Malicious Torrent Files Can Wreak Havoc on Your Cryptocurrency Wallets
If you have downloaded the movie, The Girl in the Spider’s Web, using a torrent tracker such as Pirate Bay (tsk, tsk), you might be the latest victim of a nasty library of malware designed to steal funds from your cryptocurrency wallet and to create a host of problems for your PC.
The movie file is armed with a host of malicious programs that can turn your Windows PC against you, hijacking your Google search functionality with heavily modified search results[1].
This particular set of files can even modify the appearance of certain web pages and ads in an attempt to further trick users into parting with their hard-earned funds.
For example, one such modification alters the appearance of Wikipedia to display a fake donation request that can be paid to cryptocurrency wallet addresses owned by the virus creators.
Judging from the relatively meager funds of these donation addresses — “One wallet is for Bitcoin and at the time of writing had $70 worth of cryptocurrency.
The other is for Ethereum and had a balance of almost ETH 4.6, or about $600” (source) — it doesn’t look like the creators have been terribly successful with this particular trick, but it’s worth being aware of this ploy to avoid becoming the latest victim.
Most critically for your own personal crypto wallets, the virus most recently hosted by the Girl in the Spider’s Web movie file attempts to steal your crypto funds through a clever wallet address-switching tactic that has been around for some time now, but is recently making an unwanted comeback.
This malware tricks you into sending your precious Bitcoin (BTC) or Ethereum (ETH) to the wrong address via a simple copy and paste swap that changes the target address to the thief’s wallet[2].
Explained in an article posted on Bleeping Computer that delves into details about a security researcher’s thorough examination of the malware, “The results returned a low detection rate and indicated a sample of CozyBear, a piece of malware used by an advanced threat actor known by the same name and a few others (APT29, CozyDuke, CozyCar, Grizzly Bear). The group was discovered in 2015 and is still active, targeting Windows platforms.”
Researcher Lawrence Abrams explains, “… along with ads and manipulating search results to show certain links first, the malware is also able to swap out cryptocurrency wallet addresses for ones owned by the attacker. This occurs when users use the copy+paste function on Windows PCs, and has appeared previously in other malware.” (source)
The easiest way to avoid this nasty activity on your computer, quite obviously, is to avoid downloading pirated files from sketchy sites and torrent trackers. But the most prudent crypto wallet user should not assume that their PC is perfectly safe just because they don’t frequent the Pirate Bay.
After all, many viruses might manage to live undetected on computers for long periods of time and may have been injected from a broad variety of possible sources. Even basic tools such as Chrome extensions have been known to be used as a method of malware injection.
Instead of assuming your wallets are completely secure, always check the accuracy of your wallet addresses whenever sending out funds to another wallet, particularly when copying and pasting addresses.
If using a hardware wallet, such as a Ledger Nano S[3], always use the monitor function to double-check the accuracy of receiving addresses, verifying that the address shown on the device matches the one displayed on your PC.
Another form of malicious activity often found on hapless Windows users’ PCs harnesses victim computers as miners, quietly working away and collecting crypto on behalf of the virus-injectors[4]. Most commonly, the privacy-centric Monero (XMR) is used.
This particularly popular privacy currency has often been mined via this nefarious approach, leaving little evidence of its sneaky behaviour due to its untraceable characteristics.
It has been estimated that nearly 5% of all Monero in circulation has been collected by malware mining programs which then send on the crypto proceeds to the wallets of virus-creators.
Read Next: 5 Bitcoin Hacks that Shaped Blockchain and Cryptocurrency
Although these sorts of viruses have been around for years now, the crypto boom of 2017 sparked a resurgence in their popularity as bad actors increased their criminal efforts to partake in the windfall of crypto wealth some have enjoyed[5].
It might be worth finally coughing up a few bucks and signing up to your favorite legal streaming service to save yourself some headaches and avoid the numerous hassles created and disseminated by these would-be thieves.
References
[2] https://cointelegraph.com/news/windows-torrent-file-malware-can-swap-out-crypto-addresses-researcher-warns
[3] https://www.ledger.com/
[4] https://www.virustotal.com/#/file/d5ae39e8e3116bf0a5e0006b238ed5043b41f10e1d681f4266ac8a7974dbd879/detection
[5] https://en.wikipedia.org/wiki/Main_Page
Disclaimer
The writer’s views are expressed as a personal opinion and are for information purposes only. It is not intended to be investment advice. Seek a duly licensed professional for investment advice.More Posts
Reasons Cryptocurrencies Are Becoming Increasing Popular
To this day, many experts continue to warn traders and investors against crypto trading for several reasons. But despite...
How to Avoid Losing In Cryptocurrency Trading Business
The rise of cryptocurrency since 2009 has come with many positive and negative opportunities. The value of many cryptocu...
Challenges Facing Crypto Exchanges & How to Solve Them
The major challenges cryptocurrency exchanges face. shutterstock.com Following the advent of Bitcoin in 2009, the probl...
Trading Overbought and Oversold Market Conditions Properly
Trading Overbought and Oversold Market Conditions. Shutterstock Images The class of indicators that can be used to trad...