ads from unconfirmed sources.
- Make sure to back up your files on a regular basis to prevent any data loss.
- Keep your operating system and any software updated.
- Download and install an antivirus firewall program.
- Applying security patches to your applications is important in order to keep them secure.
Additionally, it is recommended that companies take a proactive stance on digital security and use modern technology for monitoring suspicious activity and responding to potential attacks.
Conclusion
Crypto stealers such as KPOT and Vidar can be truly devastating for personal data, but with a few simple steps, you can stay safe from these malicious cyber threats. Keep your software updated, practice safe browsing, and back up all of your important files to avoid any potential loss. Do not open unknown emails or links, and always keep a close eye on suspicious activity. With the right precautions, you can protect yourself and your assets from the dangers of crypto stealers.
About Lossless
Restoring trust in web3 security. Lossless incorporates a new layer of blockchain transaction security, protecting projects and their communities from malicious exploits and associated financial loss.
Lossless protocol implements an additional layer of blockchain transaction security for ERC-20 standard tokens, mitigating the financial impact of smart contract exploits and private key theft. Lossless protocol utilizes community-driven threat identification tools and a unique stake-based reporting system to identify suspicious transactions, providing real-time protection.
Twitter | Platform | Telegram | Discord | Website | Documentation | Github
