Malware targets cryptocurrency wallets and browsers

The PennyWise malware is masquerading as crypto-coin mining software and being advertised in a variety of YouTube videos – showing that any communications method can be exploited for phishing attacks.

PennyWise malware on YouTube targets cryptocurrency wallets and browsers | TechRepublic

To help build confidence in the product, the threat actor has included a password for the archive – this is a common social engineering technique, to rapidly build trust between the threat actor and the victim. The threat actor has also added a link to the well respected website, VirusTotal, to assure you that the file you are downloading is clean of viruses and malware – this is of course total fiction. There is also “helpful” advice from the cyber criminal for you to turn off the virus and malware protection software on your computer if you have trouble downloading and installing their software! They reassure you that the software is completely safe!

Once installed, the malware targets a range of Chrome and Mozilla based browsers and Opera and Microsoft Edge – stealing various system data and information before trying exfiltrate:

Small RTF, DOC, DOCX, TXT and JSON files
If the malware detects a browser it knows, it extracts all the sensitive information it can, including login credentials, cookies, encryption keys etc.
Discord tokens
Telegram sessions
The registry is searched for a range of cryptocurrency wallets
Any cryptocurrency wallets in a range of folders are taken
A screenshot of the user’s screen is taken

This is all zipped up and then sent out to the threat actor’s servers.

You would think this type of attack would not work – but unfortunately it does. Someone somewhere will be looking for a cheap and easy way to get into crypto-mining and will search on YouTube for that video that will show them how to make money quickly.

It is this range of attacks, whether delivered by email, text, phone call – or now YouTube, we look at in our Social Engineering and Phishing Training. We also discuss:

Passwords, multi factor authentication and now passwordless best practice
Business email compromise attacks and defences
The do’s and don’t of social media
Insider threats – how you have to take cyber security steps even for your most trusted team members – let alone the night cleaner, caretaker or disgruntled employee
Anti-virus and advanced threat protection tools
Why you always listen to and obey the prompts from your anti-virus and anti-malware software
Plenty of options on how we deliver the training – choose the best to suit your situation

As well as bespoke training we have these options:

Cyber Awake | Train Your Team To Protect Against Cyber Attacks

Or this:

Social Engineering and Email Cyber Security Training

Clive Catton MSc (Cyber Security) – by-line and other articles

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.