Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks.

The tech giant dubbed the new threat “cryware,” with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet.

Cryware are information stealers that collect and exfiltrate data directly from non-custodial cryptocurrency wallets, also known as hot wallets,” Berman Enconado and Laurie Kirk of the Microsoft 365 Defender Research Team said in a new report.

“Because hot wallets, unlike custodial wallets, are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions, more and more threats are targeting them.”

Attacks of this kind are not theoretical. Earlier this year, Kaspersky disclosed a financially-motivated campaign staged by the North Korea-based Lazarus Group, which involved targeting crypto companies with malware designed to drain funds out of hot wallets.

A hot wallet is also known as a hot wallet service, and it is one of the two types of cryptocurrency wallets. A cryptocurrency wallet can be categorized into a hot wallet and a cold wallet. The difference between the two is that the former requires an internet connection while the latter does not require one.

Mitigation recommendations: Microsoft is recommending users and organizations to lock hot wallets when not trading, disconnect sites connected to a wallet, avoid storing private keys in plaintext, and verify the value of the wallet address when copying and pasting the information.

Read Full Article Here

Source: THN