Cybersecurity experts at Palo Alto Networks discovered a virus called ComboJack while monitoring an email phishing campaign that targeted customers in Japan and the United States.
The virus steals Bitcoin, Ethereum, Monero and Litecoin. But not only cryptocurrency is the goal of ComboJack. It is also intended for fraudulent transactions with digital payment systems, the list of which includes Yandex.Money and WebMoney.
The potential victim is asked to open the attached file, after which the embedded RTF file with the CVE-2017-8759 exploit is automatically launched. It is he who frees up the hands of scammers and provides the ability to enter code and run PowerShell commands, which are used to execute the ComboJack script.
The program withdraws money by replacing the destination address of the crypto transaction with the address of the criminal’s wallet. The victims of the virus are users who do not check the destination address of transactions before approving them.
“The tactic is based on the fact that wallet addresses are usually long and difficult to remember. Most users prefer to copy such a string to the clipboard to prevent possible errors,” Palo Alto Networks experts write in the report.
The virus “lives” due to a vulnerability that Microsoft fixed in early fall last year. In order to protect themselves, users are advised to reinstall the system software.
The fact that such schemes still work suggests that users are still too trusting, which is successfully exploited by scammers.
According to https://researchcenter.paloaltonetworks.com
You May Also Like
Facebook users are being subjected to a new type of cybercrime - they are being asked to pay ransom in Bitcoin
The threats begin the moment the victim receives a small file with a personal password from an adult website in his email. Unlike other similar cases, victims claim that these passwords were valid. Cybercriminals claim that in order to obtain passwords, they infected videos on porn sites with a virus.
Two pseudo-ICOs raised $68 million in August alone
According to a recent Diar study, fraudulent ICOs cost investors almost $100 million. Researchers have counted funds stolen since the beginning of July 2016. According to Diar, in the first two weeks of August alone, two large-scale fraudulent ICOs managed to earn $68 million from unwary investors.
