Hackers have found a new way to deceive those who have bitcoin, monero and other cryptocurrencies, with the aim of stripping them of their property.To achieve this, they created a fake website that offers downloads of DirectX 12 in Windows 10. In doing so, the user installs crypto-asset-stealing malware on your PC.
DirectX 12 is a package of features that is currently widely downloaded to develop and run multimedia content, especially video games. Therefore, many gamers and developers could be more exposed to becoming victims. Also users who want to update Windows components.
The strategy hackers are using to distribute the malware was tipped off by cybersecurity analyst Oliver Hough, who warned about the decoy website. The specialist said on Twitter that the fake portal is used to steal email passwords and private keys for cryptocurrency wallets.
At first glance, the fake site is difficult to detect because it displays a security certificate, a disclaimer, a contact form, and everything that a legitimate web page should have. However, few manage to notice that it hides a phishing attack whereby cybercriminals impersonate an official Microsoft site to scan the PC of their victims and extract confidential information.
Once the victim clicks on the “Download” button, they are redirected to an external page where they are asked to download a file. By doing so, it activates malicious software that tries to take control of a variety of cryptocurrency wallets that run under the Windows operating system.
Among them, Ledger Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Atomic and MoneroGUI, according to a note from the site Bleeping Computer .
The malware silently collects user data, including cookies, files, and information about the system and programs. You can even take screenshots. Then it collects all this information in a temporary folder, compresses it and sends it to the executor, who analyzes it and uses it for all the malicious activities that are possible.
Bitcoin under threat from malware and other cyber attacks
Among the measures to avoid phishing it is best to download files and software only from official websites (Microsoft, in this case) . Double check the URLs to be sure. It is also important to keep the operating system, antivirus and firmware of all your smart devices up to date, and not to open any questionable email links or attachments.
However, cyberattacks targeting wallets of bitcoin and other cryptocurrencies continue to threaten users of the ecosystem. At the beginning of the year, CriptoNoticias reported on a remote access Trojan, which is responsible for stealing the private keys of the cryptocurrency wallets of its victims.
At the time, hackers used various marketing techniques to invite users to run the applications they had distributed that were contaminated with ElectroRat malware. This malicious software is highly harmful, capable of keylogging, taking screenshots, loading files from disk, downloading files, and executing commands on the victim’s console.
On the other hand, last year Microsoft warned about Anubis , a malware capable of stealing information from smartphones. Passwords, credentials, credit card details, as well as wallets for bitcoin and other cryptocurrencies are vulnerable to this threat to funds stored in cryptocurrencies.