Malware malware or malicious software refers to harmful programs utilized by bad actors to illegally access and/or compromise a computer, network or server. dubbed Echelon spreads among cryptocurrency cryptocurrencies are digital currencies that use cryptographic technologies to secure their operation. groups on Telegram and Discord; targets wallets like Electrum, Exodus y Jaxx.
***
Hackers are targeting cryptocurrency users through a new malware spreading on messaging platforms like Telegram.
The cybersecurity firm Safeguard Cyber warned this week about a malware called ” Echelon “ which is programmed to steal cryptocurrency wallets. In a informe the firm’s Division Seven (D7) threat intelligence team indicated that a user identified as “Smokes Night“The malware has been sending the malware to various digital digital technologies are these electronic tools that have the ability to generate, store or even process data. currency currency is a medium of exchange that defines value. chats on the Telegram platform.
Some cybersecurity experts in the digital asset community took to Twitter over the weekend to warn about the threat.
Warning ❗️ An attack on thematic @telegram crypto chats ongoing now. The attackers use an account an account is essentially a whose purpose is to track the financial activities of a specific asset/ named “Smokes Night” to spread Echelon malware by dropping a file into the chat room.
TLDR: Disable auto-downloading in Telegram settings right now.
???? See the thread below ????
— CIA Officer (@officer_cia) December 25, 2021
It doesn’t just spread a price difference between asking and selling prices of the asset. on Telegram
Malware, a malicious software that infiltrates the device without the user’s knowledge, “ performs a variety of functions, targeting credentials, cryptographic wallets, and device details [mobile]. “, the report states.
According to the research, the virus computers are usually infected with a virus when a user unknowingly installs it via a downloaded file. aims to steal the data to access the following crypto-wallet applications: Armory ; AtomicWallet ; BitcoinCore ; ByteCoin ; DashCore ; Electrum ; Exodus ; Jaxx y LitecoinCore .
Other capabilities of the Echelon described by the researchers, in addition to the theft of credentials and data to breach crypto-wallets, is the domain detection and computer fingerprinting. The computer virus also attempts to take a screenshot of the victim’s device, experts warned.
On the other hand, Telegram users are not the only ones at risk, as hackers are also taking advantage of other platforms to spread the malicious virus. The cybersecurity team warned that the threat is present on messaging networks such as Discord discord is a web-based communication tool or application primarily built to enable communication between gamers. and the email service, Outlook as well as FTP and VPN platforms such as FileZilla y NordVPN .
While the malware spreads across multiple platforms, it poses a particularly serious risk to Telegram users due to the app’s built-in automatic download settings. This means that once the malware is received, the infected file is automatically downloaded to the victim’s device without the victim’s knowledge.
After that, victims are not obliged to run or close refers to the closing price; similar to the same term used in stock trading. any application, so the general recommendation for Telegram users is to disable the automatic download feature.
Hackers are looking for naive users
The cybersecurity report did not provide details on the malware’s success in terms of user reach or volume how much cryptocurrency has been traded over a set period, such as the past 24 hours. of funds stolen. In this regard, researchers at Safeguard Cyber said they did not consider the spread of the malware on Telegram to be part of a coordinated campaign, but rather “ targeted new or naive users “of the platform.
According to the investigation, the hackers distributed Echelon in a .rar file titled “present) .rar” which included three files: “pass – 123.txt”, a benign text document containing a password; “DotNetZip.dll”, a non-malicious class library and toolkit for manipulating .ZIP files; and “Present.exe”, the malicious executable that steals credentials.
Fortunately, they noted that Windows Defender detects and removes the malicious executable sample “Present.exe” and alerts it as ‘#LowFI: HookwowLow’, mitigating any potential harm from the malware for users with antivirus a piece of software designed to protect against malicious software and cyber attacks in general. software installed.
In recent times, messaging platforms such as Telegram have become a hotbed of activity for cybercriminals, who take advantage of these spaces for social interaction to spread attacks using bots, malicious accounts and other sophisticated mechanisms.
At the same time, digital currencies have become a favorite target for hackers to generate quick profits. According to another recent study the p Computer hackers stole more than USD $1 billion worth of cryptocurrencies during the third quarter of 2021.
- Download movie torrent Spider-Man: No way Home contains cryptomining malware
- Google shut down massive botnet that used the Bitcoin the biggest and most popular cryptocurrency in the world. It is a decentralized digital currency that enables users to make trustless peer-to-peer transactions. blockchain a distributed ledger system. A sequence of blocks, or units of digital information, stored consecutively in a public database. The basis for cryptocurrencies. to spread malware
- Malware attacking Electrum wallets stole 2 BTC from user in new attack
Sources: Finbold ,Threat Post
Article versioned by Hannah Estefania Perez / DiarioBitcoin
Image from Unsplash edited in Canva