Cybersecurity experts at Palo Alto Networks discovered a virus called ComboJack while monitoring an email phishing campaign that targeted customers in Japan and the United States.
The virus steals Bitcoin, Ethereum, Monero and Litecoin. But not only cryptocurrency is the goal of ComboJack. It is also intended for fraudulent transactions with digital payment systems, the list of which includes Yandex.Money and WebMoney.
The potential victim is asked to open the attached file, after which the embedded RTF file with the CVE-2017-8759 exploit is automatically launched. It is he who frees up the hands of scammers and provides the ability to enter code and run PowerShell commands, which are used to execute the ComboJack script.
The program withdraws money by replacing the destination address of the crypto transaction with the address of the criminal’s wallet. The victims of the virus are users who do not check the destination address of transactions before approving them.
“The tactic is based on the fact that wallet addresses are usually long and difficult to remember. Most users prefer to copy such a string to the clipboard to prevent possible errors,” Palo Alto Networks experts write in the report.
The virus “lives” due to a vulnerability that Microsoft fixed in early fall last year. In order to protect themselves, users are advised to reinstall the system software.
The fact that such schemes still work suggests that users are still too trusting, which is successfully exploited by scammers.
According to https://researchcenter.paloaltonetworks.com
You May Also Like
Hacked Facebook accounts are sold on the dark web
The data of each of Facebook's 50 million users, stolen in late September, is being sold on the dark web. After the social network announced the discovered vulnerability, the company hastened to officially announce that it had been fixed and that there was no threat to users. However, this data breach was one of the largest in the history of the social network, and now a fresh Facebook user database has appeared on underground online markets.
Crypto investors ranked third in the list of worst passwords
Cryptocurrency password management and storage company Dashlane yesterday released the third edition of its annual “Worst Passwords” list, which placed crypto investors in third place.
