Malware Infects Over 28,000 Users, Nets Only $6,000 in Crypto

Last updated:

Author

Ruholamin Haqshanas

Author

Ruholamin Haqshanas

About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto…

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

A recent wave of malware infections has impacted over 28,000 users, primarily targeting their devices to mine and steal crypto.

However, despite the scale of the operation, the hackers managed to secure only around $6,000 worth of digital assets, according to cybersecurity firm Doctor Web.

On October 8, Doctor Web revealed that the malware, which posed as legitimate software, infiltrated users’ devices by disguising itself as office tools, game cheats, and online trading bots.

Malware Targets Users Across Different Countries

The malware’s reach extended across several countries, including Russia, Belarus, Uzbekistan, Kazakhstan, Ukraine, Kyrgyzstan, and Turkey.

The cybercriminals employed sophisticated techniques to evade detection.

They used password-protected archives to bypass antivirus scans and disguised malicious files as system components.

The malware also relied on legitimate software to execute harmful scripts, making it more difficult for users to identify the threat.

Once installed, the malware utilized the infected device’s computing power to mine cryptocurrency.

Additionally, it featured a “Clipper” function, which monitored and altered crypto wallet addresses copied to the device’s clipboard.

This allowed the attackers to replace the user’s intended wallet address with one they controlled, diverting funds to their own accounts.

The cybersecurity firm noted that many users fell victim to the malware by downloading pirated software from fraudulent GitHub pages and malicious links found in YouTube video descriptions.

Doctor Web emphasized the importance of obtaining software from official sources to prevent such infections.

While the malware managed to infect tens of thousands of devices, the financial gains were surprisingly modest, with only around $6,000 stolen through altered wallet addresses.

The earnings from the crypto-mining activities remain unclear.

This incident follows a warning in September from Binance, a major cryptocurrency exchange, about increased activity from similar clipboard-changing malware, which led to notable losses for users.

More recently, it was revealed that cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

Fake Wallet App Steals $70K in Crypto

As reported, a fraudulent crypto wallet app on Google Play has stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.

The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.

The deceptive app managed to deceive over 10,000 users into downloading it, according to Check Point Research (CPR), the cybersecurity firm that uncovered the scam.

The scammers behind the app were well aware of the typical challenges faced by web3 users, such as compatibility issues and the lack of widespread support for WalletConnect across different wallets.

They cleverly marketed the fraudulent app as a solution to these problems, taking advantage of the absence of an official WalletConnect app on the Play Store.