Article Reading Time:
1 min.
Cybersecurity experts from Cyble said that the new PennyWise malware, which steals crypto wallet data, is avoiding users from the CIS countries.
Crypto TrojanPennyWise is designed to steal cryptocurrencies from 30 different wallets and browser extensions. The name refers to the character of the Stephen King novel “It,” the clown Pennywise. Cyble believes that this software poses a real threat, including to owners of cold crypto wallets.
Data stolen from victims is received as follows:information about crypto extensions for Chromium and Mozilla based browsers, and also includes login information for wallets. In addition, the software can take screenshots and download chats in Telegram and Discord.
The program is aimed at such coldcrypto wallets like Atomic Wallet, Jaxx, Armory, Exodus, Guarda and any others that support Zcash and Ethereum. Cyble emphasized that the software can be distributed through mining tutorial videos on YouTube, which offer free Bitcoin (BTC) mining programs. Attackers create entire channels with such videos. In some of them, scammers offer users a free premium subscription to Spotify.
It is noteworthy that the malware does not work if the victim logs in via IP from Russia, Ukraine, Kazakhstan or Belarus.
At the beginning of the year, digital researchersecurity under the nickname 3xp0rt published a report on his blog where he talked about the new malware Mars Stealer, which, like PennyWise, bypasses residents of five CIS countries.
Read this:
Cryptocurrency theft malware videos appear on YouTube
LocalBitcoins has blocked the accounts of residents of 6 countries due to the requirements of the European Commission
eBay eyeing bitcoin
Trend Micro discovered a new hidden miner virus for Linux
New ransomware virus launches virtual machine to access files
New Panchan botnet infects Linux servers with miners