ComboJack malware tries to steal your Bitcoin Litecoin, Monero and Ethereum

Crypto-currencies have become a huge deal for people with big dreams of earning money without having to find a job. Tracking exchange rates and investigating money in a very fragile system appears to be a safer method for them. However, many specialists have anticipated the huge drop for Bitcoins, and are constantly reminding users that these investments are very unsafe. One day you could have Bitcoins worth of a million dollars, a few minutes later they can only be worth a couple of thousand.

Malspam messages urge users to download .pdf files of a scanned passport

These opposite opinions do not influence hackers’: they are more than happy to profit from crypto-currency-related scams. This time, we are reviewing a ComboJack malware, delivered thru deceptive email letters. The campaign for this scam appears to be rather big, and researchers are explaining that they have probably had more than a few victims.

ComboJack malware

Researchers from PaloAlto are the ones who alerted the Internet community of the new threat. They explained their findings in a blog post, telling the world that a new currency stealer has emerged. The attack is pretty simple. Hackers send deceptive email messages, mostly targeting people from American and United States.

The malspam contains text, explaining that a specific passport was found, and users should download the .pdf file which shows the scanned copy of the document. The user does not know that the file contains an embedded RTF file which has a remote object. If users agree to allow an embedded file to run, they will become a victim of this scam. After the technical procedures are completed (PowerShell is ran), a malicious payload is delivered into an operating system.

Not a new strategy of distribution, but still successful

User won’t be aware of the malware as it will proceed very secretly. ComboJack will then begin a circle process, constantly checking the clipboard to see whether a victim has copied a wallet address. If such activity is detected, the attackers will replace the copied wallet address with their own. This means that if user sends Bitcoins to the copied address, the coins will actually be transferred to hackers instead of the source they intended. Of course, this is a rather slow strategy as not all infected users will try to send crypto-currencies to wallets. However, it is a possibility and hackers hope to take advantage of it.

Researchers have mentioned that this type of attack is similar to a few ones in the past. However, people are still falling for them and becoming infected. If you do not want to suffer the same fate, we hope that you will try to make sure that a received email message comes from a legitimate source.

Source: researchcenter.paloaltonetwork.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments