Pennywise, YouTube Crypto Thief – even worse than you thought
YouTube users are being warned to be vigilant after a new variant of cryptomalware designed to steal data from 30 crypto wallets was identified.
Pennywise, named after the vicious clown in Stephen King’s novel Itis designed to trick users into downloading malicious software, said cyber intelligence company Cyble.
The malware is disguised as free Bitcoin mining software by hackers, Cyble said. The popular video-sharing site YouTube seems to be the primary means of spreading malicious software, as hackers have created over 70 videos with links in the description of victims to download the “mining software”.
After downloading malicious software, victims are asked to disable their antivirus after being tricked by a virus-free file. The rest of the malware is downloaded to the victim’s device, and the use of an unknown encryption makes troubleshooting a difficult task.
Pennywise takes things a step further by using multithreading to steal data at a faster pace.
The malware has the ability to take screenshots and access data from discussion platforms such as Telegram and Discord. “Although the thief is recent, the threat actor (s) have already rolled out an updated version, 1.3.4.,” Cyble said.
Malware on YouTube targets browsers and wallets
Pennywise casts a huge shadow with several types of wallets that are directly threatened by malicious software.
The report noted that malware is currently targeting over 30 types of Chrome-based browsers, five Mozilla-based browsers and the Microsoft Edge browser. Cold wallets are also targeted at malicious software.
Pennywise targets victims globally, but excludes people from Russia, Belarus, Ukraine and Kazakhstan.
Cyble notes that the exclusion of these countries is likely “to avoid scrutiny by law enforcement agencies.”
Individuals have been advised to avoid clicking suspicious links on the Internet, use a strong password, and enable 2-factor authentication (2FA) on accounts.
The emergence of crypto-malware
Crypto-malware costs investors billions in losses. Colonial Pipeline fell victim in 2021, and the company had to pay $ 4.4 million in ransom to the attackers, considered to be DarkSide.
Law enforcement agencies have now begun to strike back. Last week, a member of the NetWalker ransom gang was brought to justice and pleaded guilty to money laundering in a US court.
NetWalker has raised nearly $ 50 million in illegal revenue since launching its operations in 2020, with hospitals and schools as its primary targets.
Disclaimer
All information on our website is published in good faith and for general information purposes only. Any action taken by the reader on the information contained on our website is strictly at your own risk.