What Happened
According to a recent report from cyber intelligence firm Cyble Research Labs, the newly developed cryptocurrency stealer named “PennyWise” uses multithreading to steal user data.The threat actors (TA) reportedly spread the PennyWise stealer as a link to download free Bitcoinmining software.
“When a user visits the link, the TA instructs them to download the malware hosted on the file hosting service. The malware file is zipped and password protected. To appear legitimate, the TA has shared a VirusTotal link of a clean file that is not related to the file available for download,” explained the Cyble researchers.
The malware targets a host of cold crypto wallets, including Ethereum and Zcash wallets. One feature that stands out in the malware’s design is that it will stop in its tracks if it identifies that the victim is based in Russia, Ukraine, Belarus, or Kazakhstan.
“This could indicate that the TA is trying to avoid scrutiny by Law Enforcement Agencies in these particular countries,” stated the researchers.
So far, reports that there are over 80 videos on the threat actor’s YouTube channel that appear to have been created for the purpose of mass infection.
Last month, cybercriminals targeted followers of Elon Musk with deepfake videos impersonating the Tesla Inc CEO. Users were encouraged to connect their crypto wallets to an illicit website and deposit Bitcoin.
