Posted on September 4, 2020 at 4:40 PM
The cryptocurrency market has once more be hit with a new scandal as hackers find a new means to steal bitcoin and ether. Nefarious individuals who specialize in compromising Bitcoin wallets may have gotten a breakthrough solution to steal cryptocurrencies finally. To do this, they successfully created a new trojan, which is known as Krypto Cibule.
The Krypto Cibule makes use of computers that are infested. The power of these computers is then used to mine cryptocurrencies. They can also be used to steal wallet files containing cryptocurrency and reroute incoming digital monies to another address. This address is usually the address of the hacker.
Based on a reliable report from ESET, a cybersecurity establishment, the malware uses two digital tools to carry out its illegal activity. The malware is powered by the BitTorrent protocol and the Tor network. These tools help it performs its illegal attacks on unsuspecting owners of cryptocurrencies.
What is Krypto Cibule?
According to an official statement from researchers familiar with the discovery, there is an unconventional method that hackers use to steal cryptocurrencies. The Krypto Cibule gets spread by way of harmful torrents used for ZIP files.
These ZIP files contain some files also that pretend to be installation tools for games or software that were pirated or cracked. While detailing their report, the researchers quickly submitted that this is a fast-spreading threat to the cryptocurrency market.
Official reports say that malware is most prevalent in central European countries like the Czech Republic and Slovakia. In both of these countries, the malware has managed to execute hundreds of attacks successfully.
Malware finally exposed
According to discoveries by researchers, victims of the former Czechoslovakian country had downloaded the harmful malware online. The malware was contained in files that are present on a torrent website. This website is known to be a famous website for torrents for both countries. The website is known as uloz.to.
Researches with ESET were able to trace back the software to 2018. Its mining operations were coded into XMRig. XMRig is an open-coded program used to mine monero with the use of CPU and kawpowminer.
Kawpowminer is a different open-coded program used to mine Ethereum (ETH) through the use of GPU. Then both programs got installed in such a way as to link to a mining server controlled by a hacker. This connection is made through the Tor proxy.
Since hackers execute these operations though a strictly discrete manner, researchers have said that the trojan got very little attention from authorities.
To avoid the computer owner from becoming suspicious, the malware calls back the GPU miner if the battery goes below 30%. It then stops its operation whenever the battery goes below 10%.
This clipboard-hijacking process uses a cover-up file called SystemArchitectureTranslation.exe. It works by monitoring clipboard changes so that they can replace the addresses of the wallet with addresses that are controlled by the operator of the malware.
This way, funds are easily misdirected. The researchers further noted that as at the time of this report, the wallets used by the malware operators had forcefully obtained more than $1,800 in Ethereum and Bitcoin (BTC).
Exfiltration is done by going over the system of files of all available drives to find filenames that contain specific terms. Researchers from ESET connected this trojan to words that refer mostly to cryptocurrencies, miners, or wallets and more general terms such as crypto, password, and seed. Also targeted are files that provide information like private keys.
Based on the research team’s discovery, it is the use of openly-coded tools and a series of anti-detection mechanisms that possibly were able to keep the malware from being detected so far.
Furthermore, official report state that Krypto Cibule is still currently under development. This means that additional features have still been included in the trojan. The trojan is just two years old with formidable capabilities. Official reports state that it is being evolved by the developers to perform more secret and harmful attacks.
Based on a reliable cryptocurrency source report, hackers are already successful in plundering bitcoin cryptocurrencies by employing malicious relays on a large-scale over the Tor network. One of the tools used to performs this nefarious act is Tor, which is a privacy-oriented system of network that is common among investors of bitcoin across the world.