In brief
- Researchers find a new malware threat named KryptoCibule.
- KryptoCibule steals your crypto, mines cryptocurrency using your computer power, and redirects any incoming payments to a hacker address.
- The malware hides within pirated torrent files.
Security researchers have unearthed a new strain of malware dubbed KryptoCibule—and it specifically targets cryptocurrency enthusiasts.
According to a report from Cyber-security firm ESET, KryptoCibule represents a triple threat for crypto holders.
First, the malicious software installs a miner for a process known as cryptojacking, a method that harnesses the victim's computing power to mine cryptocurrencies on the hacker's behalf. It then steals any files related to cryptocurrency wallets, wiping the victim clean of any stored crypto funds. To top it off, the malware replaces the victim's wallet addresses, redirecting them to hijack any incoming payments.
Monero botnet steals AWS logins for cryptojacking
Hackers are stealing Amazon Web Services (AWS) credentials, to deploy a new cryptojacking botnet, according to a report by Cado Security, a UK-based cybersecurity organization, this week. AWS is the e-commerce giant’s cloud computing division. The firm said the malware operation is the first instance of hackers targeting Amazon tools to steal web credentials for crypto mining purposes. So far, over 119 systems have been compromised, according to the security firm. The bot has itself been active...
The beauty—or perhaps more appropriately, threat—of KryptoCibule, is its multifaceted attack vectors. Even if a victim doesn't hold any cryptocurrency, bad actors can still gain from the cryptojacking element.
The very first instance of KryptoCibule apparently stretches back to 2018, where it was little more than a simple Monero-based cryptojacker. Since then, the malware has evolved, updating to integrate the aforementioned functionality as well as an Ethereum-based crypto miner, and the ability to auto-update via BitTorrent.
Per ESET, KryptoCibule is typically spread through pirated torrent files. Thinking they've scored a free version of some ill-gotten software, victims unwittingly install the malware—exposing themselves, their computer, and any potential cryptocurrencies.
The majority of the malware-infected torrents apparently originated from uloz.to, a torrenting site popular in the Czech Republic and Slovakia. As such, distribution seems to be limited to the two countries—for now, at least. Still, that's no guarantee that it'll remain that way.
