Malware steals your bitcoins by hiding on fake gaming websites.A variant of RedLine Infostealer is aimed at bitcoin wallets. The virus would target users in the United States, Iran and Yemen.
New malicious software or malware is causing damage within the bitcoiner and cryptocurrency ecosystems. An investigation by the cybersecurity agency ConfiantIntel detected a virus that attacks and steals bitcoins in multiple digital wallets.
The software is hidden on fake web pages under the image of the company MSI, which develops technology for the video game industry, according to the intelligence company reported in a thread posted on its Twitter account. This type of attack is also known as malvertising , a modality that introduces advertising malware to spread another one.
The virus simulates a supposed download of the MSI Dragon Center and MSI Afterburner applications. The first is used to adjust the performance of computers, while the second is aimed at managing the specifications of video cards or GPUs. However, what users download is malware that would be targeted at users in the United States, Iran, and Yemen.
«This variant was configured to steal cryptocurrency wallets such as Electrum , Exodus , Jaxx, VPN profiles and it came with a new remote task command ‘cmd’ that allowed access through a back door and the execution of other commands on hosts or attacks keyboard, ”ConfiantIntel reported.
Analysts indicated that after unzipping the malicious software, they obtained a hash or identifier that would be related to a variant of the RedLine Infostealer malware , but with additional features. It is not clear what the impact of the virus has been within the community, nor the amounts of cryptocurrencies that have been stolen.
Protect your bitcoins from malicious programs
MSI Dragon Center and MSI Afterburner applications have not been compromised, only malicious actors use fake MSI ads to spread malware , Gamers Nexus website highlighted . The recommendation for users is not to download programs from untrusted sources. In the case of MSI, make sure that it is their official website and not an address (URL) that ends in .io, for example.
The situation was commented on by Blockstream developer and co-founder Adam Back, who suggested using hardware wallets to minimize risks. Furthermore, as an additional method of verification, he recommended verifying the addresses on the wallet itself or even using a second computer to avoid possible substitutions.
It should be mentioned that cryptocurrency malware attacks have become a constant, especially in the midst of the bull market for bitcoin . CryptoNews reported in April that a type of malware was also stalking Windows 10 users.