ESET’s cyber security experts have published an in-depth study on a new malware called “KryptoCibule”. This exploit specifically targets Windows users with three attack methods, including installing a crypto mining app, directly stealing crypto wallet files, and replacing copy / pasted wallet addresses as a means. to hijack individual transactions.
According to the cybersecurity company, the developers of KryptoCibule rely on the Tor network and the BitTorrent protocol to coordinate attacks.
The original incarnation of the malware first appeared in December 2018. At the time, it was simply a Monero mining utility that silently gathered the user’s system resources to generate the currency. In February 2019, KryptoCibule evolved to include ways to exfiltrate crypto wallet files from victims’ machines. Since then, the malware has added a third dimension to its attack base with the inclusion of kawpowminer, an application that mines Ethereum (ETH).
ESET telemetry revealed that victims actively downloaded infected torrent files containing KryptoCibule via a file sharing site called Uloz. Most appear to be located in the Czech Republic and Slovakia.
The researchers noted that despite its age, the malware “doesn’t seem to have attracted much attention so far”:
“Allegedly the malware operators were able to make more money by stealing wallets and mining cryptocurrencies than we found in the wallets used by the clipboard hijacking component. The revenue generated by that component alone does not seem sufficient to justify the effort to observed development “.
Cybersecurity firm Symantec noted in August that Blockchain assets began to rise in price after the March slump, claiming that this triggered a new wave of cryptojacking attacks.