Cybersecurity experts at Palo Alto Networks discovered a virus called ComboJack while monitoring an email phishing campaign that targeted customers in Japan and the United States.
The virus steals Bitcoin, Ethereum, Monero and Litecoin. But not only cryptocurrency is the goal of ComboJack. It is also intended for fraudulent transactions with digital payment systems, the list of which includes Yandex.Money and WebMoney.
The potential victim is asked to open the attached file, after which the embedded RTF file with the CVE-2017-8759 exploit is automatically launched. It is he who frees up the hands of scammers and provides the ability to enter code and run PowerShell commands, which are used to execute the ComboJack script.
The program withdraws money by replacing the destination address of the crypto transaction with the address of the criminal’s wallet. The victims of the virus are users who do not check the destination address of transactions before approving them.
“The tactic is based on the fact that wallet addresses are usually long and difficult to remember. Most users prefer to copy such a string to the clipboard to prevent possible errors,” Palo Alto Networks experts write in the report.
The virus “lives” due to a vulnerability that Microsoft fixed in early fall last year. In order to protect themselves, users are advised to reinstall the system software.
The fact that such schemes still work suggests that users are still too trusting, which is successfully exploited by scammers.
According to https://researchcenter.paloaltonetworks.com
You May Also Like
An attack known as a zero-day vulnerability hit routers in Brazil.
Fraudsters carried out a sophisticated stealth mining attack, infecting hundreds of thousands of MikroTik routers across Brazil. The goal of the attack is to create a massive XMR mining bot platform.
Cryptocurrency hacks are inevitable
The technology behind cryptocurrencies has the potential to completely change the financial system through decentralization, the elimination of intermediaries (banks), lowering the fees charged by these intermediaries, and faster international transfers. However, despite all the benefits, cryptocurrency hacks are still a problem that cannot be ignored.
