Hackers have been targeting non-custodial bitcoin wallets using cryware, a form of malware containing a hollow shell. Cryware is a thief that steals data from non-custodial bitcoin wallets, also known as hot wallets. Hot wallets are on hackers' radar as they, unlike custodial wallets, are stored locally on a device, giving easy access to cryptographic keys required to execute transactions.
Cryware represents a shift in the usage of cryptocurrencies in attacks. Before cryware, the role of cryptocurrencies in an attack varied depending on the attacker's overall aim. Some ransomware campaigns, for example, prefer cryptocurrencies as ransom. However, the target user must perform the transfer manually. Meanwhile, cryptojackers, a common type of cryptocurrency-related malware, attempt to mine cryptocurrencies on their own. This method is highly reliant on the target device's resources and skills.
Using hot wallet data, hackers can quickly move the target's cryptocurrency into their wallets using cryware. Users cannot reverse the effect since blockchain transactions are permanent. In addition, there are currently no established methods for changing or protecting fraudulent cryptocurrency transactions, unlike credit cards and other financial transactions.
Attackers may use regexes to discover valuable data, including private keys, seed phrases, and wallet addresses. Regexes follow patterns of words or characters. Cryware then automates the process by implementing these patterns. The attack types and strategies to obtain wallet information include clipping and switching, memory dumps, phishing, and scams.
Awareness of techniques and preparedness to meet challenges with security solutions such as Microsoft Defender Antivirus, which detects and blocks cryware and other harmful files, have become imperative.
With the introduction and growth of cryptocurrency, existing threats have evolved to target cryptocurrency tokens. Among the current threats leveraging cryptocurrency are:
Cryptojackers:
Cryptojackers are malicious software that accesses and uses device resources to its advantage without the target's consent. These threats have emerged and thrived with cryptocurrencies.
Ransomware:
Ransomware attackers often demand payments in cryptocurrency. The reason is simple: it provides anonymity, reducing the risk of identification.
Password and information thieves:
A growing number of information thieves find and steal hot wallet data in addition to sign-in credentials, system information, and keystrokes.
ClipBanker trojans:
The Clipboard Stealer tries to collect the user's clipboard and copies sensitive data such as banking information. In addition, cryptocurrency addresses are now being scanned by ClipBanker trojans.
Cryptocurrency trading can be exciting and profitable, but users and businesses need to stay vigilant because of the diverse attack surfaces. Security solutions should incorporate machine learning-based protection and several levels of dynamic protection.
Lock your hot wallet when you are not actively trading. There is usually a feature in wallet software that prevents transactions from being initiated without the user's knowledge
Disconnect yourself from all wallet-related sites. With a hot wallet, users can disconnect their wallet from the website or app when they aren't actively transacting on the decentralized finance (DeFi) platform
Be cautious of links to wallet websites and apps: Phishing websites frequently go to great lengths to appear legitimate.
When clicking links in emails and messaging apps, consider manually typing or searching for the website, and make sure their domains are accurately written to avoid phishing sites that use typo squatting and sound squatting
Check hot wallet transactions and approvals twice; check that the contract that requires permission is the one that was initiated
Never share private keys and seed phrases. These forms of sensitive information will never be required by a third party or even the wallet app creators
Taking preventative measures to protect yourself from threats like cryware is essential in the cryptocurrency world. Stay vigilant and be prepared to implement security solutions to keep your assets safe.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
© 2024 Packetlabs. All rights reserved.